diff options
| author | Sarper Akdemir <sarper.akdemir.extern@allotropia.de> | 2023-12-18 16:23:27 +0300 |
|---|---|---|
| committer | Sarper Akdemir <sarper.akdemir.extern@allotropia.de> | 2023-12-21 10:14:10 +0100 |
| commit | 24dae717996fe976c6d86b13a8b7b60cb74ca066 (patch) | |
| tree | 7509d2848806ac41a12ccfdc543ad52fc9cd6579 | |
| parent | 1c069c14a130010ec6cf53bd1b7d84a9df589f36 (diff) | |
tdf#158375: further disable embedded objects
there was the possibility of constructing an OOoEmbeddedObjectFactory
or OleEmbeddedObjectFactory directly instead of
UNOEmbeddedObjectCreator.
So disable all createInstance calls for them too. Securing there won't
be active embedded objects.
Change-Id: Ib47ad920d4951790c12d1a8587505cab2f1e126d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160921
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
(cherry picked from commit 488fa4a226b5250379538123e485c8c08dd2092a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161027
Reviewed-by: Sarper Akdemir <sarper.akdemir.extern@allotropia.de>
| -rw-r--r-- | embeddedobj/Library_emboleobj.mk | 4 | ||||
| -rw-r--r-- | embeddedobj/source/commonembedding/xfactory.cxx | 16 | ||||
| -rw-r--r-- | embeddedobj/source/msole/xolefactory.cxx | 13 |
3 files changed, 33 insertions, 0 deletions
diff --git a/embeddedobj/Library_emboleobj.mk b/embeddedobj/Library_emboleobj.mk index b7fde953c466..d92f86f2c7d3 100644 --- a/embeddedobj/Library_emboleobj.mk +++ b/embeddedobj/Library_emboleobj.mk @@ -10,6 +10,10 @@ $(eval $(call gb_Library_Library,emboleobj)) +$(eval $(call gb_Library_use_custom_headers,emboleobj,\ + officecfg/registry \ +)) + $(eval $(call gb_Library_set_componentfile,emboleobj,embeddedobj/source/msole/emboleobj$(if $(filter WNT,$(OS)),.windows),services)) $(eval $(call gb_Library_set_include,emboleobj,\ diff --git a/embeddedobj/source/commonembedding/xfactory.cxx b/embeddedobj/source/commonembedding/xfactory.cxx index c6f57aa9c643..1460b31fd54b 100644 --- a/embeddedobj/source/commonembedding/xfactory.cxx +++ b/embeddedobj/source/commonembedding/xfactory.cxx @@ -23,9 +23,11 @@ #include <com/sun/star/beans/NamedValue.hpp> #include <com/sun/star/container/XNameAccess.hpp> #include <com/sun/star/io/IOException.hpp> +#include <com/sun/star/lang/NoSupportException.hpp> #include <cppuhelper/supportsservice.hxx> #include <cppuhelper/weak.hxx> #include <comphelper/documentconstants.hxx> +#include <officecfg/Office/Common.hxx> #include "xfactory.hxx" #include <commonembobj.hxx> @@ -41,6 +43,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& aMediaDescr, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", static_cast< ::cppu::OWeakObject* >(this), @@ -118,6 +122,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& aMediaDescr, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", static_cast< ::cppu::OWeakObject* >(this), @@ -169,6 +175,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoEmbeddedObjectFactory::createInsta const OUString& sEntName, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); uno::Reference< uno::XInterface > xResult; if ( !xStorage.is() ) @@ -212,6 +220,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& lObjArgs ) { // the initialization is completely controlled by user + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", uno::Reference< uno::XInterface >( static_cast< ::cppu::OWeakObject* >(this) ), @@ -257,6 +267,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& aMediaDescr, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); uno::Reference< uno::XInterface > xResult; uno::Sequence< beans::PropertyValue > aTempMedDescr( aMediaDescr ); @@ -302,6 +314,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& lArguments, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); uno::Reference< uno::XInterface > xResult; // the initialization is completely controlled by user @@ -381,6 +395,8 @@ uno::Reference< uno::XInterface > SAL_CALL OOoSpecialEmbeddedObjectFactory::crea const uno::Sequence< beans::PropertyValue >& /*lArguments*/, const uno::Sequence< beans::PropertyValue >& /*lObjArgs*/ ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active embedded content is disabled!"); uno::Sequence< beans::NamedValue > aObject = m_aConfigHelper.GetObjectPropsByClassID( aClassID ); if ( !aObject.hasElements() ) throw io::IOException(); // unexpected mimetype of the storage diff --git a/embeddedobj/source/msole/xolefactory.cxx b/embeddedobj/source/msole/xolefactory.cxx index 1a7728ef8cdd..735e1438c5f8 100644 --- a/embeddedobj/source/msole/xolefactory.cxx +++ b/embeddedobj/source/msole/xolefactory.cxx @@ -22,6 +22,7 @@ #include <com/sun/star/container/XNameAccess.hpp> #include <com/sun/star/embed/Aspects.hpp> #include <com/sun/star/io/IOException.hpp> +#include <com/sun/star/lang/NoSupportException.hpp> #include <com/sun/star/lang/IllegalArgumentException.hpp> #include "xolefactory.hxx" @@ -30,6 +31,8 @@ #include <cppuhelper/supportsservice.hxx> #include <cppuhelper/weak.hxx> +#include <officecfg/Office/Common.hxx> + using namespace ::com::sun::star; // TODO: do not create OLE objects that represent OOo documents @@ -41,6 +44,8 @@ uno::Reference< uno::XInterface > SAL_CALL OleEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& aMedDescr, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active OLE content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", static_cast< ::cppu::OWeakObject* >(this), @@ -101,6 +106,8 @@ uno::Reference< uno::XInterface > SAL_CALL OleEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& aMediaDescr, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active OLE content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", static_cast< ::cppu::OWeakObject* >(this), @@ -133,6 +140,8 @@ uno::Reference< uno::XInterface > SAL_CALL OleEmbeddedObjectFactory::createInsta const OUString& sEntName, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active OLE content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", static_cast< ::cppu::OWeakObject* >(this), @@ -164,6 +173,8 @@ uno::Reference< uno::XInterface > SAL_CALL OleEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& aMediaDescr, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if ( officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() ) + throw lang::NoSupportException("Active OLE content is disabled!"); if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", static_cast< ::cppu::OWeakObject* >(this), @@ -198,6 +209,8 @@ uno::Reference< uno::XInterface > SAL_CALL OleEmbeddedObjectFactory::createInsta const uno::Sequence< beans::PropertyValue >& /*lArguments*/, const uno::Sequence< beans::PropertyValue >& lObjArgs ) { + if (officecfg::Office::Common::Security::Scripting::DisableActiveContent::get()) + throw lang::NoSupportException("Active OLE content is disabled!"); // the initialization is completely controlled by user if ( !xStorage.is() ) throw lang::IllegalArgumentException( "No parent storage is provided!", |