summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSarper Akdemir <sarper.akdemir@allotropia.de>2024-06-11 12:39:36 +0200
committerMiklos Vajna <vmiklos@collabora.com>2024-07-31 11:11:34 +0200
commit695e7d7f3863943aa62d564e6ab5b91bdb95477e (patch)
tree6ec35ece7ad317dad7bd430cb01d1ecf5f1a2743
parent4d16d3e2040ee59e78949b145ce9fcfc822dc91b (diff)
remove ability to trust not validated macro signatures in high security
Giving the user the option to determine if they should trust an invalid signature in HIGH macro security doesn't make sense. CommonName of the signature is the most prominent feature presented and the CommonName of a certificate can be easily forged for an invalid signature, tricking the user into accepting an invalid signature. in the HIGH macro security setting only show the pop-up to enable/disable signed macro if the certificate signature can be validated. cherry-picked without UI/String altering bits for 24-2 Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667 Tested-by: Jenkins Reviewed-by: Sarper Akdemir <sarper.akdemir@allotropia.de> (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525 Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171234 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
-rw-r--r--sfx2/source/doc/docmacromode.cxx8
1 files changed, 6 insertions, 2 deletions
diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index d8757c7a505d..526cf331d7ef 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -226,13 +226,17 @@ namespace sfx2
// check whether the document is signed with trusted certificate
if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
{
+ SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
// the trusted macro check will also retrieve the signature state ( small optimization )
const bool bAllowUIToAddAuthor = nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
&& (nMacroExecutionMode == MacroExecMode::ALWAYS_EXECUTE
- || !SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+ || !SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+ && (nMacroExecutionMode != MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+ || nSignatureState == SignatureState::OK);
+
const bool bHasTrustedMacroSignature = m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
- SignatureState nSignatureState = m_xData->m_rDocumentAccess.getScriptingSignatureState();
if ( nSignatureState == SignatureState::BROKEN )
{
if (!bAllowUIToAddAuthor)