Check SciLexer.dll certificate
This fix is about the issue "Vault 7: CIA Hacking Tools Revealed" published on Wikileak: https://wikileaks.org/ciav7p1/cms/page_26968090.html
This commit is contained in:
Don HO
parent
133977da67
commit
b869163609
@ -975,3 +975,125 @@ HWND CreateToolTip(int toolID, HWND hDlg, HINSTANCE hInst, const PTSTR pszText)
|
||||
|
||||
return hwndTip;
|
||||
}
|
||||
|
||||
bool isCertificateValidated(const generic_string & fullFilePath, const generic_string & subjectName2check)
|
||||
{
|
||||
HCERTSTORE hStore = NULL;
|
||||
HCRYPTMSG hMsg = NULL;
|
||||
PCCERT_CONTEXT pCertContext = NULL;
|
||||
BOOL result;
|
||||
DWORD dwEncoding, dwContentType, dwFormatType;
|
||||
PCMSG_SIGNER_INFO pSignerInfo = NULL;
|
||||
DWORD dwSignerInfo;
|
||||
CERT_INFO CertInfo;
|
||||
LPTSTR szName = NULL;
|
||||
|
||||
generic_string subjectName;
|
||||
|
||||
try {
|
||||
// Get message handle and store handle from the signed file.
|
||||
result = CryptQueryObject(CERT_QUERY_OBJECT_FILE,
|
||||
fullFilePath.c_str(),
|
||||
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED,
|
||||
CERT_QUERY_FORMAT_FLAG_BINARY,
|
||||
0,
|
||||
&dwEncoding,
|
||||
&dwContentType,
|
||||
&dwFormatType,
|
||||
&hStore,
|
||||
&hMsg,
|
||||
NULL);
|
||||
|
||||
if (!result)
|
||||
{
|
||||
generic_string errorMessage = TEXT("Check certificate of ") + fullFilePath + TEXT(" : ");
|
||||
errorMessage += GetLastErrorAsString(GetLastError());
|
||||
throw errorMessage;
|
||||
}
|
||||
|
||||
// Get signer information size.
|
||||
result = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo);
|
||||
if (!result)
|
||||
{
|
||||
generic_string errorMessage = TEXT("CryptMsgGetParam first call: ");
|
||||
errorMessage += GetLastErrorAsString(GetLastError());
|
||||
throw errorMessage;
|
||||
}
|
||||
|
||||
// Allocate memory for signer information.
|
||||
pSignerInfo = (PCMSG_SIGNER_INFO)LocalAlloc(LPTR, dwSignerInfo);
|
||||
if (!pSignerInfo)
|
||||
{
|
||||
generic_string errorMessage = TEXT("CryptMsgGetParam memory allocation problem: ");
|
||||
errorMessage += GetLastErrorAsString(GetLastError());
|
||||
throw errorMessage;
|
||||
}
|
||||
|
||||
// Get Signer Information.
|
||||
result = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo);
|
||||
if (!result)
|
||||
{
|
||||
generic_string errorMessage = TEXT("CryptMsgGetParam: ");
|
||||
errorMessage += GetLastErrorAsString(GetLastError());
|
||||
throw errorMessage;
|
||||
}
|
||||
|
||||
// Search for the signer certificate in the temporary
|
||||
// certificate store.
|
||||
CertInfo.Issuer = pSignerInfo->Issuer;
|
||||
CertInfo.SerialNumber = pSignerInfo->SerialNumber;
|
||||
|
||||
pCertContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
|
||||
if (not pCertContext)
|
||||
{
|
||||
generic_string errorMessage = TEXT("Certificate context: ");
|
||||
errorMessage += GetLastErrorAsString(GetLastError());
|
||||
throw errorMessage;
|
||||
}
|
||||
|
||||
DWORD dwData;
|
||||
|
||||
// Get Subject name size.
|
||||
dwData = CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, NULL, 0);
|
||||
if (dwData <= 1)
|
||||
{
|
||||
throw generic_string(TEXT("Certificate checking error: getting data size problem."));
|
||||
}
|
||||
|
||||
// Allocate memory for subject name.
|
||||
szName = (LPTSTR)LocalAlloc(LPTR, dwData * sizeof(TCHAR));
|
||||
if (!szName)
|
||||
{
|
||||
throw generic_string(TEXT("Certificate checking error: memory allocation problem."));
|
||||
}
|
||||
|
||||
// Get subject name.
|
||||
if (CertGetNameString(pCertContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, szName, dwData) <= 1)
|
||||
{
|
||||
throw generic_string(TEXT("Cannot get certificate info."));
|
||||
}
|
||||
|
||||
// check Subject name.
