From: Stephan Bergmann Date: Mon, 21 Feb 2022 10:55:21 +0000 (+0100) Subject: From 5e8f64e50f97d39e83a3358697be14db03566878 Mon Sep 17 00:00:00 2001 From: Stephan... X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u11^2~23 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=18b015b56b5d96938c8fb6c6835dd3ac5d889181;p=libreoffice.git From 5e8f64e50f97d39e83a3358697be14db03566878 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann Date: Mon, 21 Feb 2022 11:55:21 +0100 Subject: CVE-2022-38745 Avoid unnecessary empty -Djava.class.path= Libreoffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. Debian-backport: use char szSep[] = {SAL_PATHSEPARATOR,0}; for building Ostring path separator. Change-Id: Idcfe7321077b60381c0273910b1faeb444ef1fd8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130242 Tested-by: Jenkins Reviewed-by: Stephan Bergmann bug: https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745 debian-bug-security: https://security-tracker.debian.org/tracker/CVE-2022-38745 Gbp-Pq: Name 0075-From-5e8f64e50f97d39e83a3358697be14db03566878-Mon-Se.patch --- diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx index d02a43edacb..201ce3e6ba3 100644 --- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx @@ -717,17 +717,23 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( // all versions below 1.5.1 options.emplace_back("abort", reinterpret_cast(abort_handler)); bool hasStackSize = false; +#ifdef UNX + // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) + // in the class path in order to have applet support: + OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); +#endif for (int i = 0; i < cOptions; i++) { OString opt(arOptions[i].optionString); + const char szSep[] = {SAL_PATHSEPARATOR,0}; #ifdef UNX - // Until java 1.5 we need to put a plugin.jar or javaplugin.jar (<1.4.2) - // in the class path in order to have applet support: if (opt.startsWith("-Djava.class.path=")) { - OString sAddPath = getPluginJarPath(pInfo->sVendor, pInfo->sLocation,pInfo->sVersion); if (!sAddPath.isEmpty()) - opt += OString(SAL_PATHSEPARATOR) + sAddPath; + { + opt += OString(szSep) + sAddPath; + sAddPath.clear(); + } } #endif if (opt == "-Xint") { @@ -772,6 +778,11 @@ javaPluginError jfw_plugin_startJavaVirtualMachine( } #endif } +#ifdef UNX + if (!sAddPath.isEmpty()) { + options.emplace_back("-Djava.class.path=" + sAddPath, nullptr); + } +#endif std::unique_ptr sarOptions(new JavaVMOption[options.size()]); for (std::vector