source

Caolán McNamara (via logerrit) Tue, 11 Jun 2019 04:39:53 -0700

 librelogo/source/LibreLogo/LibreLogo.py |   51 +++++++++++++++++++++++++++++++-
 sfx2/source/doc/objmisc.cxx             |   13 ++++++++
 2 files changed, 63 insertions(+), 1 deletion(-)


New commits:
commit 421afc1c6f65d2fff0946c2811ca214b75f230e0
Author:     Caolán McNamara <[email protected]>
AuthorDate: Fri Jun 7 14:04:07 2019 +0100
Commit:     Andras Timar <[email protected]>
CommitDate: Tue Jun 11 13:38:13 2019 +0200

    explictly exclude LibreLogo from XScript usage
    
    Change-Id: I567647f0e2f8b82e4ef2995c673abe82f4564228
    Reviewed-on: https://gerrit.libreoffice.org/73659
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>
    Tested-by: Caolán McNamara <[email protected]>

diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index a5e62da8c0a2..02d79c356e54 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -1347,6 +1347,16 @@ namespace
     }
 }
 
+namespace {
+
+// don't allow LibreLogo to be used with our mouseover/etc dom-alike events
+bool UnTrustedScript(const OUString& rScriptURL)
+{
+    return 
rScriptURL.startsWithIgnoreAsciiCase("vnd.sun.star.script:LibreLogo");
+}
+
+}
+
 ErrCode SfxObjectShell::CallXScript( const Reference< XInterface >& 
_rxScriptContext, const OUString& _rScriptURL,
     const Sequence< Any >& aParams, Any& aRet, Sequence< sal_Int16 >& 
aOutParamIndex, Sequence< Any >& aOutParam, bool bRaiseError, const 
css::uno::Any* pCaller )
 {
@@ -1359,6 +1369,9 @@ ErrCode SfxObjectShell::CallXScript( const Reference< 
XInterface >& _rxScriptCon
     if ( bIsDocumentScript && !lcl_isScriptAccessAllowed_nothrow( 
_rxScriptContext ) )
         return ERRCODE_IO_ACCESSDENIED;
 
+    if ( UnTrustedScript(_rScriptURL) )
+        return ERRCODE_IO_ACCESSDENIED;
+
     bool bCaughtException = false;
     Any aException;
     try
commit 39753f3908f53200c80b4c59a1926faaf16e41a2
Author:     László Németh <[email protected]>
AuthorDate: Thu Jun 6 14:25:32 2019 +0200
Commit:     Andras Timar <[email protected]>
CommitDate: Tue Jun 11 13:36:45 2019 +0200

    sanitize LibreLogo calls
    
    Change-Id: Ie4d9858e5b4b3e55ab08416fb9338d2df34ee5e1
    Reviewed-on: https://gerrit.libreoffice.org/73627
    Tested-by: Jenkins
    Reviewed-by: László Németh <[email protected]>

diff --git a/librelogo/source/LibreLogo/LibreLogo.py 
b/librelogo/source/LibreLogo/LibreLogo.py
index 96d2d131d32b..f501deec18d1 100644
--- a/librelogo/source/LibreLogo/LibreLogo.py
+++ b/librelogo/source/LibreLogo/LibreLogo.py
@@ -145,6 +145,7 @@ __LineStyle_DOTTED__ = 2
 class __Doc__:
     def __init__(self, doc):
         self.doc = doc
+        self.secure = False
         try:
             self.drawpage = doc.DrawPage # Writer
         except:
@@ -463,10 +464,58 @@ class LogoProgram(threading.Thread):
         self.code = code
         threading.Thread.__init__(self)
 
+    def secure(self):
+        # 0 = secure
+        if _.secure:
+            return 0
+
+        # 1 = forms, fields or embedded objects are forbidden
+        if _.doc.DrawPage.Forms.getCount() > 0 or 
_.doc.getTextFields().createEnumeration().hasMoreElements() or 
_.doc.getEmbeddedObjects().getCount() > 0:
+            return 1
+
+        # 2 = hyperlinks with script events
+        nodes = _.doc.Text.createEnumeration()
+        while nodes.hasMoreElements():
+            node = nodes.nextElement()
+            if node.supportsService("com.sun.star.text.Paragraph"):
+                portions = node.createEnumeration()
+                while portions.hasMoreElements():
+                    portion = portions.nextElement()
+                    if 
portion.PropertySetInfo.hasPropertyByName("HyperLinkEvents"):
+                        events = portion.getPropertyValue("HyperLinkEvents")
+                        for event in events.getElementNames():
+                            attributes = events.getByName(event)
+                            for attribute in attributes:
+                                if attribute.Name == "EventType" and 
attribute.Value == "Script":
+                                    return 2
+
+        # 2 = images with script events
+        images = _.doc.DrawPage.createEnumeration()
+        while images.hasMoreElements():
+            image = images.nextElement()
+            try:
+                events = image.Events
+                for event in events.getElementNames():
+                    attributes = events.getByName(event)
+                    for attribute in attributes:
+                        if attribute.Name == "EventType" and attribute.Value 
== "Script":
+                            return 2
+            except:
+                pass
+
+        _.secure = True
+        return 0
+
     def run(self):
         global __thread__
         try:
-            exec(self.code)
+            # check document security
+            secid = self.secure()
+            if secid > 0:
+                parent = _.doc.CurrentController.Frame.ContainerWindow
+                MessageBox(parent, "Document objects with%s script events" % 
[" possible", ""][secid-1], "LibreLogo program can't start", "errorbox")
+            else:
+                exec(self.code)
             if _.origcursor[0] and _.origcursor[1]:
                 __dispatcher__(".uno:Escape")
                 try:
_______________________________________________
Libreoffice-commits mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.0' - 2 commits - librelogo/source sfx2/source

Reply via email to