Bug #44767: invalid memory reads in password() and

old_password() functions   
The PASSWORD() and OLD_PASSWORD() functions could lead to   
memory reads outside of an internal buffer when used with BLOB   
arguments.   
  
String::c_ptr() assumes there is at least one extra byte  
in the internally allocated buffer when adding the trailing  
'\0'.  This, however, may not be the case when a String object  
was initialized with externally allocated buffer.  
  
The bug was fixed by adding an additional "length" argument to  
make_scrambled_password_323() and make_scrambled_password() in  
order to avoid String::c_ptr() calls for  
PASSWORD()/OLD_PASSWORD().  
  
However, since the make_scrambled_password[_323] functions are  
a part of the client library ABI, the functions with the new  
interfaces were implemented with the 'my_' prefix in their  
names, with the old functions changed to be wrappers around  
the new ones to maintain interface compatibility.

mysql-test/r/func_crypt.result

@@ -95,3 +95,14 @@ Note	1003	select password(_latin1'idkfa ') AS `password('idkfa ')`,old_password(
 select encrypt('1234','_.');
 encrypt('1234','_.')
 #
+#
+# Bug #44767: invalid memory reads in password() and old_password() 
+#             functions
+#
+CREATE TABLE t1(c1 MEDIUMBLOB);
+INSERT INTO t1 VALUES (REPEAT('a', 1024));
+SELECT OLD_PASSWORD(c1), PASSWORD(c1) FROM t1;
+OLD_PASSWORD(c1)	PASSWORD(c1)
+77023ffe214c04ff	*82E58A2C08AAFE72C8EB523069CD8ADB33F78F58
+DROP TABLE t1;
+End of 5.0 tests