mirror of
https://github.com/notepad-plus-plus/notepad-plus-plus.git
synced 2025-07-23 22:04:55 +02:00
Remove SHA-256 hash checking from Plugins Admin
Pass hash to check to WinGup. WinGup will verify sha-256 hash of zip package for the plugin installation and update.
This commit is contained in:
parent
c531a4d42a
commit
b01a396668
@ -39,7 +39,6 @@
|
|||||||
#include "localization.h"
|
#include "localization.h"
|
||||||
#include "Processus.h"
|
#include "Processus.h"
|
||||||
#include "PluginsManager.h"
|
#include "PluginsManager.h"
|
||||||
#include "sha-256.h"
|
|
||||||
#include "verifySignedFile.h"
|
#include "verifySignedFile.h"
|
||||||
#include "LongRunningOperation.h"
|
#include "LongRunningOperation.h"
|
||||||
|
|
||||||
@ -504,10 +503,8 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
|
|||||||
generic_string installedPluginPath = installedPluginFolder;
|
generic_string installedPluginPath = installedPluginFolder;
|
||||||
PathAppend(installedPluginPath, lwp->_pluginUpdateInfo->_folderName + TEXT(".dll"));
|
PathAppend(installedPluginPath, lwp->_pluginUpdateInfo->_folderName + TEXT(".dll"));
|
||||||
|
|
||||||
// check installed id to prevent from MITMA
|
// check installed dll
|
||||||
char sha2hashStr[65] = { '\0' };
|
if (!::PathFileExists(installedPluginPath.c_str()))
|
||||||
std::string content = getFileContent(installedPluginPath.c_str());
|
|
||||||
if (content.empty())
|
|
||||||
{
|
{
|
||||||
// Remove installed plugin
|
// Remove installed plugin
|
||||||
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
|
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
|
||||||
@ -522,60 +519,32 @@ DWORD WINAPI PluginsAdminDlg::launchPluginInstallerThread(void* params)
|
|||||||
deleteFileOrFolder(installedPluginFolder);
|
deleteFileOrFolder(installedPluginFolder);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
uint8_t sha2hash[32];
|
|
||||||
calc_sha_256(sha2hash, reinterpret_cast<const uint8_t*>(content.c_str()), content.length());
|
|
||||||
|
|
||||||
for (size_t i = 0; i < 32; i++)
|
|
||||||
{
|
|
||||||
sprintf(sha2hashStr + i * 2, "%02x", sha2hash[i]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
string s = ws2s(lwp->_pluginUpdateInfo->_id);
|
|
||||||
std::transform(s.begin(), s.end(), s.begin(), ::tolower);
|
|
||||||
if (s == sha2hashStr)
|
|
||||||
{
|
|
||||||
// Critical section
|
|
||||||
WaitForSingleObject(lwp->_mutex, INFINITE);
|
|
||||||
|
|
||||||
// Remove (Hide) installed plugin from available list
|
// Critical section
|
||||||
lwp->_uiAvailableList->hideFromPluginInfoPtr(lwp->_pluginUpdateInfo);
|
WaitForSingleObject(lwp->_mutex, INFINITE);
|
||||||
|
|
||||||
// Add installed plugin into insttalled list
|
// Remove (Hide) installed plugin from available list
|
||||||
PluginUpdateInfo* installedPui = new PluginUpdateInfo(*(lwp->_pluginUpdateInfo));
|
lwp->_uiAvailableList->hideFromPluginInfoPtr(lwp->_pluginUpdateInfo);
|
||||||
installedPui->_isVisible = true;
|
|
||||||
lwp->_uiInstalledList->pushBack(installedPui);
|
|
||||||
|
|
||||||
// Load installed plugin
|
// Add installed plugin into insttalled list
|
||||||
vector<generic_string> dll2Remove;
|
PluginUpdateInfo* installedPui = new PluginUpdateInfo(*(lwp->_pluginUpdateInfo));
|
||||||
int index = lwp->_pPluginsManager->loadPlugin(installedPluginPath.c_str(), dll2Remove);
|
installedPui->_isVisible = true;
|
||||||
lwp->_pPluginsManager->addInMenuFromPMIndex(index);
|
lwp->_uiInstalledList->pushBack(installedPui);
|
||||||
|
|
||||||
// Notify plugin that Notepad++ is ready
|
// Load installed plugin
|
||||||
SCNotification scnN;
|
vector<generic_string> dll2Remove;
|
||||||
scnN.nmhdr.code = NPPN_READY;
|
int index = lwp->_pPluginsManager->loadPlugin(installedPluginPath.c_str(), dll2Remove);
|
||||||
scnN.nmhdr.hwndFrom = lwp->_hwnd;
|
lwp->_pPluginsManager->addInMenuFromPMIndex(index);
