From: Caolán McNamara <caolanm@redhat.com>
Date: Mon, 11 May 2020 16:02:50 +0000 (+0100)
Subject: CVE-2020-12802 use the LinkManager persist to determine the Referer
X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u11^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6c6a4ce34360225d917e874015feb9b4f753038b;p=libreoffice.git

CVE-2020-12802 use the LinkManager persist to determine the Referer

LibreOffice has a ‘stealth mode’ in which only documents from locations deemed ‘trusted’
are allowed to retrieve remote resources. This mode is not the default mode,
but can be enabled by users who want to disable LibreOffice’s ability to include remote resources within a document.

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/94061
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit 3ee652e1c18186a5de47797aa4b02defcb29c210)

Conflicts:
	svx/source/svdraw/svdograf.cxx

Change-Id: I4e93878972492a93af368ffa0560412132431a24

origin: https://github.com/LibreOffice/core/commit/665258448af655f4b9da434ec29d380597b901e6.patch
bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2020-12802
bug: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802

Gbp-Pq: Name 0094-CVE-2020-12802-use-the-LinkManager-persist-to-determ.patch
---

diff --git a/svx/source/svdraw/svdograf.cxx b/svx/source/svdraw/svdograf.cxx
index 6b0b2bc7b44..0b1f788cd8b 100644
--- a/svx/source/svdraw/svdograf.cxx
+++ b/svx/source/svdraw/svdograf.cxx
@@ -19,8 +19,10 @@
 
 #include <unotools/streamwrap.hxx>
 
+#include <sfx2/docfile.hxx>
 #include <sfx2/lnkbase.hxx>
 #include <math.h>
+#include <sfx2/objsh.hxx>
 #include <tools/helpers.hxx>
 #include <sot/formats.hxx>
 #include <sot/storage.hxx>
@@ -228,8 +230,13 @@ void SdrGraphicLink::RemoveGraphicUpdater()
     {
         sfx2::LinkManager::GetDisplayNames( this, nullptr, &rGrafObj.aFileName, nullptr, &rGrafObj.aFilterName );
 
+        OUString sReferer(getReferer());
+        SfxObjectShell * sh = pLinkManager->GetPersist();
+        if (sh != nullptr && sh->HasName())
+            sReferer = sh->GetMedium()->GetName();
+
         Graphic aGraphic;
-        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, getReferer(), aGraphic))
+        if (sfx2::LinkManager::GetGraphicFromAny(rMimeType, rValue, sReferer, aGraphic))
         {
             rGrafObj.ImpSetLinkedGraphic(aGraphic);
         }