From fbffdd8825ecafb7f351a2db6f094cfe4e821288 Mon Sep 17 00:00:00 2001 From: Don HO Date: Fri, 15 Feb 2019 00:01:12 +0100 Subject: [PATCH] Load nppPluginList.dll as resource instead of binary for the sake of security Checck the discussion here: https://github.com/notepad-plus-plus/nppPluginList/issues/31 More information: https://blogs.msdn.microsoft.com/oldnewthing/20141120-00/?p=43573 --- .../WinControls/PluginsAdmin/pluginsAdmin.cpp | 31 ++++++++++++++----- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.cpp b/PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.cpp index 24853aa41..c0d386cd7 100644 --- a/PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.cpp +++ b/PowerEditor/src/WinControls/PluginsAdmin/pluginsAdmin.cpp @@ -42,6 +42,9 @@ #include "verifySignedFile.h" #include "LongRunningOperation.h" +#define TEXTFILE 256 +#define IDR_PLUGINLISTJSONFILE 101 + using namespace std; using nlohmann::json; @@ -739,7 +742,8 @@ bool PluginsAdminDlg::updateListAndLoadFromJson() #else //RELEASE - hLib = ::LoadLibrary(_pluginListFullPath.c_str()); + hLib = ::LoadLibraryEx(_pluginListFullPath.c_str(), 0, LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE); + if (!hLib) { // Error treatment @@ -747,19 +751,30 @@ bool PluginsAdminDlg::updateListAndLoadFromJson() return false; } - PFUNCGETPLUGINLIST pGetListFunc = (PFUNCGETPLUGINLIST)GetProcAddress(hLib, "getList"); - if (!pGetListFunc) + HRSRC rc = ::FindResource(hLib, MAKEINTRESOURCE(IDR_PLUGINLISTJSONFILE), MAKEINTRESOURCE(TEXTFILE)); + if (!rc) { - // Error treatment - //printStr(TEXT("getList PB!!!")); ::FreeLibrary(hLib); return false; } - const char* pl = pGetListFunc(); - //MessageBoxA(NULL, pl, "", MB_OK); + HGLOBAL rcData = ::LoadResource(hLib, rc); + if (!rcData) + { + ::FreeLibrary(hLib); + return false; + } - j = j.parse(pl); + auto size = ::SizeofResource(hLib, rc); + auto data = static_cast(::LockResource(rcData)); + + char* buffer = new char[size + 1]; + ::memcpy(buffer, data, size); + buffer[size] = '\0'; + + j = j.parse(buffer); + + delete[] buffer; #endif // if absent then download it