tyler.durden/notepad-plus-plus
1
0
Fork 0
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git synced 2025-07-24 22:34:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove SHA-256 hash checking from Plugins Admin

Browse Source 
Pass hash to check to WinGup. WinGup will verify sha-256 hash of zip package for the plugin installation and update.
This commit is contained in:
Don HO 2018-10-27 15:41:12 +02:00
parent c531a4d42a
commit b01a396668
2 changed files with 30 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.cpp
View File

@ -39,7 +39,6 @@
#include "localization.h" #include "localization.h"
#include "Processus.h" #include "Processus.h"
#include "PluginsManager.h" #include "PluginsManager.h"
#include "sha-256.h"
#include "verifySignedFile.h" #include "verifySignedFile.h"
#include "LongRunningOperation.h" #include "LongRunningOperation.h"
@ -504,10 +503,8 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
generic_string installedPluginPath = installedPluginFolder; generic_string installedPluginPath = installedPluginFolder;
PathAppend(installedPluginPath, lwp->_pluginUpdateInfo->_folderName + TEXT(".dll")); PathAppend(installedPluginPath, lwp->_pluginUpdateInfo->_folderName + TEXT(".dll"));
// check installed id to prevent from MITMA // check installed dll
char sha2hashStr[65] = { '\0' }; if (!::PathFileExists(installedPluginPath.c_str()))
std::string content = getFileContent(installedPluginPath.c_str());
if (content.empty())
{ {
// Remove installed plugin // Remove installed plugin
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker(); NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
@ -522,20 +519,7 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
deleteFileOrFolder(installedPluginFolder); deleteFileOrFolder(installedPluginFolder);
return FALSE; return FALSE;
} }
else
{
uint8_t sha2hash[32];
calc_sha_256(sha2hash, reinterpret_cast<const uint8_t*>(content.c_str()), content.length());
for (size_t i = 0; i < 32; i++)
{
sprintf(sha2hashStr + i * 2, "%02x", sha2hash[i]);
}
}
string s = ws2s(lwp->_pluginUpdateInfo->_id);
std::transform(s.begin(), s.end(), s.begin(), ::tolower);
if (s == sha2hashStr)
{
// Critical section // Critical section
WaitForSingleObject(lwp->_mutex, INFINITE); WaitForSingleObject(lwp->_mutex, INFINITE);
@ -562,21 +546,6 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
// End of Critical section // End of Critical section
ReleaseMutex(lwp->_mutex); ReleaseMutex(lwp->_mutex);
} }
else
{
// Remove installed plugin
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
pNativeSpeaker->messageBox("PluginIdNotMatchedWillBeRemoved",
NULL,
TEXT("The plugin \"$STR_REPLACE$\" ID is not correct. This plugin will be uninstalled."),
TEXT("Plugin ID mismathed"),
MB_OK | MB_APPLMODAL,
0,
lwp->_pluginUpdateInfo->_displayName.c_str());
deleteFileOrFolder(installedPluginFolder);
}
}
else // wingup return non-zero (-1) -> Not OK else // wingup return non-zero (-1) -> Not OK
{ {
// just move on // just move on
@ -607,6 +576,10 @@ bool PluginsAdminDlg::installPlugins()
updaterParams += TEXT(" "); updaterParams += TEXT(" ");
updaterParams += i->_repository; updaterParams += i->_repository;
// add zipFile's SHA-256 for checking
updaterParams += TEXT(" ");
updaterParams += i->_id;
LaunchWingupParams* lwp = new LaunchWingupParams; LaunchWingupParams* lwp = new LaunchWingupParams;
lwp->_nppPluginsDir = nppPluginsDir; lwp->_nppPluginsDir = nppPluginsDir;
lwp->_pluginUpdateInfo = i; lwp->_pluginUpdateInfo = i;
@ -658,6 +631,8 @@ bool PluginsAdminDlg::exitToUpdateRemovePlugins(bool isUpdate, const vector<Plug
updaterParams += i->_folderName; updaterParams += i->_folderName;
updaterParams += TEXT(" "); updaterParams += TEXT(" ");
updaterParams += i->_repository; updaterParams += i->_repository;
updaterParams += TEXT(" ");
updaterParams += i->_id;
updaterParams += TEXT("\""); updaterParams += TEXT("\"");
} }
else // clean else // clean
@ -815,17 +790,6 @@ PluginUpdateInfo::PluginUpdateInfo(const generic_string& fullFilePath, const gen
if (content.empty()) if (content.empty())
return; return;
uint8_t sha2hash[32];
calc_sha_256(sha2hash, reinterpret_cast<const uint8_t*>(content.c_str()), content.length());
char sha2hashStr[65] = {'\0'};
for (size_t i = 0; i < 32; i++)
{
sprintf(sha2hashStr + i*2, "%02x", sha2hash[i]);
}
WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance();
_id = wmc->char2wchar(sha2hashStr, CP_ACP);
_version.setVersionFrom(fullFilePath); _version.setVersionFrom(fullFilePath);
} }

3
PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.h
View File

@ -84,8 +84,7 @@ struct PluginUpdateInfo
generic_string _sourceUrl; generic_string _sourceUrl;
generic_string _description; generic_string _description;
generic_string _author; generic_string _author;
generic_string _md5; generic_string _id; // Plugin package ID: SHA-256 hash
generic_string _id;
generic_string _repository; generic_string _repository;
bool _isVisible = true; // if false then it should not be displayed bool _isVisible = true; // if false then it should not be displayed