rhbz#1575000 CVE-2018-10583 allow embedded links to smb resources...

to be blocked via tools->options->security->options->block any link...
f41
Caolán McNamara 7 years ago
parent 3e15c4f77d
commit f13cc9a33f

@ -0,0 +1,48 @@
From cd25a97bbadc0a5c1fd6b0e8603c8b6ebd051926 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 1 May 2018 12:57:02 +0100
Subject: [PATCH] set Referer on link mediadescriptor
to allow determining if the source document is from a trusted/untrusted
location
Change-Id: I780568652d2ef0cc8543c27ba26289277b5d9d0c
Reviewed-on: https://gerrit.libreoffice.org/53693
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
---
sw/source/filter/xml/xmltexti.cxx | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/sw/source/filter/xml/xmltexti.cxx b/sw/source/filter/xml/xmltexti.cxx
index 78cab08507f0..33548de42f6c 100644
--- a/sw/source/filter/xml/xmltexti.cxx
+++ b/sw/source/filter/xml/xmltexti.cxx
@@ -570,16 +570,21 @@ uno::Reference< XPropertySet > SwXMLTextImportHelper::createAndInsertOOoLink(
uno::Sequence< beans::PropertyValue > aMediaDescriptor( 1 );
aMediaDescriptor[0].Name = "URL";
aMediaDescriptor[0].Value <<= aURLObj.GetMainURL( INetURLObject::DecodeMechanism::NONE );
- if ( pDoc->GetDocShell() && pDoc->GetDocShell()->GetMedium() )
+
+ if (SfxMedium* pMedium = pDoc->GetDocShell() ? pDoc->GetDocShell()->GetMedium() : nullptr)
{
- uno::Reference< task::XInteractionHandler > xInteraction =
- pDoc->GetDocShell()->GetMedium()->GetInteractionHandler();
+ uno::Reference< task::XInteractionHandler > xInteraction = pMedium->GetInteractionHandler();
if ( xInteraction.is() )
{
aMediaDescriptor.realloc( 2 );
aMediaDescriptor[1].Name = "InteractionHandler";
aMediaDescriptor[1].Value <<= xInteraction;
}
+
+ const auto nLen = aMediaDescriptor.getLength() + 1;
+ aMediaDescriptor.realloc(nLen);
+ aMediaDescriptor[nLen - 1].Name = "Referer";
+ aMediaDescriptor[nLen - 1].Value <<= pMedium->GetName();
}
uno::Reference < embed::XEmbeddedObject > xObj(
--
2.14.3

@ -62,7 +62,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice Name: libreoffice
Epoch: 1 Epoch: 1
Version: %{libo_version}.2 Version: %{libo_version}.2
Release: 7%{?libo_prerelease}%{?dist} Release: 8%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
URL: http://www.libreoffice.org/ URL: http://www.libreoffice.org/
@ -275,6 +275,7 @@ Patch7: 0001-Related-rhbz-1396729-use-cairo_surface_create_simila.patch
Patch8: 0001-tdf-95843-Wait-for-fire_glxtest_process-also-in-head.patch Patch8: 0001-tdf-95843-Wait-for-fire_glxtest_process-also-in-head.patch
Patch9: 0001-Related-tdf-116951-rhbz-1569331-end-should-be-in-ter.patch Patch9: 0001-Related-tdf-116951-rhbz-1569331-end-should-be-in-ter.patch
Patch10: 0001-Resolves-tdf-116951-rhbz-1569331-start-is-G_MAXINT.patch Patch10: 0001-Resolves-tdf-116951-rhbz-1569331-start-is-G_MAXINT.patch
Patch11: 0001-set-Referer-on-link-mediadescriptor.patch
%if 0%{?rhel} %if 0%{?rhel}
# not upstreamed # not upstreamed
@ -2323,6 +2324,10 @@ done
%{_includedir}/LibreOfficeKit %{_includedir}/LibreOfficeKit
%changelog %changelog
* Fri May 4 2018 Caolán McNamara <caolanm@redhat.com> - 1:6.0.3.2-8
- rhbz#1575000 CVE-2018-10583 allow embedded links to smb resources
to be blocked
* Thu May 3 2018 Caolán McNamara <caolanm@redhat.com> - 1:6.0.3.2-7 * Thu May 3 2018 Caolán McNamara <caolanm@redhat.com> - 1:6.0.3.2-7
- rhbz#1573845 won't start without at least Langpack-en-US.xcd - rhbz#1573845 won't start without at least Langpack-en-US.xcd

Loading…
Cancel
Save