|
||||||
scnN.nmhdr.idFrom = 0;
|
|
||||||
lwp->_pPluginsManager->notify(index, &scnN);
|
|
||||||
|
|
||||||
// End of Critical section
|
// Notify plugin that Notepad++ is ready
|
||||||
ReleaseMutex(lwp->_mutex);
|
SCNotification scnN;
|
||||||
}
|
scnN.nmhdr.code = NPPN_READY;
|
||||||
else
|
scnN.nmhdr.hwndFrom = lwp->_hwnd;
|
||||||
{
|
scnN.nmhdr.idFrom = 0;
|
||||||
// Remove installed plugin
|
lwp->_pPluginsManager->notify(index, &scnN);
|
||||||
NativeLangSpeaker *pNativeSpeaker = (NppParameters::getInstance())->getNativeLangSpeaker();
|
|
||||||
pNativeSpeaker->messageBox("PluginIdNotMatchedWillBeRemoved",
|
|
||||||
NULL,
|
|
||||||
TEXT("The plugin \"$STR_REPLACE$\" ID is not correct. This plugin will be uninstalled."),
|
|
||||||
TEXT("Plugin ID mismathed"),
|
|
||||||
MB_OK | MB_APPLMODAL,
|
|
||||||
0,
|
|
||||||
lwp->_pluginUpdateInfo->_displayName.c_str());
|
|
||||||
|
|
||||||
deleteFileOrFolder(installedPluginFolder);
|
// End of Critical section
|
||||||
}
|
ReleaseMutex(lwp->_mutex);
|
||||||
}
|
}
|
||||||
else // wingup return non-zero (-1) -> Not OK
|
else // wingup return non-zero (-1) -> Not OK
|
||||||
{
|
{
|
||||||
@ -607,6 +576,10 @@ bool PluginsAdminDlg::installPlugins()
|
|||||||
updaterParams += TEXT(" ");
|
updaterParams += TEXT(" ");
|
||||||
updaterParams += i->_repository;
|
updaterParams += i->_repository;
|
||||||
|
|
||||||
|
// add zipFile's SHA-256 for checking
|
||||||
|
updaterParams += TEXT(" ");
|
||||||
|
updaterParams += i->_id;
|
||||||
|
|
||||||
LaunchWingupParams* lwp = new LaunchWingupParams;
|
LaunchWingupParams* lwp = new LaunchWingupParams;
|
||||||
lwp->_nppPluginsDir = nppPluginsDir;
|
lwp->_nppPluginsDir = nppPluginsDir;
|
||||||
lwp->_pluginUpdateInfo = i;
|
lwp->_pluginUpdateInfo = i;
|
||||||
@ -658,6 +631,8 @@ bool PluginsAdminDlg::exitToUpdateRemovePlugins(bool isUpdate, const vector<Plug
|
|||||||
updaterParams += i->_folderName;
|
updaterParams += i->_folderName;
|
||||||
updaterParams += TEXT(" ");
|
updaterParams += TEXT(" ");
|
||||||
updaterParams += i->_repository;
|
updaterParams += i->_repository;
|
||||||
|
updaterParams += TEXT(" ");
|
||||||
|
updaterParams += i->_id;
|
||||||
updaterParams += TEXT("\"");
|
updaterParams += TEXT("\"");
|
||||||
}
|
}
|
||||||
else // clean
|
else // clean
|
||||||
@ -815,17 +790,6 @@ PluginUpdateInfo::PluginUpdateInfo(const generic_string& fullFilePath, const gen
|
|||||||
if (content.empty())
|
if (content.empty())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
uint8_t sha2hash[32];
|
|
||||||
calc_sha_256(sha2hash, reinterpret_cast<const uint8_t*>(content.c_str()), content.length());
|
|
||||||
char sha2hashStr[65] = {'\0'};
|
|
||||||
|
|
||||||
for (size_t i = 0; i < 32; i++)
|
|
||||||
{
|
|
||||||
sprintf(sha2hashStr + i*2, "%02x", sha2hash[i]);
|
|
||||||
}
|
|
||||||
|
|
||||||
WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance();
|
|
||||||
_id = wmc->char2wchar(sha2hashStr, CP_ACP);
|
|
||||||
_version.setVersionFrom(fullFilePath);
|
_version.setVersionFrom(fullFilePath);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -84,10 +84,9 @@ struct PluginUpdateInfo
|
|||||||
generic_string _sourceUrl;
|
generic_string _sourceUrl;
|
||||||
generic_string _description;
|
generic_string _description;
|
||||||
generic_string _author;
|
generic_string _author;
|
||||||
generic_string _md5;
|
generic_string _id; // Plugin package ID: SHA-256 hash
|
||||||
generic_string _id;
|
|
||||||
generic_string _repository;
|
generic_string _repository;
|
||||||
bool _isVisible = true; // if false then it should not be displayed
|
bool _isVisible = true; // if false then it should not be displayed
|
||||||
|
|
||||||
generic_string describe();
|
generic_string describe();
|
||||||
PluginUpdateInfo() {};
|
PluginUpdateInfo() {};
|
||||||
|
Loading…
x
Reference in New Issue
Block a user