empty password is a valid password, don't crash

3 files changed, 8 insertions, 1 deletions

diff --git a/mysql-test/r/set_password.result b/mysql-test/r/set_password.result
index f0faeda1974..315d0bef9fb 100644
--- a/mysql-test/r/set_password.result
+++ b/mysql-test/r/set_password.result
@@ -174,4 +174,8 @@ connection default;
 select user,host,password,plugin,authentication_string from mysql.user where user='foo';
 user	host	password	plugin	authentication_string
 foo	localhost		mysql_native_password	*E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB
+set password for 'foo'@'localhost' = '';
+select user,host,password,plugin,authentication_string from mysql.user where user='foo';
+user	host	password	plugin	authentication_string
+foo	localhost		mysql_native_password	
 drop user foo@localhost;
diff --git a/mysql-test/t/set_password.test b/mysql-test/t/set_password.test
index 4d8010d3b25..fc1ecb5ef5c 100644
--- a/mysql-test/t/set_password.test
+++ b/mysql-test/t/set_password.test
@@ -142,4 +142,6 @@ show grants;
 --disconnect foo
 --connection default
 select user,host,password,plugin,authentication_string from mysql.user where user='foo';
+set password for 'foo'@'localhost' = '';
+select user,host,password,plugin,authentication_string from mysql.user where user='foo';
 drop user foo@localhost;
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index d550aa1feb8..1809e22ffbf 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -3864,7 +3864,8 @@ void set_authentication_plugin_from_password(const User_table& user_table,
                                              const char* password,
                                              uint password_length)
 {
-  if (password_length == SCRAMBLED_PASSWORD_CHAR_LENGTH)
+  if (password_length == SCRAMBLED_PASSWORD_CHAR_LENGTH ||
+      password_length == 0)
   {
     user_table.plugin()->store(native_password_plugin_name.str,
                                native_password_plugin_name.length,