Load nppPluginList.dll as resource instead of binary for the sake of security
Checck the discussion here: https://github.com/notepad-plus-plus/nppPluginList/issues/31 More information: https://blogs.msdn.microsoft.com/oldnewthing/20141120-00/?p=43573
This commit is contained in:
parent
7aa953c55a
commit
fbffdd8825
|
@ -42,6 +42,9 @@
|
||||||
#include "verifySignedFile.h"
|
#include "verifySignedFile.h"
|
||||||
#include "LongRunningOperation.h"
|
#include "LongRunningOperation.h"
|
||||||
|
|
||||||
|
#define TEXTFILE 256
|
||||||
|
#define IDR_PLUGINLISTJSONFILE 101
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
using nlohmann::json;
|
using nlohmann::json;
|
||||||
|
|
||||||
|
@ -739,7 +742,8 @@ bool PluginsAdminDlg::updateListAndLoadFromJson()
|
||||||
|
|
||||||
#else //RELEASE
|
#else //RELEASE
|
||||||
|
|
||||||
hLib = ::LoadLibrary(_pluginListFullPath.c_str());
|
hLib = ::LoadLibraryEx(_pluginListFullPath.c_str(), 0, LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE);
|
||||||
|
|
||||||
if (!hLib)
|
if (!hLib)
|
||||||
{
|
{
|
||||||
// Error treatment
|
// Error treatment
|
||||||
|
@ -747,19 +751,30 @@ bool PluginsAdminDlg::updateListAndLoadFromJson()
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
PFUNCGETPLUGINLIST pGetListFunc = (PFUNCGETPLUGINLIST)GetProcAddress(hLib, "getList");
|
HRSRC rc = ::FindResource(hLib, MAKEINTRESOURCE(IDR_PLUGINLISTJSONFILE), MAKEINTRESOURCE(TEXTFILE));
|
||||||
if (!pGetListFunc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
// Error treatment
|
|
||||||
//printStr(TEXT("getList PB!!!"));
|
|
||||||
::FreeLibrary(hLib);
|
::FreeLibrary(hLib);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const char* pl = pGetListFunc();
|
HGLOBAL rcData = ::LoadResource(hLib, rc);
|
||||||
//MessageBoxA(NULL, pl, "", MB_OK);
|
if (!rcData)
|
||||||
|
{
|
||||||
|
::FreeLibrary(hLib);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
j = j.parse(pl);
|
auto size = ::SizeofResource(hLib, rc);
|
||||||
|
auto data = static_cast<const char*>(::LockResource(rcData));
|
||||||
|
|
||||||
|
char* buffer = new char[size + 1];
|
||||||
|
::memcpy(buffer, data, size);
|
||||||
|
buffer[size] = '\0';
|
||||||
|
|
||||||
|
j = j.parse(buffer);
|
||||||
|
|
||||||
|
delete[] buffer;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
// if absent then download it
|
// if absent then download it
|
||||||
|
|
Loading…
Reference in New Issue