[Libreoffice-commits] core.git: filter/source include/sfx2 include/vcl officecfg/registry sfx2/source svtools/inc
Andras Timar
andras.timar at collabora.com
Fri Mar 9 10:50:14 UTC 2018
filter/source/config/cache/constant.hxx | 1 +
filter/source/config/cache/filtercache.cxx | 7 ++++---
include/sfx2/docfilt.hxx | 5 ++++-
include/vcl/errcode.hxx | 1 +
officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs | 8 ++++++++
sfx2/source/bastyp/fltfnc.cxx | 10 +++++++++-
sfx2/source/doc/docfilt.cxx | 9 ++++++---
sfx2/source/doc/objstor.cxx | 5 +++++
svtools/inc/errtxt.hrc | 1 +
9 files changed, 39 insertions(+), 8 deletions(-)
New commits:
commit 4547fa2c1e205e1989611b1c4493cbbd12541372
Author: Andras Timar <andras.timar at collabora.com>
Date: Thu Mar 8 16:07:11 2018 +0100
Let sysadmins disable individual file format filters
It makes sense to disable a filter, as a temporary security measure,
when there is a 0-day vulnerability in it.
E.g., when 0-day found in AbiWord filter, this config snippet disables it:
<item oor:path="/org.openoffice.TypeDetection.Filter">
<node oor:name="Filters">
<node oor:name="AbiWord">
<prop oor:name="Enabled" oor:finalized="true">
<value>false</value>
</prop>
</node>
</node>
</item>
Change-Id: I8b84250c7e4aac3555877d23f58ed13a2210ebfc
Reviewed-on: https://gerrit.libreoffice.org/50961
Reviewed-by: Andras Timar <andras.timar at collabora.com>
Tested-by: Andras Timar <andras.timar at collabora.com>
diff --git a/filter/source/config/cache/constant.hxx b/filter/source/config/cache/constant.hxx
index 8f6b46e2fc38..c8a45889ee0e 100644
--- a/filter/source/config/cache/constant.hxx
+++ b/filter/source/config/cache/constant.hxx
@@ -58,6 +58,7 @@
#define PROPNAME_TEMPLATENAME "TemplateName"
#define PROPNAME_FILEFORMATVERSION "FileFormatVersion"
#define PROPNAME_EXPORTEXTENSION "ExportExtension"
+#define PROPNAME_ENABLED "Enabled"
/** @short used to identify a frame loader or detect service item
property against the configuration API and can be used
diff --git a/filter/source/config/cache/filtercache.cxx b/filter/source/config/cache/filtercache.cxx
index e9b810b78a5b..8db4a79ff5af 100644
--- a/filter/source/config/cache/filtercache.cxx
+++ b/filter/source/config/cache/filtercache.cxx
@@ -63,10 +63,11 @@ FilterCache::FilterCache()
, m_eFillState(E_CONTAINS_NOTHING )
{
int i = 0;
- OUString sStandardProps[9];
+ OUString sStandardProps[10];
sStandardProps[i++] = PROPNAME_USERDATA;
sStandardProps[i++] = PROPNAME_TEMPLATENAME;
+ sStandardProps[i++] = PROPNAME_ENABLED;
// E_READ_UPDATE only above
sStandardProps[i++] = PROPNAME_TYPE;
sStandardProps[i++] = PROPNAME_FILEFORMATVERSION;
@@ -79,9 +80,9 @@ FilterCache::FilterCache()
// E_READ_NOTHING -> creative nothingness.
m_aStandardProps[E_READ_STANDARD] =
- css::uno::Sequence< OUString >(sStandardProps + 2, 7);
+ css::uno::Sequence< OUString >(sStandardProps + 3, 7);
m_aStandardProps[E_READ_UPDATE] =
- css::uno::Sequence< OUString >(sStandardProps, 2);
+ css::uno::Sequence< OUString >(sStandardProps, 3);
m_aStandardProps[E_READ_ALL] =
css::uno::Sequence< OUString >(sStandardProps,
SAL_N_ELEMENTS(sStandardProps));
diff --git a/include/sfx2/docfilt.hxx b/include/sfx2/docfilt.hxx
index d5e0507d577a..2e8cc62c177d 100644
--- a/include/sfx2/docfilt.hxx
+++ b/include/sfx2/docfilt.hxx
@@ -60,6 +60,7 @@ class SFX2_DLLPUBLIC SfxFilter
SfxFilterFlags nFormatType;
sal_Int32 nVersion;
SotClipboardFormatId lFormat;
+ bool mbEnabled;
public:
SfxFilter( const OUString& rProvider, const OUString& rFilterName );
@@ -71,7 +72,8 @@ public:
const OUString &rTypeName,
const OUString &rMimeType,
const OUString &rUserData,
- const OUString& rServiceName );
+ const OUString& rServiceName,
+ bool bEnabled = true );
~SfxFilter();
bool IsAllowedAsTemplate() const { return bool(nFormatType & SfxFilterFlags::TEMPLATE); }
@@ -115,6 +117,7 @@ public:
/// @throws css::uno::RuntimeException
static OUString GetTypeFromStorage(
const css::uno::Reference<css::embed::XStorage>& xStorage );
+ bool IsEnabled() const { return mbEnabled; }
};
#endif
diff --git a/include/vcl/errcode.hxx b/include/vcl/errcode.hxx
index 4116a792c43e..8f1ba5ffc912 100644
--- a/include/vcl/errcode.hxx
+++ b/include/vcl/errcode.hxx
@@ -226,6 +226,7 @@ enum class ErrCodeClass {
#define ERRCODE_IO_WRITEPROTECTED ErrCode( ErrCodeArea::Io, ErrCodeClass::Access, 37 )
