From: Caolán McNamara Date: Wed, 22 Nov 2023 21:14:41 +0000 (+0000) Subject: [6/6] CVE-2023-6186 reuse AllowedLinkProtocolFromDocument in impress/draw X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u11^2~5 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f9236906bfbb47e6ceabe10db0c16b0a06bf6062;p=libreoffice.git [6/6] CVE-2023-6186 reuse AllowedLinkProtocolFromDocument in impress/draw Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159843 Tested-by: Jenkins Reviewed-by: Caolán McNamara (cherry picked from commit f0942eed2eb328b04856f20613f5226d66b66a20) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159759 Reviewed-by: Michael Stahl Signed-off-by: Xisco Fauli Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159884 Reviewed-by: Miklos Vajna (cherry picked from commit 569fa7f755718a06f23d25b2132bf0400cec7a0f) (cherry picked from commit b60bd2dddc4b9d6d60615d61051a9f9ee5410851) (cherry picked from commit 8b244a0ce8a9170a1fd61e19a0c943230a741fbe) (cherry picked from commit 87535988868baac08173fc826dbb6c6cbdf91dd4) (cherry picked from commit fd809982a280218046ab7e6e6d24492420143e6c) (cherry picked from commit 56dd18f55d14939a1d5697e8580efd580bae0da7) (cherry picked from commit 5aa0ae5fffe3a6f98e2ae4a677a20a8f95d3eed3) (cherry picked from commit d0263e4735d37e52184e6e46c3c1405de9400e08) (cherry picked from commit 13a3d545f3095ff34a6765b0597e44afdb19de11) Change-Id: I73ca4f087946a45dbf92d69a0dc1e769de9b5690 origin: https://github.com/LibreOffice/core/commit/f67bb3e4edc067e3b4c8ac93af29b56adb551c49 Gbp-Pq: Name 0093-6-6-CVE-2023-6186-reuse-AllowedLinkProtocolFromDocum.patch --- diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx index 56f9eb41cd8..4deebc30952 100644 --- a/sd/source/ui/app/sdmod1.cxx +++ b/sd/source/ui/app/sdmod1.cxx @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -206,26 +207,32 @@ void SdModule::Execute(SfxRequest& rReq) { bool bIntercept = false; ::sd::DrawDocShell* pDocShell = dynamic_cast< ::sd::DrawDocShell *>( SfxObjectShell::Current() ); - if (pDocShell) + ::sd::ViewShell* pViewShell = pDocShell ? pDocShell->GetViewShell() : nullptr; + if (pViewShell) { - ::sd::ViewShell* pViewShell = pDocShell->GetViewShell(); - if (pViewShell) + if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) ) { - if( sd::SlideShow::IsRunning( pViewShell->GetViewShellBase() ) ) + // Prevent documents from opening while the slide + // show is running, except when this request comes + // from a shape interaction. + if (rReq.GetArgs() == nullptr) { - // Prevent documents from opening while the slide - // show is running, except when this request comes - // from a shape interaction. - if (rReq.GetArgs() == nullptr) - { - bIntercept = true; - } + bIntercept = true; } } } if (!bIntercept) { + if (const SfxStringItem* pURLItem = rReq.GetArg(SID_FILE_NAME)) + { + if (!pViewShell || !SfxObjectShell::AllowedLinkProtocolFromDocument(pURLItem->GetValue(), + pViewShell->GetObjectShell(), + pViewShell->GetFrameWeld())) + { + return; + } + } SfxGetpApp()->ExecuteSlot(rReq, SfxGetpApp()->GetInterface()); } else