Unexpect behaviour: if "<NppDir>\...dll" and/or "<NppDir>\plugins\..dll" exist, they will be loaded because Notepad++ try to load "<NppDir>\pluginName\pluginName.dll" as plugin, in our case "<NppDir>\plugins\..\...dll" and "<NppDir>\plugins\.\..dll" respectively.
The fix is excluding both directories ".." & "." to not load mentionned above unwanted dll.
Notepad++ launches updater (gup.exe) without checking the signature, that makes exe hacking possible.
The fix is to check updater binary's signature before launching it.
When the amount of clipboard data is too important, it makes crash of function WideCharToMultiByte (win32 API).
The remedy is to capture this error to prevent Notepad++ from crash.
Summary of the Issue:
A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder.
Steps to reproduce:
Download the attached archive on Windows: unzip_me.zip (F404758)
Unzip it and navigate into it
Open the txt file inside with Notepad++
Go to File -> Open containing folder -> cmd
Impact statement:
Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.
Inexistent path %APPDATA%\Notepad++\plugins\Config\ made some plugins crash.
In this PR the folder is checked (and created if it doesn't exist) by each launch of Notepad++.
Loading plugin list location is changed from %LOCALAPPDATA%\Notepad++\plugins\Config\ to
%PROGRAMDATA%\Notepad++\plugins\Config\
Enhance API NPPM_GETPLUGINSCONFIGDIR
Close#5037
User @buggalicious found the summary text is displaying a count of characters without line endings not blanks.
Patch should address #3849 by updating the text to describe what is actually being counted.
Notepad++ loads plugins only from 2 locations:
1. %PROGRAMDATA%\Notepad++\plugins\ - while Notepad++ installed on: %PROGRAMFILES%\Notepad++\ or wherever without doLocalConf.xml
2. <NPP_INST_DIR>\plugins\ - while Notepad++ installed on wherever (except in %PROGRAMFILES%\Notepad++\) with doLocalConf.xml
While plugins are in %PROGRAMDATA%, we need admin's rights to modify them. This PR detects the plugins installation in %PROGRAMDATA%, then launch wingup with UAC.
This PR contains three types of changes:
1. Actual bug fix. This bug appeared, because prior to closing files, "Close all but this" attempts to save modified files, and for that it needs to switch views. Those views were not restored after that, however - so further actions could end up being executed on a wrong view. Those are changed commented with // We may have to restore previous view after saving new files.
2. Another potential bug fix. Closing files in both views could result in views being switched (it may or may not, I did not manage to unambiguously find that out from the code). To prevent any possible issues, I stored view IDs in viewNo. If those could never switch, then the code changes nothing - but if they could, it fixes a potential bug.
3. Code clarity fix in Notepad_plus::switchEditViewTo. std::swap makes it more obvious this code is there only to swap values around!
Fixes#4911, Close#4920
