CVE-2022-3140: Filter out unwanted command URIs

Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Conflicts:
	desktop/source/app/cmdlineargs.cxx

origin: https://github.com/LibreOffice/core/commit/6f60a85d71f1e160bf48ca4d23cd9c99677961a2.patch
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0073-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch

diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
index 490bf183de33f800fe48e57e90d65456d474a9a8..3280695c98297eb0b42aa64800aba6fca5a262ec 100644 (file)
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -29,6 +29,7 @@
 #include <tools/stream.hxx>
 #include <vcl/svapp.hxx>
 #include <rtl/uri.hxx>
+#include <tools/urlobj.hxx>
 #include <rtl/ustring.hxx>
 #include <rtl/process.h>
 #include <comphelper/lok.hxx>
@@ -163,7 +164,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
     }
     if (nURIlen < 0)
         nURIlen = rest2.getLength();
-    arg = rest2.copy(0, nURIlen);
+    auto const uri = rest2.copy(0, nURIlen);
+    if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+        // Let the "Open" machinery process the full command URI (leading to failure, by intention,
+        // as the "Open" machinery does not know about those command URI schemes):
+        curEvt = CommandLineEvent::Open;
+    } else {
+        arg = uri;
+    }
     return curEvt;
 }