tyler.durden/notepad-plus-plus
1
0
Fork 0
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git synced 2025-07-27 07:44:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

[EU-FOSSA] Fix EXE Hijacking of gup.exe launched by Notepad++

Browse Source 
Notepad++ launches updater (gup.exe) without checking the signature, that makes exe hacking possible.
The fix is to check updater binary's signature before launching it.
This commit is contained in:
Don HO 2019-01-18 00:40:01 +01:00
parent ac2ac8cb4b
commit b9ce848881
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
PowerEditor/src/winmain.cpp
View File

@ -29,6 +29,7 @@
#include "Processus.h" #include "Processus.h"
#include "Win32Exception.h" //Win32 exception #include "Win32Exception.h" //Win32 exception
#include "MiniDumper.h" //Write dump files #include "MiniDumper.h" //Write dump files
#include "verifySignedFile.h"
typedef std::vector<generic_string> ParamVector; typedef std::vector<generic_string> ParamVector;
@ -492,12 +493,16 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE, LPSTR, int)
// wingup doesn't work with the obsolet security layer (API) under xp since downloadings are secured with SSL on notepad_plus_plus.org // wingup doesn't work with the obsolet security layer (API) under xp since downloadings are secured with SSL on notepad_plus_plus.org
winVer ver = pNppParameters->getWinVersion(); winVer ver = pNppParameters->getWinVersion();
bool isGtXP = ver > WV_XP; bool isGtXP = ver > WV_XP;
if (TheFirstOne && isUpExist && doUpdate && isGtXP)
bool isSignatureOK = VerifySignedLibrary(updaterFullPath.c_str(), NPP_COMPONENT_SIGNER_KEY_ID, NPP_COMPONENT_SIGNER_SUBJECT, NPP_COMPONENT_SIGNER_DISPLAY_NAME, false, false, false);
if (TheFirstOne && isUpExist && doUpdate && isGtXP && isSignatureOK)
{ {
if (pNppParameters->isx64()) if (pNppParameters->isx64())
{ {
updaterParams += TEXT(" -px64"); updaterParams += TEXT(" -px64");
} }
Process updater(updaterFullPath.c_str(), updaterParams.c_str(), updaterDir.c_str()); Process updater(updaterFullPath.c_str(), updaterParams.c_str(), updaterDir.c_str());
updater.run(); updater.run();