libreoffice/0004-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocument-in-writer.patch
Eike Rathke 15f0103f76 Fix CVE-2023-6185 CVE-2023-6186
Resolves: RHEL-28591 RHEL-28595
Also RHEL-28592 RHEL-28596
2024-05-22 11:46:08 +02:00

282 lines
13 KiB
Diff

From 6a69b533227ae22d97824317f14dfa6991959101 Mon Sep 17 00:00:00 2001
Message-ID: <6a69b533227ae22d97824317f14dfa6991959101.1703086328.git.erack@redhat.com>
In-Reply-To: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
References: <82752ccba78ecdbf94908377ec022f68ba7d9d59.1703086328.git.erack@redhat.com>
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Wed, 15 Nov 2023 11:39:24 +0000
Subject: [PATCH 3/4] reuse AllowedLinkProtocolFromDocument in writer
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
reorg calc hyperlink check to reuse elsewhere
Change-Id: I20ae3c5df15502c3a0a366fb4a2924c06ffac3d0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159487
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit e6a7537762e19fde446441edd10d301f9b37ce75)
reuse AllowedLinkProtocolFromDocument in writer
Change-Id: Iacf5e313fc6ca5f7d69ca6986a036f0e1ab1f2a0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159488
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 32535dfa82200b54296838b52285c054fbe5e51d)
combine these hyperlink dispatchers into one call
Change-Id: Icb7822e811013de648ccf2fbb23a5f0be9e29bb0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159489
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 0df175ccc6ea542bc5801f631ff72bed187042eb)
we can have just one LoadURL for writer
Change-Id: Ia0162ee1c275292fcf200bad4662e4c2c6b7b972
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159557
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 521ca9cf6acbae96cf95d9740859c9682212013d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159858
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit e32b8601dbd63cf01497889601d6c9c1241106d6)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159883
Signed-off-by: Xisco Fauli <xiscofauli@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159913
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Eike Rathke <erack@redhat.com>
---
include/sfx2/objsh.hxx | 7 +++--
sc/source/core/data/global.cxx | 32 ++---------------------
sfx2/source/doc/objmisc.cxx | 27 ++++++++++++++++++++
sw/source/uibase/shells/drwtxtex.cxx | 8 ++----
sw/source/uibase/wrtsh/wrtsh2.cxx | 38 ++++++++++++++++++----------
5 files changed, 60 insertions(+), 52 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0003-reuse-AllowedLinkProtocolFromDocument-in-writer.patch"
diff --git a/include/sfx2/objsh.hxx b/include/sfx2/objsh.hxx
index fde0dba3d7c9..79f22c978dcb 100644
--- a/include/sfx2/objsh.hxx
+++ b/include/sfx2/objsh.hxx
@@ -200,6 +200,9 @@ private:
SAL_DLLPRIVATE bool SaveTo_Impl(SfxMedium &rMedium, const SfxItemSet* pSet );
+ // true if the document had macros (or similar) on load to trigger warning user
+ SAL_DLLPRIVATE bool GetHadCheckedMacrosOnLoad() const;
+
protected:
SfxObjectShell(SfxObjectCreateMode);
SfxObjectShell(SfxModelFlags); // see sfxmodelfactory.hxx
@@ -427,8 +430,8 @@ public:
void SetMacroCallsSeenWhileLoading();
bool GetMacroCallsSeenWhileLoading() const;
- // true if the document had macros (or similar) on load to trigger warning user
- bool GetHadCheckedMacrosOnLoad() const;
+ // true if this type of link, from a document, is allowed by the user to be passed to uno:OpenDoc
+ static bool AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent);
