Commit Graph

2892 Commits

Author SHA1 Message Date
Don HO
3baef49079 Add SHA256 checking of the authentity of used modules
In order to remove the code signing certificate dependency, SHA256 checking of the authentity of used modules (Scilexer.dll, GUP.exe and nppPluginList.dll) is added.
See the followling link for the detail information:
https://notepad-plus-plus.org/community/topic/17184/remove-code-signing-from-notepad
2019-02-27 10:14:36 +01:00
Don HO
1f5ba1803f Fix compiling error 2019-02-24 18:21:28 +01:00
Don HO
da2d14436c [EU-FOSSA] Enhance the macroable detection to avoid crash 2019-02-24 11:34:27 +01:00
Don HO
d7c942ee2f Fix auto-update detection issue due to wrong version number used 2019-02-23 13:06:44 +01:00
Don HO
5085d9c95a [EU-FOSSA] Check string length to copy to avoid crash in purgeMenuItemString function 2019-02-22 19:58:20 +01:00
Don HO
eec82cc2a6 [EU-FOSSA] Replace "lstrcpy" by "wcscpy_s" in "BabyGrid.cpp" to avoid the eventual crash 2019-02-22 13:37:11 +01:00
Don HO
bd7816755c [EU-FOSSA] Replace lstrcat by wcscat_s to avoid crash 2019-02-22 12:57:58 +01:00
Don HO
70cd3e5ea6 [EU-FOSSA] Check if the command is macroable before playing the recorded macro
Such situation can happen via the manual modification of shortcut.xml by hackers.
2019-02-21 20:11:42 +01:00
Don HO
4472620f30 Remove "Get More Plugins" menu item 2019-02-20 09:46:17 +01:00
Don HO
b90be4a05b [EURO-FOSSA] Fix a vunerability from "Search on Internet" command
Restrict the usage of customized search engine on only "http://" or "https://" url schema to avoid whatever application can be launched via "Search on Internet" command.
2019-02-20 00:34:28 +01:00
Don HO
5bcf55c59e Add stackoverflow as search engine 2019-02-19 13:05:02 +01:00
Don HO
188565fd4a Fix x64 compiling error 2019-02-18 23:23:55 +01:00
Don HO
0adc06322f [EU-FOSSA] Fix buffer overrun in Print dialog 2019-02-18 23:13:28 +01:00
Don HO
194475ce64 [EU-FOSSA] Fix a crash bug on Macro execution with arbitrary parameters 2019-02-18 01:27:26 +01:00
Don HO
011aa960fb Fix a regression on c4ff9f76a3
Fix a regression on c4ff9f76a3
2019-02-17 20:13:04 +01:00
Rajendra Singh
3546268c23 Add the capacity to rename non-existing document's tab
Close #5311
2019-02-17 18:17:24 +01:00
Don HO
c4ff9f76a3 Make "new #" document drag-and-drop operation among instances right.
New correct behaviour: Dragging out a "new #" document from instance 1 and dropping it into instance 2 makes disappear "new #" document from instance 1, and nothing happens in instance 2.
2019-02-16 23:47:03 +01:00
Rajendra Singh
17c40213ca Tab context menu bug fixes
Disable "Open containing Folder in Explorer" and "Open Containing Folder in CMD" commands for document non-exist on hard disk.

Close #5312
2019-02-16 09:55:12 +01:00
Don HO
fbffdd8825 Load nppPluginList.dll as resource instead of binary for the sake of security
Checck the discussion here:
https://github.com/notepad-plus-plus/nppPluginList/issues/31

More information:
https://blogs.msdn.microsoft.com/oldnewthing/20141120-00/?p=43573
2019-02-15 00:01:12 +01:00
Rajendra Singh
7aa953c55a Fix a crash (a regression) due to replacement of lstrcpy by wcscpy_s
Close #5314
2019-02-14 00:03:37 +01:00
Don HO
501980782f [EU-FOSSA] Check Updater's certificate before launching it 2019-02-13 19:39:39 +01:00
Don HO
1ab1624800 Fix a crash regression due to a bad length count for a replacement of wcscpy_s 2019-02-13 02:22:15 +01:00
Don HO
7fe3cda1d0 [EU-FOSSA] Use wcscpy_s instead of lstrcpy to prevent from buffer overflow 2019-02-11 02:07:04 +01:00
Don HO
b381ea5353 Make name more explicite: "Remove Duplicate Lines" to "Remove Consecutive Duplicate Lines" 2019-02-10 13:43:41 +01:00
Don HO
ea1fd44ff0 [EURO-FOSSA] Fix stack buffer overflow on strcpy 2019-02-10 04:11:26 +01:00
Don HO
494b4bc0db Fix crash on exit after creating or importing a UDL
And fix deletion userDefineLang.xml file bug on exit.
2019-02-09 22:52:13 +01:00
Don HO
58037e07b1 [EU-FOSSA] Fix stack buffer overflow on wsprintf in WordStyle dialog
Also remove dynamic allocation for CB_GETLBTEXT and use local array instead by controlling buffer size.
2019-02-09 03:28:52 +01:00
Don HO
0438447194 [EU-FOSSA] Fix stack buffer overflow on LB_GETTEXT 2019-02-08 22:13:12 +01:00
Don HO
cdd13ecadc [EU-FOSSA] Fix stack buffer overflow on CB_GETLBTEXT 2019-02-08 12:38:34 +01:00
Don HO
dfb9b5e330 Enhance User Defined Language System for supporting more than one UDL file.
Several UDL xml files can be loaded to allow to manage/share UDL more easily.

