On Mon, 22 Aug 2005 13:39:02 +0200 (Romance Daylight Time) Michael Van Canneyt <[EMAIL PROTECTED]> wrote:
> > > On Mon, 22 Aug 2005, Mattias Gaertner wrote: > > > On Mon, 22 Aug 2005 10:45:04 +0300 > > Ido Kanner <[EMAIL PROTECTED]> wrote: > > > >> Hello all, > >> > >> There is a security advisory regarding SynEdit. > >> > >> Don't warry it's not that bad :) > > > > Yes it is. > > > > > >> It seems that by placing NULL Zerrow chars inside a text file, you can > >> hide from that point, the rest of the file content. That way I can give > >> you a code that may seems like implemention something X but hide more > >code > that will be compiled at the end by a programming language etc... > >> > >> The advisory btw was reported at: http://rgod.altervista.org/syn.html > >> > >> BTW I hope that there will be much more securiy advisory for Pascal > >based > programs/components. That way we will know that more and more > >people uses > this type of programs (Now I open Pandora's box) :) > > > > I fixed TSynPasSyn and TSynPHPSyn. Probably the other highlighters also > > have the problem. > > > > But what more troubling is, that the FCL TStrings, TStringList stop at > > #0 and some parts of synedit too. Because of this you can loose code and > > that's pretty bad. > > I don't see how you can loose code. If there is a #0 somewhere in your > source, the compiler won't compile it, this is for sure. > > What is more, delphi has the same behaviour. > > But the FCL should be fixed, this is for sure. Well, the #0 stop in the highlighters does not loose the code. But the same bug is in TStringList.SetTextStr and TStringList.LoadFromStream. If you do TStringList.LoadFromFile(filename) and TStringList.SaveToFile(filename) you loose everything behind the first #0. Mattias _________________________________________________________________ To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject archives at http://www.lazarus.freepascal.org/mailarchives