const css::uno::Sequence< css::beans::PropertyValue >& GetModifyPasswordInfo() const;
bool SetModifyPasswordInfo( const css::uno::Sequence< css::beans::PropertyValue >& aInfo );
diff --git a/sc/source/core/data/global.cxx b/sc/source/core/data/global.cxx
index 92caea1ea459..27c5a51a46c1 100644
--- a/sc/source/core/data/global.cxx
+++ b/sc/source/core/data/global.cxx
@@ -29,9 +29,7 @@
#include <sfx2/docfile.hxx>
#include <sfx2/dispatch.hxx>
#include <sfx2/objsh.hxx>
-#include <sfx2/sfxresid.hxx>
#include <sfx2/sfxsids.hrc>
-#include <sfx2/strings.hrc>
#include <sfx2/viewfrm.hxx>
#include <sfx2/viewsh.hxx>
#include <svl/intitem.hxx>
@@ -856,34 +854,8 @@ void ScGlobal::OpenURL(const OUString& rURL, const OUString& rTarget, bool bIgno
aUrlName = aNewUrlName;
}
- if (INetURLObject(aUrlName).IsExoticProtocol())
- {
- // Default to ignoring exotic protocols
- bool bAllow = false;
- if (pObjShell)
- {
- // If the document had macros when loaded then follow the allowed macro-mode
- if (pObjShell->GetHadCheckedMacrosOnLoad())
- bAllow = pObjShell->AdjustMacroMode();
- else // otherwise ask the user, defaulting to cancel
- {
- assert(pFrame && "if we have pObjShell we have pFrame");
- //Reuse URITools::onOpenURI warning string
- std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pFrame->GetFrameWeld(),
- VclMessageType::Warning, VclButtonsType::YesNo,
- SfxResId(STR_DANGEROUS_TO_OPEN)));
- xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
- INetURLObject::decode(aUrlName, INetURLObject::DecodeMechanism::Unambiguous)));
- xQueryBox->set_default_response(RET_NO);
- bAllow = xQueryBox->run() == RET_YES;
- }
- }
- if (!bAllow)
- {
- SAL_WARN("sc", "ScGlobal::OpenURL ignoring: " << aUrlName);
- return;
- }
- }
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(aUrlName, pObjShell, pFrame ? pFrame->GetFrameWeld() : nullptr))
+ return;
SfxStringItem aUrl( SID_FILE_NAME, aUrlName );
SfxStringItem aTarget( SID_TARGETNAME, rTarget );
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index ddf95eeafe5e..8c76c3f0f4d6 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -962,6 +962,33 @@ bool SfxObjectShell::GetHadCheckedMacrosOnLoad() const
return pImpl->m_bHadCheckedMacrosOnLoad;
}
+bool SfxObjectShell::AllowedLinkProtocolFromDocument(const OUString& rUrl, SfxObjectShell* pObjShell, weld::Window* pDialogParent)
+{
+ if (!INetURLObject(rUrl).IsExoticProtocol())
+ return true;
+ // Default to ignoring exotic protocols
+ bool bAllow = false;
+ if (pObjShell)
+ {
+ // If the document had macros when loaded then follow the allowed macro-mode
+ if (pObjShell->GetHadCheckedMacrosOnLoad())
+ bAllow = pObjShell->AdjustMacroMode();
+ else // otherwise ask the user, defaulting to cancel
+ {
+ //Reuse URITools::onOpenURI warning string
+ std::unique_ptr<weld::MessageDialog> xQueryBox(Application::CreateMessageDialog(pDialogParent,
+ VclMessageType::Warning, VclButtonsType::YesNo,
+ SfxResId(STR_DANGEROUS_TO_OPEN)));
+ xQueryBox->set_primary_text(xQueryBox->get_primary_text().replaceFirst("$(ARG1)",
+ INetURLObject::decode(rUrl, INetURLObject::DecodeMechanism::Unambiguous)));
+ xQueryBox->set_default_response(RET_NO);
+ bAllow = xQueryBox->run() == RET_YES;
+ }
+ }
+ SAL_WARN_IF(!bAllow, "sfx.appl", "SfxObjectShell::AllowedLinkProtocolFromDocument ignoring: " << rUrl);
+ return bAllow;
+}
+
void SfxObjectShell::CheckEncryption_Impl( const uno::Reference< task::XInteractionHandler >& xHandler )
{
OUString aVersion;
diff --git a/sw/source/uibase/shells/drwtxtex.cxx b/sw/source/uibase/shells/drwtxtex.cxx
