Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
home:dirkmueller:acdc:as_python3_module
libreoffice
CVE-2023-6186-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-6186-1.patch of Package libreoffice
From bab433911bdecb344f7ea94dbd00690241a08c54 Mon Sep 17 00:00:00 2001 From: Caolán McNamara <caolan.mcnamara@collabora.com> Date: Fri, 03 Nov 2023 17:14:26 +0000 Subject: [PATCH] add some protocols that don't make sense as floating frame targets Change-Id: Id900a5eef248731d1184c1df501a2cf7a2de7eb9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158910 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> (cherry picked from commit 11ebdfef16501c6d35c3e3d0d62507f706557c71) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158900 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> --- diff --git a/include/tools/urlobj.hxx b/include/tools/urlobj.hxx index 9d6820d..dfd6587 100644 --- a/include/tools/urlobj.hxx +++ b/include/tools/urlobj.hxx @@ -915,6 +915,11 @@ void changeScheme(INetProtocol eTargetScheme); + // INetProtocol::Macro, INetProtocol::Uno, INetProtocol::Slot, + // vnd.sun.star.script, etc. All the types of URLs which shouldn't + // be accepted from an outside controlled source + bool IsExoticProtocol() const; + private: // General Structure: diff --git a/sfx2/source/doc/iframe.cxx b/sfx2/source/doc/iframe.cxx index 507256a..4429136 100644 --- a/sfx2/source/doc/iframe.cxx +++ b/sfx2/source/doc/iframe.cxx @@ -169,8 +169,11 @@ xTrans->parseStrict( aTargetURL ); INetURLObject aURLObject(aTargetURL.Complete); - if (aURLObject.GetProtocol() == INetProtocol::Macro || aURLObject.isSchemeEqualTo(u"vnd.sun.star.script")) + if (aURLObject.IsExoticProtocol()) + { + SAL_WARN("sfx", "IFrameObject::load ignoring: " << aTargetURL.Complete); return false; + } uno::Reference<frame::XFramesSupplier> xParentFrame = xFrame->getCreator(); SfxObjectShell* pDoc = SfxMacroLoader::GetObjectShell(xParentFrame); diff --git a/tools/source/fsys/urlobj.cxx b/tools/source/fsys/urlobj.cxx index ae5e0779..cb74986 100644 --- a/tools/source/fsys/urlobj.cxx +++ b/tools/source/fsys/urlobj.cxx @@ -4880,4 +4880,12 @@ ? aTheExtension : OUString(); } +bool INetURLObject::IsExoticProtocol() const +{ + return m_eScheme == INetProtocol::Slot || + m_eScheme == INetProtocol::Macro || + m_eScheme == INetProtocol::Uno || + isSchemeEqualTo(u"vnd.sun.star.script"); +} + /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor