From fa3db9f378847967709a0b1d9b70808ac423e14a Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Tue, 2 Jul 2024 13:24:38 +0200 Subject: [PATCH] sfx2: SfxObjectShell should not trust any signature on repaired package MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit [ELTS] cast pointer like with similar code in context Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930 Reviewed-by: Caolán McNamara Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171910 Tested-by: Jenkins CollaboraOffice Reviewed-by: Miklos Vajna Gbp-Pq: Name do-not-trust-any-signature-on-repaired-package.diff --- sfx2/source/doc/objmisc.cxx | 6 ++++++ sfx2/source/doc/objserv.cxx | 10 ++++++++++ sfx2/source/doc/objstor.cxx | 2 ++ 3 files changed, 18 insertions(+) diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx index cd733bc8edb..b469c0b83e5 100644 --- a/sfx2/source/doc/objmisc.cxx +++ b/sfx2/source/doc/objmisc.cxx @@ -930,6 +930,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign ) void SfxObjectShell::CheckSecurityOnLoading_Impl() { + if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE) + { // safety first: don't run any macros from broken package. + pImpl->aMacroMode.disallowMacroExecution(); + return; // do not get signature status - needs to be done after RepairPackage + } + // make sure LO evaluates the macro signatures, so it can be preserved GetScriptingSignatureState(); diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx index 4f4eebd34a5..ef39cca1100 100644 --- a/sfx2/source/doc/objserv.cxx +++ b/sfx2/source/doc/objserv.cxx @@ -1629,6 +1629,16 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent ) uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent ); *pState = DocumentSignatures::getSignatureState(aInfos); + + // repaired package cannot be trusted + if (*pState != SignatureState::NOSIGNATURES) + { + SfxBoolItem const*const pRepairItem{SfxItemSet::GetItem(GetMedium()->GetItemSet(), SID_REPAIRPACKAGE, false)}; + if (pRepairItem && pRepairItem->GetValue()) + { + *pState = SignatureState::BROKEN; + } + } } if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index a336822aa54..1fca525c8e2 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -372,6 +372,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl() { // only for internal use pImpl->m_xDocStorage.clear(); + pImpl->nDocumentSignatureState = SignatureState::UNKNOWN; + pImpl->nScriptingSignatureState = SignatureState::UNKNOWN; pImpl->m_bIsInit = false; ResetError(); } -- 2.30.2