sfx2/source/doc/docmacromode.cxx | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)
New commits: commit 5aed270403d4818c9c5a6b9879e799185759b347 Author: Mike Kaganski <[email protected]> AuthorDate: Wed Nov 8 11:57:17 2023 +0300 Commit: Miklos Vajna <[email protected]> CommitDate: Mon Nov 13 09:30:43 2023 +0100 tdf#158090: Do not auto-reject SignatureState::BROKEN in ALWAYS_EXECUTE case It doesn't make sense to silently reject it here, but e.g., allow the confirmation dialog for SignatureState::INVALID case; also, it was only possible to get a silent execution of BROKEN-signature macros (in Low security mode) vs. silent reject (in all higher modes) - which was not good security-wise. Now it will result in the usual confirmation dialog in Medium security mode. Both BROKEN and INVALID signature states are made sure to not allow automatically depending on the Windows Security Zone. Change-Id: I41b0fc96b6bd00e960ae612e79fa1f0f1e06a069 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159153 Tested-by: Jenkins Reviewed-by: Mike Kaganski <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159275 Reviewed-by: Xisco Fauli <[email protected]> diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx index 9fe9517cae73..7381d45d66ed 100644 --- a/sfx2/source/doc/docmacromode.cxx +++ b/sfx2/source/doc/docmacromode.cxx @@ -164,6 +164,7 @@ namespace sfx2 if ( nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE_NO_WARN ) return allowMacroExecution(); + SignatureState nSignatureState = SignatureState::UNKNOWN; const OUString sURL(m_xData->m_rDocumentAccess.getDocumentLocation()); try { @@ -188,7 +189,7 @@ namespace sfx2 // check whether the document is signed with trusted certificate if ( nMacroExecutionMode != MacroExecMode::FROM_LIST ) { - SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState(); + nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState(); if (!bHasValidContentSignature && (nMacroExecutionMode == MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN @@ -217,11 +218,7 @@ namespace sfx2 || !SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors)); const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUI ? rxInteraction : nullptr); - if ( nSignatureState == SignatureState::BROKEN ) - { - return disallowMacroExecution(); - } - else if ( bHasTrustedMacroSignature ) + if (bHasTrustedMacroSignature) { // there is trusted macro signature, allow macro execution return allowMacroExecution(); @@ -234,6 +231,8 @@ namespace sfx2 // FROM_LIST_AND_SIGNED_WARN and ALWAYS_EXECUTE return disallowMacroExecution(); } + // Other values of nSignatureState would result in either rejected macros + // (FROM_LIST_AND_SIGNED_*), or a confirmation. } } catch ( const Exception& ) @@ -295,7 +294,10 @@ namespace sfx2 case 0: // Ask break; case 1: // Allow - return allowMacroExecution(); + if (nSignatureState != SignatureState::BROKEN + && nSignatureState != SignatureState::INVALID) + return allowMacroExecution(); + break; case 2: // Deny return disallowMacroExecution(); }
