Bug #10668: CREATE USER does not enforce username length limit

  This appears to have just been an oversight -- CREATE USER was not enforcing
  the existing username limitations.

3 files changed, 19 insertions, 1 deletions

diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result
index 3f3325354ee..bb69202f1df 100644
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@@ -867,3 +867,6 @@ insert into mysql.user select * from t2;
 flush privileges;
 drop table t2;
 drop table t1;
+create user mysqltest1_thisisreallytoolong;
+ERROR HY000: Operation CREATE USER failed for 'mysqltest1_thisisreallytoolong'@'%'
+End of 5.0 tests
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test
index a9d52f559ca..d025709cc21 100644
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -680,4 +680,10 @@ drop table t2;
 
 drop table t1;
 
+#
+# Bug #10668: CREATE USER does not enforce username length limit
+#
+--error ER_CANNOT_USER
+create user mysqltest1_thisisreallytoolong;
 
+--echo End of 5.0 tests
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index ae5ea210a47..3735f4403de 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -5220,7 +5220,16 @@ bool mysql_create_user(THD *thd, List <LEX_USER> &list)
     {
       result= TRUE;
       continue;
-    }  
+    }
+
+    if (user_name->host.length > HOSTNAME_LENGTH ||
+	user_name->user.length > USERNAME_LENGTH)
+    {
+      append_user(&wrong_users, user_name);
+      result= TRUE;
+      continue;
+    }
+
     /*
       Search all in-memory structures and grant tables
       for a mention of the new user name.