1. The old file userDefineLang.xml is kept in its old location and is still used.
2. The new folder userDefineLangs is added beside of the old UDL default file. Any UDL xml file can go into the folder userDefineLangs and will be loaded as UDL.
3. A UDL xml file must contain one (or several) user defined language(s).
4. The created UDL via UDL dialog and imported UDL are saved in  userDefineLang.xml (default UDL file).

https://notepad-plus-plus.org/community/topic/17072/new-enhancement-for-user-defined-language-system
2019-02-07 23:40:17 +01:00
Don HO
51f10bdba5 Add "Remove Duplicate Lines" feature
Remove duplicate consecutive lines from whole document.
2019-02-01 01:00:36 +01:00
Don HO
e691370e4f [EU-FOSSA] Fix stack overflow in extractSymbol function 2019-01-31 20:17:59 +01:00
Don HO
c906af27b2 [EU-FOSSA] Fix stack overflow in exts2Filters function 2019-01-30 23:33:16 +01:00
Don HO
5eaf67b647 [EU-FOSSA] Fix stack overflow issue on User Define Language dialog 2019-01-30 01:52:18 +01:00
Don HO
c314ed1d8a [EU-FOSSA] DLL hijacking of plugins\Config\Config.dll loaded by Notepad++ 2019-01-28 19:54:50 +01:00
Don HO
1a356c2019 Notepas++ 7.6.3 release 2019-01-27 23:13:30 +01:00
Don HO
e5108cc0ea Add Markdown language.
via User Defined Language.
Markdown++: https://github.com/Edditoria/markdown-plus-plus

Included only for Installer.
2019-01-27 02:53:02 +01:00
Don HO
9fecbae030 Move plugins home from %ProgramData% to %ProgramFiles% for the sake of security
Whole specs here:
https://notepad-plus-plus.org/community/topic/16996/new-plugins-home-round-2
2019-01-25 02:10:11 +01:00
Don HO
c1bf412f57 [EU-FOSSA] Avoid to execute eventual hijacked binaries from Notepad++
If the same name binaries are placed in user's PC and the fake binaries path are set before the system ones:
https://superuser.com/questions/897644/how-does-windows-decide-which-executable-to-run/897645
then the fake ones are executed.
Remove these entries for avoiding to execute eventual hijacked binaries from Notepad++.
2019-01-22 00:04:06 +01:00
Don HO
abf78e84b2 [EU-FOSSA] Fix loading unexpected dll as plugin issue
Unexpect behaviour: if "<NppDir>\...dll" and/or "<NppDir>\plugins\..dll" exist, they will be loaded because Notepad++ try to load "<NppDir>\pluginName\pluginName.dll" as plugin, in our case "<NppDir>\plugins\..\...dll" and "<NppDir>\plugins\.\..dll" respectively.

The fix is excluding both directories ".." & "." to not load mentionned above unwanted dll.
2019-01-19 03:30:54 +01:00
Don HO
e813f0383b Fix x64 build error 2019-01-19 03:27:08 +01:00
Don HO
4421161848 [EU-FOSSA] Fix stack overflow issue while affecting "ext" field on stylers.xml 2019-01-18 23:09:00 +01:00
Don HO
ccdf7d8d8b [EU-FOSSA] Fix stack overflow in XML Parsing 2019-01-18 03:50:20 +01:00
Don HO
b9ce848881 [EU-FOSSA] Fix EXE Hijacking of gup.exe launched by Notepad++
Notepad++ launches updater (gup.exe) without checking the signature, that makes exe hacking possible.
The fix is to check updater binary's signature before launching it.
2019-01-18 00:40:01 +01:00
Don HO
ac2ac8cb4b Fix x64 build error 2019-01-18 00:34:40 +01:00
Don HO
5b1f530204 [EU-FOSSA] Fix crash issue due to heap overflow in clipboardHistoryPanel.cpp
When the amount of clipboard data is too important, it makes crash of function WideCharToMultiByte (win32 API).
The remedy is to capture this error to prevent Notepad++ from crash.
2019-01-17 13:56:41 +01:00
Rajendra Singh
694415f8af Make exception error more clear
Close #5212
2019-01-15 09:56:41 +01:00
Don HO
0f936707a2 [EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder"
Summary of the Issue:
A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder.

Steps to reproduce:
Download the attached archive on Windows: unzip_me.zip (F404758)
Unzip it and navigate into it
Open the txt file inside with Notepad++
Go to File -> Open containing folder -> cmd

Impact statement:
Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.
2019-01-14 20:20:19 +01:00
Don HO
fd32585c14 List plugins in alphabetical order in Plugins Admin dialog 2019-01-14 20:02:47 +01:00
Don HO
70dee50dc7 Notepad++ 7.6.2 release Gilet Jaune Edition 2019-01-01 02:46:17 +01:00