[PATCH] look at 'embedded' protocols too

Change-Id: Ie99f5f5a390639bdc69397c831e0a32594a5030c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177981
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 59891cd3985469bc44dbd05c9fc704eeb07f0c78)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/177987
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
(cherry picked from commit b63aa51c55244ee67410201fa5e7c003427b1009)

origin: https://github.com/LibreOffice/core/commit/4915889ab56bc946264c257391ba6eeedfdfad95
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426

Gbp-Pq: Name CVE-2024-12426_3.patch

diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 6bb5c70ba475843dc51a2061ec32f1baf3c94f28..ef2345c292319de40183afb10215c283a81814ad 100644 (file)
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4762,12 +4762,21 @@ OUString INetURLObject::CutExtension()
 
 bool INetURLObject::IsExoticProtocol() const
 {
-    return m_eScheme == INetProtocol::Slot ||
-           m_eScheme == INetProtocol::Macro ||
-           m_eScheme == INetProtocol::Uno ||
-           m_eScheme == INetProtocol::VndSunStarExpand ||
-           isSchemeEqualTo(u"vnd.sun.star.script") ||
-           isSchemeEqualTo(u"service");
+    if (m_eScheme == INetProtocol::Slot ||
+        m_eScheme == INetProtocol::Macro ||
+        m_eScheme == INetProtocol::Uno ||
+        m_eScheme == INetProtocol::VndSunStarExpand ||
+        isSchemeEqualTo(u"vnd.sun.star.script") ||
+        isSchemeEqualTo(u"service"))
+    {
+        return true;
+    }
+    if (isSchemeEqualTo(u"vnd.sun.star.pkg") || isSchemeEqualTo(u"vnd.sun.star.zip"))
+    {
+        OUString sPayloadURL = GetURLPath(INetURLObject::DecodeMechanism::WithCharset);
+        return sPayloadURL.startsWith(u"//") && INetURLObject(sPayloadURL.subView(2)).IsExoticProtocol();
+    }
+    return false;
 }
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */