On Mon, 22 Aug 2005, Mattias Gaertner wrote:
On Mon, 22 Aug 2005 10:45:04 +0300
Ido Kanner <[EMAIL PROTECTED]> wrote:
Hello all,
There is a security advisory regarding SynEdit.
Don't warry it's not that bad :)
Yes it is.
It seems that by placing NULL Zerrow chars inside a text file, you can
hide from that point, the rest of the file content. That way I can give
you a code that may seems like implemention something X but hide more code
that will be compiled at the end by a programming language etc...
The advisory btw was reported at: http://rgod.altervista.org/syn.html
BTW I hope that there will be much more securiy advisory for Pascal based
programs/components. That way we will know that more and more people uses
this type of programs (Now I open Pandora's box) :)
I fixed TSynPasSyn and TSynPHPSyn. Probably the other highlighters also have
the problem.
But what more troubling is, that the FCL TStrings, TStringList stop at #0
and some parts of synedit too. Because of this you can loose code and that's
pretty bad.
I don't see how you can loose code. If there is a #0 somewhere in your source,
the compiler won't compile it, this is for sure.
What is more, delphi has the same behaviour.
But the FCL should be fixed, this is for sure.
Michael.
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
