[BUG_FIXED] Fix a vulnerability: get full ScinLexer.dll path to avoid…

… hijack. git-svn-id: svn://svn.tuxfamily.org/svnroot/notepadplus/repository/trunk@657 f5eea248-9336-0410-98b8-ebc06183d4e3
notepad-plus-plus · Aug 29, 2010 · 3fa8a89 · 3fa8a89
1 parent f602782
commit 3fa8a89
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp b/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp
@@ -22,7 +22,17 @@
 
 
 // initialize the static variable
-HINSTANCE ScintillaEditView::_hLib = ::LoadLibrary(TEXT("SciLexer.DLL"));
+
+// get full ScinLexer.dll path to avoid hijack
+TCHAR * getSciLexerFullPathName(TCHAR * moduleFileName, size_t len){
+	::GetModuleFileName(NULL, moduleFileName, len);
+	::PathRemoveFileSpec(moduleFileName);
+	::PathAppend(moduleFileName, TEXT("SciLexer.dll"));
+	return moduleFileName;
+};
+
+TCHAR moduleFileName[1024];
+HINSTANCE ScintillaEditView::_hLib = ::LoadLibrary(getSciLexerFullPathName(moduleFileName, 1024));
 int ScintillaEditView::_refCount = 0;
 UserDefineDialog ScintillaEditView::_userDefineDlg;