rpms/libreoffice
7
0
Fork 0
Code Issues Pull Requests Releases Activity
7701f6609d
libreoffice/SOURCES/CVE-2019-9853.patch
CentOS Sources 7701f6609d import libreoffice-6.0.6.1-20.el8
2021-10-08 12:58:50 +00:00

90 lines
4.0 KiB
Diff
Raw Blame History

From 8f98c29cea1e46e5a2bcde10039840145776f56b Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Tue, 6 Aug 2019 13:29:22 +0200
Subject: [PATCH] Properly obtain location
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I9fb0d883a3623394343cd54ef61e5610544198c8
Reviewed-on: https://gerrit.libreoffice.org/77019
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit a9cde2557242a0c343d99533f3ee032599c66f42)
Reviewed-on: https://gerrit.libreoffice.org/77024
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
---
.../source/protocolhandler/scripthandler.cxx | 9 ++++++--
sfx2/source/doc/objmisc.cxx | 21 +++++++++++--------
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/scripting/source/protocolhandler/scripthandler.cxx b/scripting/source/protocolhandler/scripthandler.cxx
index f8ad8c7fd63d..332d4833a6f2 100644
--- a/scripting/source/protocolhandler/scripthandler.cxx
+++ b/scripting/source/protocolhandler/scripthandler.cxx
@@ -49,6 +49,7 @@
#include <com/sun/star/uno/XComponentContext.hpp>
#include <com/sun/star/uri/XUriReference.hpp>
+#include <com/sun/star/uri/XVndSunStarScriptUrlReference.hpp>
#include <com/sun/star/uri/UriReferenceFactory.hpp>
#include <memory>
@@ -135,8 +136,12 @@ void SAL_CALL ScriptProtocolHandler::dispatchWithNotification(
{
try
{
- bool bIsDocumentScript = ( aURL.Complete.indexOf( "document" ) !=-1 );
- // TODO: isn't this somewhat strange? This should be a test for a location=document parameter, shouldn't it?
+ css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+ css::uri::UriReferenceFactory::create(m_xContext));
+ css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+ urifac->parse(aURL.Complete), css::uno::UNO_QUERY_THROW);
+ auto const loc = uri->getParameter("location");
+ bool bIsDocumentScript = loc == "document";
if ( bIsDocumentScript )
{
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 9869f76606bf..08f4d8c21297 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1380,19 +1380,22 @@ ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& _rxScriptCon
SAL_INFO("sfx", "in CallXScript" );
ErrCode nErr = ERRCODE_NONE;
- bool bIsDocumentScript = ( _rScriptURL.indexOf( "location=document" ) >= 0 );
- // TODO: we should parse the URL, and check whether there is a parameter with this name.
- // Otherwise, we might find too much.
- if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
- return ERRCODE_IO_ACCESSDENIED;
-
- if ( UnTrustedScript(_rScriptURL) )
- return ERRCODE_IO_ACCESSDENIED;
-
bool bCaughtException = false;
Any aException;
try
{
+ css::uno::Reference<css::uri::XUriReferenceFactory> urifac(
+ css::uri::UriReferenceFactory::create(comphelper::getProcessComponentContext()));
+ css::uno::Reference<css::uri::XVndSunStarScriptUrlReference> uri(
+ urifac->parse(_rScriptURL), css::uno::UNO_QUERY_THROW);
+ auto const loc = uri->getParameter("location");
+ bool bIsDocumentScript = loc == "document";
+ if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( _rxScriptContext ) )
+ return ERRCODE_IO_ACCESSDENIED;
+
+ if ( UnTrustedScript(_rScriptURL) )
+ return ERRCODE_IO_ACCESSDENIED;
+
// obtain/create a script provider
Reference< provider::XScriptProvider > xScriptProvider;
Reference< provider::XScriptProviderSupplier > xSPS( _rxScriptContext, UNO_QUERY );
--
2.21.0
Reference in New Issue View Git Blame Copy Permalink