On Mon, 22 Aug 2005 10:45:04 +0300 Ido Kanner <[EMAIL PROTECTED]> wrote:
> Hello all, > > There is a security advisory regarding SynEdit. > > Don't warry it's not that bad :) Yes it is. > It seems that by placing NULL Zerrow chars inside a text file, you can > hide from that point, the rest of the file content. That way I can give > you a code that may seems like implemention something X but hide more code > that will be compiled at the end by a programming language etc... > > The advisory btw was reported at: http://rgod.altervista.org/syn.html > > BTW I hope that there will be much more securiy advisory for Pascal based > programs/components. That way we will know that more and more people uses > this type of programs (Now I open Pandora's box) :) I fixed TSynPasSyn and TSynPHPSyn. Probably the other highlighters also have the problem. But what more troubling is, that the FCL TStrings, TStringList stop at #0 and some parts of synedit too. Because of this you can loose code and that's pretty bad. I fixed a few things in synedit. Mattias _________________________________________________________________ To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject archives at http://www.lazarus.freepascal.org/mailarchives
