From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Fri, 15 Nov 2024 12:30:39 +0000 (+0000)
Subject: [PATCH] consider VndSunStarExpand an exotic protocol
X-Git-Tag: archive/raspbian/1%7.0.4-4+rpi1+deb11u13^2~6
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c2e7e0b319080e2e6575deba2cba96c9341c147a;p=libreoffice.git

[PATCH] consider VndSunStarExpand an exotic protocol

and generally don't bother with it when fetching data
from urls

Change-Id: I51a2601c6fb7d6c32f9e2d1286ee0d3b05b370b9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176797
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit d6c89af2598e866aa9cb4fa3600691fb558befdb)

origin: https://github.com/LibreOffice/core/commit/a22d185ef7d141676e8a4db15471bfe6d283cb8c
bug: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426

Gbp-Pq: Name CVE-2024-12426_2.patch
---

diff --git a/avmedia/source/viewer/mediawindow_impl.cxx b/avmedia/source/viewer/mediawindow_impl.cxx
index 98f867e4e4e..37d7b372a2d 100644
--- a/avmedia/source/viewer/mediawindow_impl.cxx
+++ b/avmedia/source/viewer/mediawindow_impl.cxx
@@ -168,16 +168,19 @@ void MediaWindowImpl::dispose()
 
 uno::Reference<media::XPlayer> MediaWindowImpl::createPlayer(const OUString& rURL, const OUString& rReferer, const OUString* pMimeType)
 {
-    uno::Reference<media::XPlayer> xPlayer;
-
     if( rURL.isEmpty() )
-        return xPlayer;
+        return nullptr;
 
     if (SvtSecurityOptions().isUntrustedReferer(rReferer))
     {
-        return xPlayer;
+        return nullptr;
     }
 
+    if (INetURLObject(rURL).IsExoticProtocol())
+        return nullptr;
+
+    uno::Reference<media::XPlayer> xPlayer;
+
     if (!pMimeType || *pMimeType == AVMEDIA_MIMETYPE_COMMON)
     {
         uno::Reference<uno::XComponentContext> xContext(::comphelper::getProcessComponentContext());
diff --git a/editeng/source/items/frmitems.cxx b/editeng/source/items/frmitems.cxx
index d931ed6f839..0e478a2c5df 100644
--- a/editeng/source/items/frmitems.cxx
+++ b/editeng/source/items/frmitems.cxx
@@ -3118,6 +3118,13 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
             return nullptr;
         }
 
+        INetURLObject aGraphicURL( maStrLink );
+        if (aGraphicURL.IsExoticProtocol())
+        {
+            SAL_WARN("editeng", "Ignore exotic protocol: " << maStrLink);
+            return nullptr;
+        }
+
         // tdf#94088 prepare graphic and state
         Graphic aGraphic;
         bool bGraphicLoaded = false;
@@ -3138,8 +3145,6 @@ const GraphicObject* SvxBrushItem::GetGraphicObject(OUString const & referer) co
         // a 'data:' scheme url and try to load that (embedded graphics)
         if(!bGraphicLoaded)
         {
-            INetURLObject aGraphicURL( maStrLink );
-
             if( INetProtocol::Data == aGraphicURL.GetProtocol() )
             {
                 std::unique_ptr<SvMemoryStream> const xMemStream(aGraphicURL.getData());
diff --git a/embeddedobj/source/commonembedding/persistence.cxx b/embeddedobj/source/commonembedding/persistence.cxx
index 3e4ab0dd989..b7932426b46 100644
--- a/embeddedobj/source/commonembedding/persistence.cxx
+++ b/embeddedobj/source/commonembedding/persistence.cxx
@@ -51,6 +51,7 @@
 #include <comphelper/storagehelper.hxx>
 #include <comphelper/mimeconfighelper.hxx>
 #include <comphelper/namedvaluecollection.hxx>
+#include <tools/urlobj.hxx>
 
