sfx2: SfxObjectShell should not trust any signature on repaired package

Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171910
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Gbp-Pq: Name do-not-trust-any-signature-on-repaired-package.diff

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 86f587c20bec603a5de15ac798dee03e7ceff8a0..17a6037520de5f0ed0b8ef46efe08d7ee8acf996 100644 (file)
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -937,6 +937,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign )
 
 void SfxObjectShell::CheckSecurityOnLoading_Impl()
 {
+    if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE)
+    {   // safety first: don't run any macros from broken package.
+        pImpl->aMacroMode.disallowMacroExecution();
+        return; // do not get signature status - needs to be done after RepairPackage
+    }
+
     // make sure LO evaluates the macro signatures, so it can be preserved
     GetScriptingSignatureState();
 

diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 3a6a0ceea2a83df316c407fb7362205ac9dcb513..47647ae5b231420d265be6eba5f7e4cb593635b3 100644 (file)
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1763,6 +1763,16 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
 
         uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent );
         *pState = DocumentSignatures::getSignatureState(aInfos);
+
+        // repaired package cannot be trusted
+        if (*pState != SignatureState::NOSIGNATURES)
+        {
+            SfxBoolItem const*const pRepairItem{GetMedium()->GetItemSet()->GetItem(SID_REPAIRPACKAGE, false)};
+            if (pRepairItem && pRepairItem->GetValue())
+            {
+                *pState = SignatureState::BROKEN;
+            }
+        }
     }
 
     if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED

diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 288b6a7ae6a95b5f1db247b8547a8983626cabf8..5dcc38e42a0da76d6cc0edc93c00674b823f95dc 100644 (file)
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -378,6 +378,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl()
 {
     // only for internal use
     pImpl->m_xDocStorage.clear();
+    pImpl->nDocumentSignatureState = SignatureState::UNKNOWN;
+    pImpl->nScriptingSignatureState = SignatureState::UNKNOWN;
     pImpl->m_bIsInit = false;
     ResetError();
 }