#define ERRCODE_IO_BROKENPACKAGE ErrCode( ErrCodeArea::Io, ErrCodeClass::Format, 38 )
#define ERRCODE_IO_NOTSTORABLEINBINARYFORMAT ErrCode( ErrCodeArea::Io, ErrCodeClass::Format, 39 )
+#define ERRCODE_IO_FILTERDISABLED ErrCode( ErrCodeArea::Io, ErrCodeClass::Format, 40 )
// StreamErrorCodes
diff --git a/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs b/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs
index d4d12de48425..5433e1349798 100644
--- a/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs
+++ b/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs
@@ -94,6 +94,14 @@
this filter.</desc>
</info>
</prop>
+ <prop oor:name="Enabled" oor:type="xs:boolean" oor:nillable="false">
+ <info>
+ <desc>Whether the filter is enabled. It makes sense to disable a filter,
+ as a temporary security measure, when there is a 0-day vulnerability in
+ it.</desc>
+ </info>
+ <value>true</value>
+ </prop>
</group>
</templates>
<component>
diff --git a/sfx2/source/bastyp/fltfnc.cxx b/sfx2/source/bastyp/fltfnc.cxx
index 5bbdfed0b7eb..c4eca2d5b0d8 100644
--- a/sfx2/source/bastyp/fltfnc.cxx
+++ b/sfx2/source/bastyp/fltfnc.cxx
@@ -920,6 +920,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
OUString sExtension ;
OUString sPattern ;
OUString sServiceName ;
+ bool bEnabled = true ;
// first get directly available properties
sal_Int32 nFilterPropertyCount = lFilterProperties.getLength();
@@ -1014,6 +1015,11 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
}
}
}
+ else if ( lFilterProperties[nFilterProperty].Name == "Enabled" )
+ {
+ lFilterProperties[nFilterProperty].Value >>= bEnabled;
+ }
+
}
if ( sServiceName.isEmpty() )
@@ -1050,7 +1056,8 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
sType ,
sMimeType ,
sUserData ,
- sServiceName ));
+ sServiceName ,
+ bEnabled ));
rList.push_back( pFilter );
}
else
@@ -1064,6 +1071,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
pFilt->aMimeType = sMimeType;
pFilt->aUserData = sUserData;
pFilt->aServiceName = sServiceName;
+ pFilt->mbEnabled = bEnabled;
}
SfxFilter* pFilt = const_cast<SfxFilter*>(pFilter.get());
diff --git a/sfx2/source/doc/docfilt.cxx b/sfx2/source/doc/docfilt.cxx
index 0bfefd65a59b..d4bb139993e0 100644
--- a/sfx2/source/doc/docfilt.cxx
+++ b/sfx2/source/doc/docfilt.cxx
@@ -43,7 +43,8 @@ SfxFilter::SfxFilter( const OUString& rProvider, const OUString &rFilterName ) :
maProvider(rProvider),
nFormatType(SfxFilterFlags::NONE),
nVersion(0),
- lFormat(SotClipboardFormatId::NONE)
+ lFormat(SotClipboardFormatId::NONE),
+ mbEnabled(true)
{
}
@@ -54,7 +55,8 @@ SfxFilter::SfxFilter( const OUString &rName,
const OUString &rTypNm,
const OUString &rMimeType,
const OUString &rUsrDat,
- const OUString &rServiceName ):
+ const OUString &rServiceName,
+ bool bEnabled ):
aWildCard(rWildCard, ';'),
aTypeName(rTypNm),
aUserData(rUsrDat),
@@ -64,7 +66,8 @@ SfxFilter::SfxFilter( const OUString &rName,
aUIName(maFilterName),
nFormatType(nType),
nVersion(SOFFICE_FILEFORMAT_50),
- lFormat(lFmt)
+ lFormat(lFmt),
+ mbEnabled(bEnabled)
{
OUString aExts = GetWildcard().getGlob();
OUString glob;
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 5de8041192d4..feff5dfd91a1 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -646,6 +646,11 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed )
pImpl->nLoadedFlags = SfxLoadedFlags::NONE;
pImpl->bModelInitialized = false;
+ if (pFilter && !pFilter->IsEnabled())
+ {
+ SetError( ERRCODE_IO_FILTERDISABLED );
+ }
+
// initialize static language table so language-related extensions are learned before the document loads
(void)SvtLanguageTable::GetLanguageEntryCount();
diff --git a/svtools/inc/errtxt.hrc b/svtools/inc/errtxt.hrc
index b0c82246c807..d6e2c0008a1c 100644
--- a/svtools/inc/errtxt.hrc
+++ b/svtools/inc/errtxt.hrc
@@ -130,6 +130,7 @@ const ErrMsgCode RID_ERRHDL[] =
{ NC_("RID_ERRHDL", "Wrong checksum.") , ERRCODE_IO_BADCRC },
{ NC_("RID_ERRHDL", "Function not possible: write protected.") , ERRCODE_IO_WRITEPROTECTED },
{ NC_("RID_ERRHDL", "The password of a shared spreadsheet cannot be set or changed.\nDeactivate sharing mode first."), ERRCODE_SFX_SHARED_NOPASSWORDCHANGE },
+ { NC_("RID_ERRHDL", "The filter for this file format is disabled in configuration. Please contact your systems administrator."), ERRCODE_IO_FILTERDISABLED },
{ nullptr, ERRCODE_NONE }
};
More information about the Libreoffice-commits
mailing list