Load nppPluginList.dll as resource instead of binary for the sake of security

Checck the discussion here:
https://github.com/notepad-plus-plus/nppPluginList/issues/31

More information:
https://blogs.msdn.microsoft.com/oldnewthing/20141120-00/?p=43573
This commit is contained in:
Don HO 2019-02-15 00:01:12 +01:00
parent 7aa953c55a
commit fbffdd8825
1 changed files with 23 additions and 8 deletions

View File

@ -42,6 +42,9 @@
#include "verifySignedFile.h" #include "verifySignedFile.h"
#include "LongRunningOperation.h" #include "LongRunningOperation.h"
#define TEXTFILE 256
#define IDR_PLUGINLISTJSONFILE 101
using namespace std; using namespace std;
using nlohmann::json; using nlohmann::json;
@ -739,7 +742,8 @@ bool PluginsAdminDlg::updateListAndLoadFromJson()
#else //RELEASE #else //RELEASE
hLib = ::LoadLibrary(_pluginListFullPath.c_str()); hLib = ::LoadLibraryEx(_pluginListFullPath.c_str(), 0, LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE);
if (!hLib) if (!hLib)
{ {
// Error treatment // Error treatment
@ -747,19 +751,30 @@ bool PluginsAdminDlg::updateListAndLoadFromJson()
return false; return false;
} }
PFUNCGETPLUGINLIST pGetListFunc = (PFUNCGETPLUGINLIST)GetProcAddress(hLib, "getList"); HRSRC rc = ::FindResource(hLib, MAKEINTRESOURCE(IDR_PLUGINLISTJSONFILE), MAKEINTRESOURCE(TEXTFILE));
if (!pGetListFunc) if (!rc)
{ {
// Error treatment
//printStr(TEXT("getList PB!!!"));
::FreeLibrary(hLib); ::FreeLibrary(hLib);
return false; return false;
} }
const char* pl = pGetListFunc(); HGLOBAL rcData = ::LoadResource(hLib, rc);
//MessageBoxA(NULL, pl, "", MB_OK); if (!rcData)
{
::FreeLibrary(hLib);
return false;
}
j = j.parse(pl); auto size = ::SizeofResource(hLib, rc);
auto data = static_cast<const char*>(::LockResource(rcData));
char* buffer = new char[size + 1];
::memcpy(buffer, data, size);
buffer[size] = '\0';
j = j.parse(buffer);
delete[] buffer;
#endif #endif
// if absent then download it // if absent then download it