From: Caolán McNamara <caolanm@redhat.com>
Date: Wed, 23 Mar 2022 13:03:30 +0000 (+0000)
Subject: CVE-2022-26306, CVE-2022-26307: add infobar to prompt to refresh to replace old format
X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u8^2~7
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=abe0c2562ddb668ce508787ef9b0442029eed50c;p=libreoffice.git

CVE-2022-26306, CVE-2022-26307: add infobar to prompt to refresh to replace old format

This patch ask an user to replace old format thus partially closing CVE-2022-26306, CVE-2022-26307

Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131976
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit bbd196ff82bda9f66b4ba32a412f10cefe6da60e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132307
Reviewed-by: Sophie Gautier <sophi@libreoffice.org>
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
(cherry picked from commit c5d01b11db3c83cb4a89d3b388d78e20dd3990b5)

(cherry picked from commit df05d27336927373bf83664a90156fbe505fc546)

Change-Id: Id99cbf2b50a4ebf289dae6fc67e22e20afcda35b
origin: https://github.com/LibreOffice/core/commit/cedd8063fed50cfd75fa3c69c4c87e2ae79b944d.patch

Gbp-Pq: Name 0068-CVE-2022-26306-CVE-2022-26307-add-infobar-to-prompt-.patch
---

diff --git a/include/sfx2/strings.hrc b/include/sfx2/strings.hrc
index e2de56b5376..6861775db09 100644
--- a/include/sfx2/strings.hrc
+++ b/include/sfx2/strings.hrc
@@ -263,6 +263,8 @@
 #define STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK   NC_("STR_SIGNATURE_NOTVALIDATED_PARTIAL_OK", "The certificate could not be validated and the document is only partially signed.")
 #define STR_SIGNATURE_OK                        NC_("STR_SIGNATURE_OK", "This document is digitally signed and the signature is valid.")
 #define STR_SIGNATURE_SHOW                      NC_("STR_SIGNATURE_SHOW", "Show Signatures")
+#define STR_REFRESH_MASTER_PASSWORD             NC_("STR_REFRESH_MASTER_PASSWORD", "The master password is stored in an outdated format, you should refresh it")
+#define STR_REFRESH_PASSWORD                    NC_("STR_REFRESH_PASSWORD", "Refresh Password")
 
 #define STR_CLOSE_PANE                          NC_("STR_CLOSE_PANE", "Close Pane")
 #define STR_SFX_DOCK                            NC_("STR_SFX_DOCK", "Dock")
diff --git a/include/sfx2/viewfrm.hxx b/include/sfx2/viewfrm.hxx
index 3fafd9e1762..6a17fa9f9bb 100644
--- a/include/sfx2/viewfrm.hxx
+++ b/include/sfx2/viewfrm.hxx
@@ -79,6 +79,7 @@ protected:
     DECL_LINK(GetInvolvedHandler, Button*, void);
     DECL_LINK(SwitchReadOnlyHandler, Button*, void);
     DECL_LINK(SignDocumentHandler, Button*, void);
+    DECL_DLLPRIVATE_LINK(RefreshMasterPasswordHdl, Button*, void);
     SAL_DLLPRIVATE void KillDispatcher_Impl();
 
     virtual                 ~SfxViewFrame() override;
diff --git a/sfx2/source/view/viewfrm.cxx b/sfx2/source/view/viewfrm.cxx
index 510e7238a41..2fc204e6791 100644
--- a/sfx2/source/view/viewfrm.cxx
+++ b/sfx2/source/view/viewfrm.cxx
@@ -29,6 +29,7 @@
 #include <com/sun/star/frame/XLoadable.hpp>
 #include <com/sun/star/frame/XLayoutManager.hpp>
 #include <com/sun/star/frame/XComponentLoader.hpp>
+#include <com/sun/star/task/PasswordContainer.hpp>
 #include <officecfg/Office/Common.hxx>
 #include <officecfg/Setup.hxx>
 #include <toolkit/helper/vclunohelper.hxx>
@@ -1228,6 +1229,24 @@ void SfxViewFrame::Notify( SfxBroadcaster& /*rBC*/, const SfxHint& rHint )
                     batch->commit();
                 }
 
+                if (officecfg::Office::Common::Passwords::HasMaster::get() &&
+                    officecfg::Office::Common::Passwords::StorageVersion::get() == 0)
+                {
+                    // master password stored in deprecated format
+                    VclPtr<SfxInfoBarWindow> pOldMasterPasswordInfoBar =
+                        AppendInfoBar("oldmasterpassword",
+                                      SfxResId(STR_REFRESH_MASTER_PASSWORD), InfoBarType::Danger);
+                    if (pOldMasterPasswordInfoBar)
+                    {
+                        VclPtrInstance<PushButton> const xBtn(&GetWindow());
+                        xBtn->SetText(SfxResId(STR_REFRESH_PASSWORD));
+                        xBtn->SetSizePixel(xBtn->GetOptimalSize());
+                        xBtn->SetClickHdl(LINK(this,
+                           SfxViewFrame, RefreshMasterPasswordHdl));
+                        pOldMasterPasswordInfoBar->addButton(xBtn);
+                    }
+                }
+
                 // read-only infobar if necessary
                 const SfxViewShell *pVSh;
                 const SfxShell *pFSh;
@@ -1379,6 +1398,27 @@ IMPL_LINK_NOARG(SfxViewFrame, SignDocumentHandler, Button*, void)
     GetDispatcher()->Execute(SID_SIGNATURE);
 }
 
+IMPL_LINK_NOARG(SfxViewFrame, RefreshMasterPasswordHdl, Button*, void)
+{
+    bool bChanged = false;
+    try
+    {
+        Reference< task::XPasswordContainer2 > xMasterPasswd(
+            task::PasswordContainer::create(comphelper::getProcessComponentContext()));
+
+        css::uno::Reference<css::frame::XFrame> xFrame = GetFrame().GetFrameInterface();
+        css::uno::Reference<css::awt::XWindow> xContainerWindow = xFrame->getContainerWindow();
+
+        uno::Reference<task::XInteractionHandler> xTmpHandler(task::InteractionHandler::createWithParent(comphelper::getProcessComponentContext(),
+                                                              xContainerWindow));
+        bChanged = xMasterPasswd->changeMasterPassword(xTmpHandler);
+    }
+    catch (const Exception&)
+    {}
+    if (bChanged)
+        RemoveInfoBar(u"oldmasterpassword");
+}
+
 void SfxViewFrame::Construct_Impl( SfxObjectShell *pObjSh )
 {
     m_pImpl->bResizeInToOut = true;