|
||||
subjectName = szName;
|
||||
if (subjectName != subjectName2check)
|
||||
{
|
||||
throw generic_string(TEXT("Certificate checking error: the certificate is not matched."));
|
||||
}
|
||||
}
|
||||
catch (generic_string s)
|
||||
{
|
||||
// display error message
|
||||
MessageBox(NULL, s.c_str(), TEXT("Certificate checking"), MB_OK);
|
||||
|
||||
// Clean up.
|
||||
if (pSignerInfo != NULL) LocalFree(pSignerInfo);
|
||||
if (pCertContext != NULL) CertFreeCertificateContext(pCertContext);
|
||||
if (hStore != NULL) CertCloseStore(hStore, 0);
|
||||
if (hMsg != NULL) CryptMsgClose(hMsg);
|
||||
if (szName != NULL) LocalFree(szName);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -189,3 +189,5 @@ generic_string intToString(int val);
|
||||
generic_string uintToString(unsigned int val);
|
||||
|
||||
HWND CreateToolTip(int toolID, HWND hDlg, HINSTANCE hInst, const PTSTR pszText);
|
||||
|
||||
bool isCertificateValidated(const generic_string & fullFilePath, const generic_string & subjectName2check);
|
||||
|
||||
@ -160,7 +160,7 @@ BOOL Notepad_plus::notify(SCNotification *notification)
|
||||
{
|
||||
BufferID id = pTabDocView->getBufferByIndex(tbHdr->tabOrigin);
|
||||
Buffer * pBuf = MainFileManager->getBufferByID(id);
|
||||
_pDocMap->showInMapTemporily(pBuf, notifyView);
|
||||
_pDocMap->showInMapTemporarily(pBuf, notifyView);
|
||||
_pDocMap->setSyntaxHiliting();
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,15 +38,15 @@ using namespace std;
|
||||
// initialize the static variable
|
||||
|
||||
// get full ScinLexer.dll path to avoid hijack
|
||||
TCHAR * getSciLexerFullPathName(TCHAR * moduleFileName, size_t len){
|
||||
TCHAR * getSciLexerFullPathName(TCHAR * moduleFileName, size_t len)
|
||||
{
|
||||
::GetModuleFileName(NULL, moduleFileName, static_cast<int32_t>(len));
|
||||
::PathRemoveFileSpec(moduleFileName);
|
||||
::PathAppend(moduleFileName, TEXT("SciLexer.dll"));
|
||||
return moduleFileName;
|
||||
};
|
||||
|
||||
TCHAR moduleFileName[1024];
|
||||
HINSTANCE ScintillaEditView::_hLib = ::LoadLibrary(getSciLexerFullPathName(moduleFileName, 1024));
|
||||
HINSTANCE ScintillaEditView::_hLib = loadSciLexerDll();
|
||||
int ScintillaEditView::_refCount = 0;
|
||||
UserDefineDialog ScintillaEditView::_userDefineDlg;
|
||||
|
||||
@ -174,6 +174,16 @@ int getNbDigits(int aNum, int base)
|
||||
return nbChiffre;
|
||||
}
|
||||
|
||||
TCHAR moduleFileName[1024];
|
||||
HMODULE loadSciLexerDll()
|
||||
{
|
||||
generic_string sciLexerPath = getSciLexerFullPathName(moduleFileName, 1024);
|
||||
|
||||
if (not isCertificateValidated(sciLexerPath, TEXT("Notepad++")))
|
||||
return nullptr;
|
||||
return ::LoadLibrary(sciLexerPath.c_str());
|
||||
}
|
||||
|
||||
void ScintillaEditView::init(HINSTANCE hInst, HWND hPere)
|
||||
{
|
||||
if (!_hLib)
|
||||
@ -1675,7 +1685,8 @@ void ScintillaEditView::restoreCurrentPos()
|
||||
execute(SCI_SETANCHOR, pos._startPos);
|
||||
execute(SCI_SETCURRENTPOS, pos._endPos);
|
||||
execute(SCI_CANCEL); //disable
|
||||
if (!isWrap()) { //only offset if not wrapping, otherwise the offset isnt needed at all
|
||||
if (not isWrap()) //only offset if not wrapping, otherwise the offset isnt needed at all
|
||||
{
|
||||
execute(SCI_SETSCROLLWIDTH, pos._scrollWidth);
|
||||
execute(SCI_SETXOFFSET, pos._xOffset);
|
||||
}
|
||||
|
||||
@ -130,6 +130,7 @@ const int MARK_HIDELINESUNDERLINE = 21;
|
||||
|
||||
|
||||
int getNbDigits(int aNum, int base);
|
||||
HMODULE loadSciLexerDll();
|
||||
|
||||