index c84ee7bd9af4..c51f501841ad 100644
--- a/sw/source/uibase/shells/drwtxtex.cxx
+++ b/sw/source/uibase/shells/drwtxtex.cxx
@@ -533,12 +533,8 @@ void SwDrawTextShell::Execute( SfxRequest &rReq )
const SvxFieldData* pField = pOLV->GetFieldAtCursor();
if (const SvxURLField* pURLField = dynamic_cast<const SvxURLField*>(pField))
{
- SfxStringItem aUrl(SID_FILE_NAME, pURLField->GetURL());
- SfxStringItem aTarget(SID_TARGETNAME, pURLField->GetTargetFrame());
- SfxBoolItem aNewView(SID_OPEN_NEW_VIEW, false);
- SfxBoolItem aBrowsing(SID_BROWSE, true);
- GetView().GetViewFrame()->GetDispatcher()->ExecuteList(
- SID_OPENDOC, SfxCallMode::SYNCHRON, { &aUrl, &aTarget, &aNewView, &aBrowsing });
+ ::LoadURL(GetShell(), pURLField->GetURL(), LoadUrlFlags::NONE,
+ pURLField->GetTargetFrame());
}
}
break;
diff --git a/sw/source/uibase/wrtsh/wrtsh2.cxx b/sw/source/uibase/wrtsh/wrtsh2.cxx
index 1995e7133c4a..d781823e82ec 100644
--- a/sw/source/uibase/wrtsh/wrtsh2.cxx
+++ b/sw/source/uibase/wrtsh/wrtsh2.cxx
@@ -501,30 +501,24 @@ bool SwWrtShell::ClickToINetGrf( const Point& rDocPt, LoadUrlFlags nFilter )
return bRet;
}
-void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
- const OUString& rTargetFrameName )
+static void LoadURL(SwView& rView, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName)
{
- OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
- if( rURL.isEmpty() )
- return ;
+ SwDocShell* pDShell = rView.GetDocShell();
+ OSL_ENSURE( pDShell, "No DocShell?!");
+ SfxViewFrame* pViewFrame = rView.GetViewFrame();
- // The shell could be 0 also!!!!!
- if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ if (!SfxObjectShell::AllowedLinkProtocolFromDocument(rURL, pDShell, pViewFrame->GetFrameWeld()))
return;
// We are doing tiledRendering, let the client handles the URL loading,
// unless we are jumping to a TOC mark.
if (comphelper::LibreOfficeKit::isActive() && !rURL.startsWith("#"))
{
- rVSh.GetSfxViewShell()->libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
+ rView.libreOfficeKitViewCallback(LOK_CALLBACK_HYPERLINK_CLICKED, rURL.toUtf8().getStr());
return;
}
- //A CursorShell is always a WrtShell
- SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
-
- SwDocShell* pDShell = rSh.GetView().GetDocShell();
- OSL_ENSURE( pDShell, "No DocShell?!");
OUString sTargetFrame(rTargetFrameName);
if (sTargetFrame.isEmpty() && pDShell)
{
@@ -539,7 +533,6 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
OUString sReferer;
if( pDShell && pDShell->GetMedium() )
sReferer = pDShell->GetMedium()->GetName();
- SfxViewFrame* pViewFrame = rSh.GetView().GetViewFrame();
SfxFrameItem aView( SID_DOCFRAME, pViewFrame );
SfxStringItem aName( SID_FILE_NAME, rURL );
SfxStringItem aTargetFrameName( SID_TARGETNAME, sTargetFrame );
@@ -565,6 +558,23 @@ void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
SfxCallMode::ASYNCHRON|SfxCallMode::RECORD );
}
+void LoadURL( SwViewShell& rVSh, const OUString& rURL, LoadUrlFlags nFilter,
+ const OUString& rTargetFrameName )
+{
+ OSL_ENSURE( !rURL.isEmpty(), "what should be loaded here?" );
+ if( rURL.isEmpty() )
+ return ;
+
+ // The shell could be 0 also!!!!!
+ if ( dynamic_cast<const SwCursorShell*>( &rVSh) == nullptr )
+ return;
+
+ //A CursorShell is always a WrtShell
+ SwWrtShell &rSh = static_cast<SwWrtShell&>(rVSh);
+
+ ::LoadURL(rSh.GetView(), rURL, nFilter, rTargetFrameName);
+}
+
void SwWrtShell::NavigatorPaste( const NaviContentBookmark& rBkmk,
const sal_uInt16 nAction )
{
--------------erAck-patch-parts--