From: Stephan Bergmann <sbergman@redhat.com>
Date: Thu, 1 Sep 2022 15:33:51 +0000 (+0200)
Subject: CVE-2022-3140: Filter out unwanted command URIs
X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u11^2~25
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=22430b1d699ab011e45cba26c74c6bb13a957a87;p=libreoffice.git

CVE-2022-3140: Filter out unwanted command URIs

Change-Id: I0b7e5329af8cc053d14d5c60ec14fe7f364ef993
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139225
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

Conflicts:
	desktop/source/app/cmdlineargs.cxx

origin: https://github.com/LibreOffice/core/commit/6f60a85d71f1e160bf48ca4d23cd9c99677961a2.patch
bug-debian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140
bug: https://deb.freexian.com/extended-lts/tracker/CVE-2022-3140

Gbp-Pq: Name 0073-CVE-2022-3140-Filter-out-unwanted-command-URIs.patch
---

diff --git a/desktop/source/app/cmdlineargs.cxx b/desktop/source/app/cmdlineargs.cxx
index 490bf183de3..3280695c982 100644
--- a/desktop/source/app/cmdlineargs.cxx
+++ b/desktop/source/app/cmdlineargs.cxx
@@ -29,6 +29,7 @@
 #include <tools/stream.hxx>
 #include <vcl/svapp.hxx>
 #include <rtl/uri.hxx>
+#include <tools/urlobj.hxx>
 #include <rtl/ustring.hxx>
 #include <rtl/process.h>
 #include <comphelper/lok.hxx>
@@ -163,7 +164,14 @@ CommandLineEvent CheckOfficeURI(/* in,out */ OUString& arg, CommandLineEvent cur
     }
     if (nURIlen < 0)
         nURIlen = rest2.getLength();
-    arg = rest2.copy(0, nURIlen);
+    auto const uri = rest2.copy(0, nURIlen);
+    if (INetURLObject(uri).GetProtocol() == INetProtocol::Macro) {
+        // Let the "Open" machinery process the full command URI (leading to failure, by intention,
+        // as the "Open" machinery does not know about those command URI schemes):
+        curEvt = CommandLineEvent::Open;
+    } else {
+        arg = uri;
+    }
     return curEvt;
 }