TCHAR * int2str(TCHAR *str, int strLen, int number, int base, int nbChiffre, bool isZeroLeading);
|
||||
|
||||
|
||||
@ -75,8 +75,29 @@ void DocumentMap::showInMapTemporarily(Buffer *buf2show, const ScintillaEditView
|
||||
{
|
||||
wrapMap(fromEditView);
|
||||
}
|
||||
//_pScintillaEditView->restoreCurrentPos();
|
||||
scrollMap(fromEditView);
|
||||
|
||||
//scrollMap(fromEditView);
|
||||
/*
|
||||
Buffer * buf = buf2show;
|
||||
Position & pos = buf->getPosition(const_cast<ScintillaEditView *>(fromEditView));
|
||||
|
||||
_pScintillaEditView->execute(SCI_GOTOPOS, 0); //make sure first line visible by setting caret there, will scroll to top of document
|
||||
|
||||
_pScintillaEditView->execute(SCI_SETSELECTIONMODE, pos._selMode); //enable
|
||||
_pScintillaEditView->execute(SCI_SETANCHOR, pos._startPos);
|
||||
_pScintillaEditView->execute(SCI_SETCURRENTPOS, pos._endPos);
|
||||
_pScintillaEditView->execute(SCI_CANCEL); //disable
|
||||
if (not _pScintillaEditView->isWrap()) //only offset if not wrapping, otherwise the offset isnt needed at all
|
||||
{
|
||||
_pScintillaEditView->execute(SCI_SETSCROLLWIDTH, pos._scrollWidth);
|
||||
_pScintillaEditView->execute(SCI_SETXOFFSET, pos._xOffset);
|
||||
}
|
||||
_pScintillaEditView->execute(SCI_CHOOSECARETX); // choose current x position
|
||||
|
||||
int lineToShow = static_cast<int32_t>(_pScintillaEditView->execute(SCI_VISIBLEFROMDOCLINE, pos._firstVisibleLine));
|
||||
_pScintillaEditView->scroll(0, lineToShow);
|
||||
*/
|
||||
}
|
||||
}
|
||||
|
||||
@ -205,7 +226,13 @@ int DocumentMap::getEditorTextZoneWidth(const ScintillaEditView *editView)
|
||||
}
|
||||
return editorRect.right - editorRect.left - marginWidths;
|
||||
}
|
||||
|
||||
/*
|
||||
struct mapPosition {
|
||||
int32_t _firstVisibleDocLine;
|
||||
int32_t _nbLine;
|
||||
int32_t _lastVisibleDocLine;
|
||||
};
|
||||
*/
|
||||
void DocumentMap::scrollMap(const ScintillaEditView *editView)
|
||||
{
|
||||
const ScintillaEditView *pEditView = editView ? editView : *_ppEditView;
|
||||
|
||||
@ -109,7 +109,7 @@
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalOptions>/fixed:no %(AdditionalOptions)</AdditionalOptions>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;Crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<ShowProgress>LinkVerboseLib</ShowProgress>
|
||||
<OutputFile>$(OutDir)notepad++.exe</OutputFile>
|
||||
<Version>1.0</Version>
|
||||
@ -146,7 +146,7 @@
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalOptions>/fixed:no %(AdditionalOptions)</AdditionalOptions>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;Crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<ShowProgress>LinkVerboseLib</ShowProgress>
|
||||
<OutputFile>$(OutDir)notepad++.exe</OutputFile>
|
||||
<Version>1.0</Version>
|
||||
@ -188,7 +188,7 @@
|
||||
<WarningVersion>18</WarningVersion>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;Crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<ShowProgress>LinkVerboseLib</ShowProgress>
|
||||
<OutputFile>$(OutDir)notepad++.exe</OutputFile>
|
||||
<Version>1.0</Version>
|
||||
@ -239,7 +239,7 @@ copy ..\src\contextMenu.xml ..\bin\contextMenu.xml
|
||||
<WarningVersion>18</WarningVersion>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<AdditionalDependencies>comctl32.lib;shlwapi.lib;shell32.lib;Oleacc.lib;Dbghelp.lib;Version.lib;Crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<ShowProgress>LinkVerboseLib</ShowProgress>
|
||||
<OutputFile>$(OutDir)notepad++.exe</OutputFile>
|
||||
<Version>1.0</Version>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user