summaryrefslogtreecommitdiff
path: root/shell
diff options
context:
space:
mode:
authorStephan Bergmann <sbergman@redhat.com>2022-06-09 09:52:28 +0200
committerStephan Bergmann <sbergman@redhat.com>2022-06-09 11:17:14 +0200
commit0bbbde84b091c7969378ef9a5bbadd9706e57c5e (patch)
tree838fab12b9607ac7d5e4dbf6f0d831c5cca3286b /shell
parenta54e10c270bfb74c303dc338ad6bc484ac529566 (diff)
tdf#140886: Make "Do you really want to open it?" more reliable
70009098fd70df021048c540d1796c928554b494 "tdf#128969: Let the user explicitly decide to execute an external program" had shoehorned that new warning dialog into the existing XSystemShellExecute::execute IllegalArgumentException return path, which caused some issues: For example, it caused the warning dialog to reappear after you acknowledged it on macOS (see comment at <https://bugs.documentfoundation.org/show_bug.cgi?id=140886#c10> "Allow hyperlink opening on file with execute bit set ref. CVE-2019-9847"), and it caused the warning dialog to erroneously appear for a non-existing file on Windows (see comment at <https://gerrit.libreoffice.org/c/core/+/124422/2#message-ac76b728fedc53e7d0a04c99f00364068b51a8ea> "tdf#128969: Let the user explicitly decide to execute an external program"). So rather than reusing IllegalArgumentException for this case, use a different kind of exception to trigger that warning dialog. The existing AccessControlException (which is also a RuntimeException) happened to fit more or less well. Change-Id: I3f743c21be48d54f10951006ef3d7172e23e9076 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135524 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'shell')
-rw-r--r--shell/source/unix/exec/shellexec.cxx15
-rw-r--r--shell/source/win32/SysShExec.cxx9
2 files changed, 15 insertions, 9 deletions
diff --git a/shell/source/unix/exec/shellexec.cxx b/shell/source/unix/exec/shellexec.cxx
index 240113ae8271..195a697888c2 100644
--- a/shell/source/unix/exec/shellexec.cxx
+++ b/shell/source/unix/exec/shellexec.cxx
@@ -27,6 +27,7 @@
#include <com/sun/star/system/SystemShellExecuteFlags.hpp>
#include <com/sun/star/lang/IllegalArgumentException.hpp>
+#include <com/sun/star/security/AccessControlException.hpp>
#include <com/sun/star/uri/ExternalUriReferenceTranslator.hpp>
#include <com/sun/star/uri/UriReferenceFactory.hpp>
#include <cppuhelper/supportsservice.hxx>
@@ -136,13 +137,17 @@ void SAL_CALL ShellExec::execute( const OUString& aCommand, const OUString& aPar
auto const e3 = errno;
SAL_INFO("shell", "lstat(" << pathname8 << ") failed with errno " << e3);
}
- if (e2 == 0 && (S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode))) {
- dir = true;
- } else if (e2 != 0 || !S_ISREG(st.st_mode)
- || (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0)
- {
+ if (e2 != 0) {
throw css::lang::IllegalArgumentException(
"XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0);
+ } else if (S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode)) {
+ dir = true;
+ } else if ((nFlags & css::system::SystemShellExecuteFlags::URIS_ONLY) != 0
+ && (!S_ISREG(st.st_mode)
+ || (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0))
+ {
+ throw css::security::AccessControlException(
+ "XSystemShellExecute.execute, bad <" + aCommand + ">", {}, {});
} else if (pathname.endsWithIgnoreAsciiCase(".class")
|| pathname.endsWithIgnoreAsciiCase(".dmg")
|| pathname.endsWithIgnoreAsciiCase(".fileloc")
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index 066b818abe92..7be77d6344de 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -29,6 +29,7 @@
#include <osl/file.hxx>
#include <sal/macros.h>
#include <com/sun/star/lang/IllegalArgumentException.hpp>
+#include <com/sun/star/security/AccessControlException.hpp>
#include <com/sun/star/system/SystemShellExecuteException.hpp>
#include <com/sun/star/system/SystemShellExecuteFlags.hpp>
#include <com/sun/star/uri/UriReferenceFactory.hpp>
@@ -268,8 +269,8 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa
SHFILEINFOW info;
if (SHGetFileInfoW(path, 0, &info, sizeof info, SHGFI_EXETYPE) != 0)
{
- throw css::lang::IllegalArgumentException(
- "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, 0);
+ throw css::security::AccessControlException(
+ "XSystemShellExecute.execute, cannot process <" + aCommand + ">", {}, {});
}
if (SHGetFileInfoW(path, 0, &info, sizeof info, SHGFI_ATTRIBUTES) == 0)
{
@@ -353,9 +354,9 @@ void SAL_CALL CSysShExec::execute( const OUString& aCommand, const OUString& aPa
".PS1XML;.PS2;.PS2XML;.PSC1;.PSC2;.PY;.REG;.SCF;.SCR;.SCT;.SHB;.SYS;"
".VB;.VBE;.VBS;.VXD;.WS;.WSC;.WSF;.WSH;")))
{
- throw css::lang::IllegalArgumentException(
+ throw css::security::AccessControlException(
"XSystemShellExecute.execute, cannot process <" + aCommand + ">", {},
- 0);
+ {});
}
}
}