 #include <tools/diagnose_ex.h>
 #include <sal/log.hxx>
@@ -369,6 +370,13 @@ uno::Reference< util::XCloseable > OCommonEmbeddedObject::LoadLink_Impl()
 
     sal_Int32 nLen = 2;
     uno::Sequence< beans::PropertyValue > aArgs( nLen );
+
+    if (INetURLObject(m_aLinkURL).IsExoticProtocol())
+    {
+        SAL_WARN("embeddedobj.common", "Ignore exotic protocol: " << m_aLinkURL);
+        return nullptr;
+    }
+
     aArgs[0].Name = "URL";
     aArgs[0].Value <<= m_aLinkURL;
     aArgs[1].Name = "FilterName";
diff --git a/forms/source/component/ImageControl.cxx b/forms/source/component/ImageControl.cxx
index 98a8acd7404..e73ec5e9f57 100644
--- a/forms/source/component/ImageControl.cxx
+++ b/forms/source/component/ImageControl.cxx
@@ -392,7 +392,7 @@ bool OImageControlModel::impl_updateStreamForURL_lck( const OUString& _rURL, Val
 {
     OUString referer;
     getPropertyValue("Referer") >>= referer;
-    if (SvtSecurityOptions().isUntrustedReferer(referer)) {
+    if (SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol()) {
         return false;
     }
 
diff --git a/forms/source/component/clickableimage.cxx b/forms/source/component/clickableimage.cxx
index a8c63050813..0b9a4a365e4 100644
--- a/forms/source/component/clickableimage.cxx
+++ b/forms/source/component/clickableimage.cxx
@@ -743,7 +743,7 @@ namespace frm
 
         // the SfxMedium is not allowed to be created with an invalid URL, so we have to check this first
         INetURLObject aUrl(rURL);
-        if (INetProtocol::NotValid == aUrl.GetProtocol())
+        if (INetProtocol::NotValid == aUrl.GetProtocol() || aUrl.IsExoticProtocol())
             // we treat an invalid URL like we would treat no URL
             return;
 
diff --git a/sfx2/source/appl/linkmgr2.cxx b/sfx2/source/appl/linkmgr2.cxx
index 8245f6da66e..82e297043e0 100644
--- a/sfx2/source/appl/linkmgr2.cxx
+++ b/sfx2/source/appl/linkmgr2.cxx
@@ -524,8 +524,11 @@ bool LinkManager::GetGraphicFromAny(const OUString& rMimeType,
             sReferer = sh->GetMedium()->GetName();
 
         OUString sURL = rValue.get<OUString>();
-        if (!SvtSecurityOptions().isUntrustedReferer(sReferer))
+        if (!SvtSecurityOptions().isUntrustedReferer(sReferer) &&
+            !INetURLObject(sURL).IsExoticProtocol())
+        {
             rGraphic = vcl::graphic::loadFromURL(sURL, pParentWin);
+        }
         if (rGraphic.IsNone())
             rGraphic.SetDefaultType();
         rGraphic.setOriginURL(sURL);
diff --git a/sw/source/filter/html/htmlgrin.cxx b/sw/source/filter/html/htmlgrin.cxx
index 11ac33e698d..85bfd32434a 100644
--- a/sw/source/filter/html/htmlgrin.cxx
+++ b/sw/source/filter/html/htmlgrin.cxx
@@ -642,7 +642,8 @@ IMAGE_SETEVENT:
 
     // bPercentWidth / bPercentHeight means we have a percent size.  If that's not the case and we have no
     // size from nWidth / nHeight either, then inspect the image header.
-    if ((!bPercentWidth && !nWidth) && (!bPercentHeight && !nHeight) && allowAccessLink(*m_xDoc))
+    if ((!bPercentWidth && !nWidth) && (!bPercentHeight && !nHeight) && allowAccessLink(*m_xDoc) &&
+        !aGraphicURL.IsExoticProtocol())
     {
         GraphicDescriptor aDescriptor(aGraphicURL);
         if (aDescriptor.Detect(/*bExtendedInfo=*/true))
diff --git a/toolkit/source/controls/unocontrols.cxx b/toolkit/source/controls/unocontrols.cxx
index 0972ae679cf..d350d5a04d5 100644
--- a/toolkit/source/controls/unocontrols.cxx
+++ b/toolkit/source/controls/unocontrols.cxx
@@ -33,6 +33,7 @@
 #include <toolkit/controls/unocontrols.hxx>
 #include <toolkit/helper/property.hxx>
 #include <helper/servicenames.hxx>
+#include <tools/urlobj.hxx>
 #include <toolkit/helper/macros.hxx>
 #include <unotools/securityoptions.hxx>
 
