Treat empty string as no password.
diff --git a/lib/zip_fopen_index_encrypted.c b/lib/zip_fopen_index_encrypted.c
index c14f8c5..1519585 100644
--- a/lib/zip_fopen_index_encrypted.c
+++ b/lib/zip_fopen_index_encrypted.c
@@ -45,6 +45,10 @@
zip_file_t *zf;
zip_source_t *src;
+ if (password != NULL && password[0] == '\0') {
+ password = NULL;
+ }
+
if ((src = _zip_source_zip_new(za, za, index, flags, 0, 0, password)) == NULL)
return NULL;
diff --git a/lib/zip_set_default_password.c b/lib/zip_set_default_password.c
index 70b2c3d..a53fd3d 100644
--- a/lib/zip_set_default_password.c
+++ b/lib/zip_set_default_password.c
@@ -45,7 +45,7 @@
free(za->default_password);
- if (passwd) {
+ if (passwd && passwd[0] != '\0') {
if ((za->default_password = strdup(passwd)) == NULL) {
zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
return -1;