MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash when usi…

…ng cracklib plugin Do not allow NULL password to pass directly to password validation plugin.
MariaDB · May 5, 2016 · 1512078 · 1512078
1 parent edbd0ce
commit 1512078
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 1 deletion.
diff --git a/mysql-test/suite/plugins/r/cracklib_password_check.result b/mysql-test/suite/plugins/r/cracklib_password_check.result
@@ -39,6 +39,12 @@ Warning	1819	cracklib: it is based on a dictionary word
 Error	1819	Your password does not satisfy the current policy requirements
 grant select on *.* to foobar identified by 'q$%^&*rty';
 drop user foobar;
+#
+# MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash
+# when using cracklib plugin
+#
+create user 'newuser'@'localhost';
+ERROR HY000: Your password does not satisfy the current policy requirements
 uninstall plugin cracklib_password_check;
 create user foo1 identified by 'pwd';
 drop user foo1;
diff --git a/mysql-test/suite/plugins/r/simple_password_check.result b/mysql-test/suite/plugins/r/simple_password_check.result
@@ -72,6 +72,8 @@ READ_ONLY	NO
 COMMAND_LINE_ARGUMENT	REQUIRED
 create user foo1 identified by 'pwd';
 ERROR HY000: Your password does not satisfy the current policy requirements
+create user foo1;
+ERROR HY000: Your password does not satisfy the current policy requirements
 grant select on *.* to foo1 identified by 'pwd';
 ERROR HY000: Your password does not satisfy the current policy requirements
 grant select on *.* to `FooBar1!` identified by 'FooBar1!';

diff --git a/mysql-test/suite/plugins/t/cracklib_password_check.test b/mysql-test/suite/plugins/t/cracklib_password_check.test
@@ -30,6 +30,14 @@ show warnings;
 grant select on *.* to foobar identified by 'q$%^&*rty';
 drop user foobar;
 
+--echo #
+--echo # MDEV-9851: CREATE USER w/o IDENTIFIED BY clause causes crash
+--echo # when using cracklib plugin
+--echo #
+
+--error ER_NOT_VALID_PASSWORD
+create user 'newuser'@'localhost';
+
 uninstall plugin cracklib_password_check;
 
 create user foo1 identified by 'pwd';

diff --git a/mysql-test/suite/plugins/t/simple_password_check.test b/mysql-test/suite/plugins/t/simple_password_check.test
@@ -16,6 +16,10 @@ select * from information_schema.system_variables where variable_name like 'simp
 --error ER_NOT_VALID_PASSWORD
 create user foo1 identified by 'pwd';
 
+# Create user with no password.
+--error ER_NOT_VALID_PASSWORD
+create user foo1;
+
 --error ER_NOT_VALID_PASSWORD
 grant select on *.* to foo1 identified by 'pwd';
 

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
@@ -899,7 +899,9 @@ static bool validate_password(LEX_USER *user)
 {
   if (user->pwtext.length || !user->pwhash.length)
   {
-    struct validation_data data= { &user->user, &user->pwtext };
+    struct validation_data data= { &user->user,
+                                   user->pwtext.str ? &user->pwtext :
+                                   const_cast<LEX_STRING *>(&empty_lex_str) };
     if (plugin_foreach(NULL, do_validate,
                        MariaDB_PASSWORD_VALIDATION_PLUGIN, &data))
     {