@@ -68,7 +69,7 @@ css::uno::Reference< css::graphic::XGraphic >
 ImageHelper::getGraphicFromURL_nothrow( const OUString& _rURL, OUString const & referer )
 {
     uno::Reference< graphic::XGraphic > xGraphic;
-    if ( _rURL.isEmpty() || SvtSecurityOptions().isUntrustedReferer(referer) )
+    if ( _rURL.isEmpty() || SvtSecurityOptions().isUntrustedReferer(referer) || INetURLObject(_rURL).IsExoticProtocol())
         return xGraphic;
 
     try
diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx
index 6af99a7b262..6bb5c70ba47 100644
--- a/tools/source/fsys/urlobj.cxx
+++ b/tools/source/fsys/urlobj.cxx
@@ -4765,6 +4765,7 @@ bool INetURLObject::IsExoticProtocol() const
     return m_eScheme == INetProtocol::Slot ||
            m_eScheme == INetProtocol::Macro ||
            m_eScheme == INetProtocol::Uno ||
+           m_eScheme == INetProtocol::VndSunStarExpand ||
            isSchemeEqualTo(u"vnd.sun.star.script") ||
            isSchemeEqualTo(u"service");
 }
diff --git a/unotools/source/misc/mediadescriptor.cxx b/unotools/source/misc/mediadescriptor.cxx
index 7f8f4e3c378..cf4d3cb6f96 100644
--- a/unotools/source/misc/mediadescriptor.cxx
+++ b/unotools/source/misc/mediadescriptor.cxx
@@ -601,6 +601,9 @@ bool MediaDescriptor::impl_openStreamWithPostData( const css::uno::Reference< cs
 /*-----------------------------------------------*/
 bool MediaDescriptor::impl_openStreamWithURL( const OUString& sURL, bool bLockFile )
 {
+    if (INetURLObject(sURL).IsExoticProtocol())
+        return false;
+
     OUString referer(getUnpackedValueOrDefault(PROP_REFERRER(), OUString()));
     if (SvtSecurityOptions().isUntrustedReferer(referer)) {
         return false;
diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx
index 9593847dd27..2dafd0d03c7 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -967,10 +967,16 @@ ErrCode GraphicFilter::CanImportGraphic( const OUString& rMainUrl, SvStream& rIS
 ErrCode GraphicFilter::ImportGraphic( Graphic& rGraphic, const INetURLObject& rPath,
                                      sal_uInt16 nFormat, sal_uInt16 * pDeterminedFormat, GraphicFilterImportFlags nImportFlags )
 {
-    ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
     SAL_WARN_IF( rPath.GetProtocol() == INetProtocol::NotValid, "vcl.filter", "GraphicFilter::ImportGraphic() : ProtType == INetProtocol::NotValid" );
 
     OUString    aMainUrl( rPath.GetMainURL( INetURLObject::DecodeMechanism::NONE ) );
+    if (rPath.IsExoticProtocol())
+    {
+        SAL_WARN("vcl.filter", "GraphicFilter::ImportGraphic(), ignore exotic protocol: " << aMainUrl);
+        return ERRCODE_GRFILTER_FORMATERROR;
+    }
+
+    ErrCode nRetValue = ERRCODE_GRFILTER_FORMATERROR;
     std::unique_ptr<SvStream> xStream(::utl::UcbStreamHelper::CreateStream( aMainUrl, StreamMode::READ | StreamMode::SHARE_DENYNONE ));
     if (xStream)
     {