On Fri, 4 May 2007 14:20:22 +1000
John Beckett [EMAIL PROTECTED] wrote:
I mentioned that the first step for point 4 should (IMHO) be
rejecting any modeline beyond some fairly small maximum size.
Most previous exploits have been exploitable with far below the line
length that is reasonably used
Patch 7.0.242 (extra)
Problem:Win32: Using -register in a Vim that does not support OLE causes
a crash.
Solution: Don't use EMSG() but mch_errmsg(). Check p_go for being NULL.
(partly by Michael Wookey)
Files: src/gui_w32.c
*** ../vim-7.0.241/src/gui_w32.c
Ciaran McCreesh wrote:
100 bytes is more than enough room to download and execute
a file that contains the real malicious code.
I actually agree that it is extremely unlikely that a length
check would make modelines more secure, but I'm being
argumentative because it's irritating to be
