File: do-not-trust-any-signature-on-repaired-package.diff

package info (click to toggle)
libreoffice 4%3A7.4.7-1%2Bdeb12u9
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,601,024 kB
  • sloc: cpp: 4,235,177; xml: 385,692; java: 273,650; python: 72,159; ansic: 36,750; perl: 31,520; javascript: 18,215; sh: 11,445; yacc: 10,839; makefile: 9,490; cs: 6,703; objc: 1,969; lex: 1,885; asm: 1,047; awk: 1,018; pascal: 940; php: 79; csh: 20; sed: 5
file content (79 lines) | stat: -rw-r--r-- 3,216 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
From 016eb8f0cd2effbe33ef5b144c33c74d4878155e Mon Sep 17 00:00:00 2001
From: Michael Stahl <michael.stahl@allotropia.de>
Date: Tue, 2 Jul 2024 13:24:38 +0200
Subject: sfx2: SfxObjectShell should not trust any signature on repaired
 package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171910
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
---
 sfx2/source/doc/objmisc.cxx |  6 ++++++
 sfx2/source/doc/objserv.cxx | 10 ++++++++++
 sfx2/source/doc/objstor.cxx |  2 ++
 3 files changed, 18 insertions(+)

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 97a0839a59dd..1e86b854f074 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -938,6 +938,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign )
 
 void SfxObjectShell::CheckSecurityOnLoading_Impl()
 {
+    if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE)
+    {   // safety first: don't run any macros from broken package.
+        pImpl->aMacroMode.disallowMacroExecution();
+        return; // do not get signature status - needs to be done after RepairPackage
+    }
+
     // make sure LO evaluates the macro signatures, so it can be preserved
     GetScriptingSignatureState();
 
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index f0bc6172ab1d..895bec13f0c0 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1837,6 +1837,16 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
 
         uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent );
         *pState = DocumentSignatures::getSignatureState(aInfos);
+
+        // repaired package cannot be trusted
+        if (*pState != SignatureState::NOSIGNATURES)
+        {
+            SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)};
+            if (pRepairItem && pRepairItem->GetValue())
+            {
+                *pState = SignatureState::BROKEN;
+            }
+        }
     }
 
     if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 9ef664d1cb2f..30b02aba97cc 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -380,6 +380,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl()
 {
     // only for internal use
     pImpl->m_xDocStorage.clear();
+    pImpl->nDocumentSignatureState = SignatureState::UNKNOWN;
+    pImpl->nScriptingSignatureState = SignatureState::UNKNOWN;
     pImpl->m_bIsInit = false;
     ResetError();
 }
-- 
cgit v1.2.3