tyler.durden
/
notepad-plus-plus
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove SHA-256 hash checking from Plugins Admin 

Pass hash to check to WinGup. WinGup will verify sha-256 hash of zip package for the plugin installation and update.
This commit is contained in:
Don HO 2018-10-27 15:41:12 +02:00
parent c531a4d42a
commit b01a396668
2 changed files with 30 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.cpp
View File

@ -39,7 +39,6 @@
#include "localization.h"
#include "Processus.h"
#include "PluginsManager.h"
#include "sha-256.h"
#include "verifySignedFile.h"
#include "LongRunningOperation.h"
@ -504,10 +503,8 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
generic_string installedPluginPath = installedPluginFolder;
PathAppend(installedPluginPath, lwp->_pluginUpdateInfo->_folderName + TEXT(".dll"));
// check installed id to prevent from MITMA
char sha2hashStr[65] = { '\0' };
std::string content = getFileContent(installedPluginPath.c_str());
if (content.empty())
// check installed dll
if (!::PathFileExists(installedPluginPath.c_str()))
{
// Remove installed plugin
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
@ -522,60 +519,32 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
deleteFileOrFolder(installedPluginFolder);
return FALSE;
}
else
{
uint8_t sha2hash[32];
calc_sha_256(sha2hash, reinterpret_cast<const uint8_t*>(content.c_str()), content.length());
for (size_t i = 0; i < 32; i++)
{
sprintf(sha2hashStr + i * 2, "%02x", sha2hash[i]);
}
}
string s = ws2s(lwp->_pluginUpdateInfo->_id);
std::transform(s.begin(), s.end(), s.begin(), ::tolower);
if (s == sha2hashStr)
{
// Critical section
WaitForSingleObject(lwp->_mutex, INFINITE);
// Remove (Hide) installed plugin from available list
lwp->_uiAvailableList->hideFromPluginInfoPtr(lwp->_pluginUpdateInfo);
// Critical section
WaitForSingleObject(lwp->_mutex, INFINITE);
// Add installed plugin into insttalled list
PluginUpdateInfo* installedPui = new PluginUpdateInfo(*(lwp->_pluginUpdateInfo));
installedPui->_isVisible = true;
lwp->_uiInstalledList->pushBack(installedPui);
// Remove (Hide) installed plugin from available list
lwp->_uiAvailableList->hideFromPluginInfoPtr(lwp->_pluginUpdateInfo);
// Load installed plugin
vector<generic_string> dll2Remove;
int index = lwp->_pPluginsManager->loadPlugin(installedPluginPath.c_str(), dll2Remove);
lwp->_pPluginsManager->addInMenuFromPMIndex(index);
// Add installed plugin into insttalled list
PluginUpdateInfo* installedPui = new PluginUpdateInfo(*(lwp->_pluginUpdateInfo));
installedPui->_isVisible = true;
lwp->_uiInstalledList->pushBack(installedPui);
// Notify plugin that Notepad++ is ready
SCNotification scnN;
scnN.nmhdr.code = NPPN_READY;
scnN.nmhdr.hwndFrom = lwp->_hwnd;
scnN.nmhdr.idFrom = 0;
lwp->_pPluginsManager->notify(index, &scnN);
// Load installed plugin
vector<generic_string> dll2Remove;
int index = lwp->_pPluginsManager->loadPlugin(installedPluginPath.c_str(), dll2Remove);
lwp->_pPluginsManager->addInMenuFromPMIndex(index);
// End of Critical section
ReleaseMutex(lwp->_mutex);
}
else
{
// Remove installed plugin
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
pNativeSpeaker->messageBox("PluginIdNotMatchedWillBeRemoved",
NULL,
TEXT("The plugin \"$STR_REPLACE$\" ID is not correct. This plugin will be uninstalled."),
TEXT("Plugin ID mismathed"),
MB_OK | MB_APPLMODAL,
0,
lwp->_pluginUpdateInfo->_displayName.c_str());
// Notify plugin that Notepad++ is ready
SCNotification scnN;
scnN.nmhdr.code = NPPN_READY;
scnN.nmhdr.hwndFrom = lwp->_hwnd;
scnN.nmhdr.idFrom = 0;
lwp->_pPluginsManager->notify(index, &scnN);
deleteFileOrFolder(installedPluginFolder);
}
// End of Critical section
ReleaseMutex(lwp->_mutex);
}
else // wingup return non-zero (-1) -> Not OK
{
@ -607,6 +576,10 @@ bool PluginsAdminDlg::installPlugins()
updaterParams += TEXT(" ");
updaterParams += i->_repository;
// add zipFile's SHA-256 for checking
updaterParams += TEXT(" ");
updaterParams += i->_id;
LaunchWingupParams* lwp = new LaunchWingupParams;
lwp->_nppPluginsDir = nppPluginsDir;
lwp->_pluginUpdateInfo = i;
@ -658,6 +631,8 @@ bool PluginsAdminDlg::exitToUpdateRemovePlugins(bool isUpdate, const vector<Plug
updaterParams += i->_folderName;
updaterParams += TEXT(" ");
updaterParams += i->_repository;
updaterParams += TEXT(" ");
updaterParams += i->_id;
updaterParams += TEXT("\"");
}
else // clean
@ -815,17 +790,6 @@ PluginUpdateInfo::PluginUpdateInfo(const generic_string& fullFilePath, const gen
if (content.empty())
return;
uint8_t sha2hash[32];
calc_sha_256(sha2hash, reinterpret_cast<const uint8_t*>(content.c_str()), content.length());
char sha2hashStr[65] = {'\0'};
for (size_t i = 0; i < 32; i++)
{
sprintf(sha2hashStr + i*2, "%02x", sha2hash[i]);
}
WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance();
_id = wmc->char2wchar(sha2hashStr, CP_ACP);
_version.setVersionFrom(fullFilePath);
}

5
PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.h
View File

@ -84,10 +84,9 @@ struct PluginUpdateInfo
generic_string _sourceUrl;
generic_string _description;
generic_string _author;
generic_string _md5;
generic_string _id;
generic_string _id; // Plugin package ID: SHA-256 hash
generic_string _repository;
bool _isVisible = true; // if false then it should not be displayed
bool _isVisible = true; // if false then it should not be displayed
generic_string describe();
PluginUpdateInfo() {};