[2/6] CVE-2023-6186 add some protocols that don't make sense as floating frame targets

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158901
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
(cherry picked from commit 73e90d15c48a8f148e4e8f024cdf1b397efbcc53)
(cherry picked from commit b35aa37a5d1f32a419e7f311e415615808731acd)
(cherry picked from commit 421be99a6b101ac4ec91ad95b48c50fa17e47d36)
(cherry picked from commit fa390145228c9b9a044698fe4b7636c05210fda3)
(cherry picked from commit e549b65636b31971d8fb7fafc92e683bdef35cb6)
(cherry picked from commit eb42c9ad6473fb84fb5c02e522efe01e68e3ce43)
(cherry picked from commit adb38d113f86b9972b2a3aa9fa67620f854526fa)

Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9

Gbp-Pq: Name 0083-2-6-CVE-2023-6186-add-some-protocols-that-don-t-make.patch

diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx
index 6abb875ff18ff9d97817292a2b324ce4384462fc..512505a0308546a30a161c315a4ec3b80ce658c3 100644 (file)
--- a/include/tools/urlobj.hxx
+++ b/include/tools/urlobj.hxx
@@ -946,6 +946,11 @@ public:
 
     void changeScheme(INetProtocol eTargetScheme);
 
+    // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot,
+    // vnd.sun.star.script, etc. All the types of URLs which shouldn't
+    // be accepted from an outside controlled source
+    bool IsExoticProtocol() const;
+
 private:
     // General Structure:
 

diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx
index 0cb8f96951df73b3dea318e75453dba3860fbd78..137d05f3d16484f04803b1db331aabae2909cd89 100644 (file)
--- a/sfx2/source/doc/iframe.cxx
+++ b/sfx2/source/doc/iframe.cxx
@@ -38,6 +38,7 @@
 #include <rtl/ref.hxx>
 #include <svtools/miscopt.hxx>
 #include <svl/ownlist.hxx>
+#include <sal/log.hxx>
 #include <svl/itemprop.hxx>
 #include <sfx2/docfile.hxx>
 #include <sfx2/frmdescr.hxx>
@@ -168,8 +169,11 @@ sal_Bool SAL_CALL IFrameObject::load(
         xTrans->parseStrict( aTargetURL );
 
         INetURLObject aURLObject(aTargetURL.Complete);
-        if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script"))
+        if (aURLObject.IsExoticProtocol())
+        {
+            SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete);
             return false;
+        }
 
         uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator();
         SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame);

diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index efa4c48d5a94f6d66de01806befa1ca0409e520e..de34ff30642193e02efbd46bac578375b9fcc28c 100644 (file)
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4957,4 +4957,12 @@ OUString INetURLObject::CutExtension()
         ? aTheExtension : OUString();
 }
 
+bool INetURLObject::IsExoticProtocol() const
+{
+    return m_eScheme == INetProtocol::Slot ||
+           m_eScheme == INetProtocol::Macro ||
+           m_eScheme == INetProtocol::Uno ||
+           isSchemeEqualTo(u"vnd.sun.star.script");
+}
+
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */