A possible buffer overflow in index.php

[TMcomputing]

index.php?action=login2", using HTTP method POST. The sent post-data was: "cookielength=-1&passwrd=FrAmE30.&user=auqczKQLzgjJgQPqbuNBdPXjyAdOajhRtZBQIIptMWWtdljgXvETAHtTiMaJYvaKLXuLbZuEAkgjdecjtSzYfqKINfJLDpDbFRhvqlImZZKncCyxzblISNmfHmEDMjmGujcIIwCAEzatEdywAarQnwsHGgadgaHJAHiigFrXlHrueuUnUjPWDCodyFfPYmGugwoONuKdehUkRwWmBFJNLoPCdddkEsCYXNUNqJKpQoPiBTLxgMSuBLZjvPgKVPDNNxwmlMxolwOmXcoZLixYrJygfdPJjhboUhBlCvbTJOeWkaGCXiuZZbkZIFHDJCyMbswjaYapOejdwKCQVaZAoXzyviTaqbZslLzEcSeCuVZjWMOcVxGBBMsaFxxNvNXEAqZHpLJihYskghUVLyMuwsiiJttbWosvaKhqpFVOMfvelShWJVgvNYLGqrhmdzkfnuVyFrgUcBMYuWdUNSaFERpDhqrSKdkHGtXAOqRFGXirdokyJWKEuiwzzUxnAguka&hash_passwrd=FrAmE30.".

This can be exploited

[kat]

Care to fill one of these in, TM?

http://www.simplemachines.org/about/smf/security.php

[IchBin™]

And by all means, feel free to include how you think it can be exploited. Any proof of concept would help.

[TMcomputing]

How be I just tell you how to fix it... when logging in the user and password lengths need to be limited.. to say... 24 characters. I am not talking about the form input size.. I am talking about sanitizing the input and limiting the length of input received.
Cheers!

[emanuele]

The user name is already limited at registration, so it make sense to cut it down also during the login...maybe just a bit longer in order to allow recover from typos.

[Arantor]

Well, I can't immediately see how it can be exploited, but I've added a command to cut it down in both the next 2.0 patch as well as 2.1. Thanks for the report.