From 763be7b30523afd0c28583051efe3a1fe011ac85 Mon Sep 17 00:00:00 2001
From: Kaimtazian Maksim <m.kaitmazian@picodata.io>
Date: Thu, 20 Jul 2023 11:04:14 +0300
Subject: [PATCH] fix: allow empty password and username in MD5

It fixes the following assertion
```bash
tarantool: ./src/lib/core/crypt.c:84: md5_encrypt:
Assertion `password_len + salt_len > 0' failed.
```
caused by the following code
```lua
box.cfg{auth_type='md5'}
box.schema.user.password("")
```

NO_CHANGELOG=fix an unreleased feature
NO_DOC=fix an unreleased feature
---
 src/lib/core/crypt.c                                        | 6 +++++-
 .../gl_21_make_user_name_argument_optional_test.lua         | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/core/crypt.c b/src/lib/core/crypt.c
index 412e70a8cb..7f8802b069 100644
--- a/src/lib/core/crypt.c
+++ b/src/lib/core/crypt.c
@@ -81,7 +81,11 @@ void
 md5_encrypt(const char *password, size_t password_len,
 	    const char *salt, size_t salt_len, char *buf)
 {
-	assert(password_len + salt_len > 0);
+	if (password_len + salt_len == 0) {
+		memcpy(buf, "md5", strlen("md5"));
+		md5_hash("", 0, buf + strlen("md5"));
+		return;
+	}
 
 	char *crypt_buf = xmalloc(password_len + salt_len);
 	/*
diff --git a/test/box-luatest/gl_21_make_user_name_argument_optional_test.lua b/test/box-luatest/gl_21_make_user_name_argument_optional_test.lua
index 6b1c8c6ce7..a0f0948f32 100644
--- a/test/box-luatest/gl_21_make_user_name_argument_optional_test.lua
+++ b/test/box-luatest/gl_21_make_user_name_argument_optional_test.lua
@@ -15,7 +15,8 @@ end)
 g.test_box_password_without_username_argument = function()
     t.assert(g.server:exec(function()
         box.cfg{auth_type='chap-sha1'}
-
+        t.assert_equals(box.schema.user.password("", ""),
+                        'vhvewKp0tNyweZQ+cFKAlsyphfg=')
         t.assert_equals(box.schema.user.password("qwerty", box.session.user()),
                         'qhQg8YLoi55fh09vvnRZKR6PRgE=')
         t.assert_equals(box.schema.user.password("qwerty"),
@@ -24,7 +25,10 @@ g.test_box_password_without_username_argument = function()
         --- so the passwords must be equal
         t.assert_equals(box.schema.user.password("qwerty"),
                         box.schema.user.password("qwerty", "???"))
+
         box.cfg{auth_type='md5'}
+        t.assert_equals(box.schema.user.password("", ""),
+                        'md5d41d8cd98f00b204e9800998ecf8427e')
         t.assert_equals(box.schema.user.password("qwerty", ""),
                         'md5d8578edf8458ce06fbc5bb76a58c5ca4')
         t.assert_equals(box.schema.user.password("qwerty"),
-- 
GitLab