Unexpect behaviour: if "<NppDir>\...dll" and/or "<NppDir>\plugins\..dll" exist, they will be loaded because Notepad++ try to load "<NppDir>\pluginName\pluginName.dll" as plugin, in our case "<NppDir>\plugins\..\...dll" and "<NppDir>\plugins\.\..dll" respectively.
The fix is excluding both directories ".." & "." to not load mentionned above unwanted dll.
Notepad++ launches updater (gup.exe) without checking the signature, that makes exe hacking possible.
The fix is to check updater binary's signature before launching it.
When the amount of clipboard data is too important, it makes crash of function WideCharToMultiByte (win32 API).
The remedy is to capture this error to prevent Notepad++ from crash.
Summary of the Issue:
A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder.
Steps to reproduce:
Download the attached archive on Windows: unzip_me.zip (F404758)
Unzip it and navigate into it
Open the txt file inside with Notepad++
Go to File -> Open containing folder -> cmd
Impact statement:
Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.
Inexistent path %APPDATA%\Notepad++\plugins\Config\ made some plugins crash.
In this PR the folder is checked (and created if it doesn't exist) by each launch of Notepad++.
Loading plugin list location is changed from %LOCALAPPDATA%\Notepad++\plugins\Config\ to
%PROGRAMDATA%\Notepad++\plugins\Config\
Enhance API NPPM_GETPLUGINSCONFIGDIR
Close#5037
User @buggalicious found the summary text is displaying a count of characters without line endings not blanks.
Patch should address #3849 by updating the text to describe what is actually being counted.
Notepad++ loads plugins only from 2 locations:
1. %PROGRAMDATA%\Notepad++\plugins\ - while Notepad++ installed on: %PROGRAMFILES%\Notepad++\ or wherever without doLocalConf.xml
2. <NPP_INST_DIR>\plugins\ - while Notepad++ installed on wherever (except in %PROGRAMFILES%\Notepad++\) with doLocalConf.xml
While plugins are in %PROGRAMDATA%, we need admin's rights to modify them. This PR detects the plugins installation in %PROGRAMDATA%, then launch wingup with UAC.