[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-5.3' - filter/source include/sfx2 include/tools officecfg/registry sfx2/source svx/source
Andras Timar
andras.timar at collabora.com
Mon Mar 12 10:17:26 UTC 2018
filter/source/config/cache/constant.hxx | 1 +
filter/source/config/cache/filtercache.cxx | 7 ++++---
include/sfx2/docfilt.hxx | 5 ++++-
include/tools/errcode.hxx | 2 ++
officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs | 8 ++++++++
sfx2/source/bastyp/fltfnc.cxx | 10 +++++++++-
sfx2/source/doc/docfilt.cxx | 9 ++++++---
sfx2/source/doc/objstor.cxx | 6 ++++++
svx/source/src/errtxt.src | 4 ++++
9 files changed, 44 insertions(+), 8 deletions(-)
New commits:
commit 08e5950b29a57d7baef3ff598cce592ee8c2c94c
Author: Andras Timar <andras.timar at collabora.com>
Date: Thu Mar 8 16:07:11 2018 +0100
Let sysadmins disable individual file format filters
It makes sense to disable a filter, as a temporary security measure,
when there is a 0-day vulnerability in it.
E.g., when 0-day found in AbiWord filter, this config snippet disables it:
<item oor:path="/org.openoffice.TypeDetection.Filter">
<node oor:name="Filters">
<node oor:name="AbiWord">
<prop oor:name="Enabled" oor:finalized="true">
<value>false</value>
</prop>
</node>
</node>
</item>
Reviewed-on: https://gerrit.libreoffice.org/50961
Reviewed-by: Andras Timar <andras.timar at collabora.com>
Tested-by: Andras Timar <andras.timar at collabora.com>
(cherry picked from commit 4547fa2c1e205e1989611b1c4493cbbd12541372)
Change-Id: I8b84250c7e4aac3555877d23f58ed13a2210ebfc
Reviewed-on: https://gerrit.libreoffice.org/51058
Reviewed-by: Andras Timar <andras.timar at collabora.com>
Tested-by: Andras Timar <andras.timar at collabora.com>
diff --git a/filter/source/config/cache/constant.hxx b/filter/source/config/cache/constant.hxx
index 7e8cc0218a9a..3207ad5ca8ad 100644
--- a/filter/source/config/cache/constant.hxx
+++ b/filter/source/config/cache/constant.hxx
@@ -60,6 +60,7 @@
#define PROPNAME_TEMPLATENAME "TemplateName"
#define PROPNAME_FILEFORMATVERSION "FileFormatVersion"
#define PROPNAME_EXPORTEXTENSION "ExportExtension"
+#define PROPNAME_ENABLED "Enabled"
/** @short used to identify a frame loader or detect service item
property against the configuration API and can be used
diff --git a/filter/source/config/cache/filtercache.cxx b/filter/source/config/cache/filtercache.cxx
index 86d092e73b1a..297b1909a9a6 100644
--- a/filter/source/config/cache/filtercache.cxx
+++ b/filter/source/config/cache/filtercache.cxx
@@ -63,10 +63,11 @@ FilterCache::FilterCache()
, m_eFillState(E_CONTAINS_NOTHING )
{
int i = 0;
- OUString sStandardProps[9];
+ OUString sStandardProps[10];
sStandardProps[i++] = PROPNAME_USERDATA;
sStandardProps[i++] = PROPNAME_TEMPLATENAME;
+ sStandardProps[i++] = PROPNAME_ENABLED;
// E_READ_UPDATE only above
sStandardProps[i++] = PROPNAME_TYPE;
sStandardProps[i++] = PROPNAME_FILEFORMATVERSION;
@@ -79,9 +80,9 @@ FilterCache::FilterCache()
// E_READ_NOTHING -> creative nothingness.
m_aStandardProps[E_READ_STANDARD] =
- css::uno::Sequence< OUString >(sStandardProps + 2, 7);
+ css::uno::Sequence< OUString >(sStandardProps + 3, 7);
m_aStandardProps[E_READ_UPDATE] =
- css::uno::Sequence< OUString >(sStandardProps, 2);
+ css::uno::Sequence< OUString >(sStandardProps, 3);
m_aStandardProps[E_READ_ALL] =
css::uno::Sequence< OUString >(sStandardProps,
SAL_N_ELEMENTS(sStandardProps));
diff --git a/include/sfx2/docfilt.hxx b/include/sfx2/docfilt.hxx
index 0a68d80e9243..6fd944f727b9 100644
--- a/include/sfx2/docfilt.hxx
+++ b/include/sfx2/docfilt.hxx
@@ -61,6 +61,7 @@ class SFX2_DLLPUBLIC SfxFilter
sal_uIntPtr nVersion;
SotClipboardFormatId lFormat;
sal_uInt16 nDocIcon;
+ bool mbEnabled;
public:
SfxFilter( const OUString& rProvider, const OUString& rFilterName );
@@ -73,7 +74,8 @@ public:
sal_uInt16 nDocIcon,
const OUString &rMimeType,
const OUString &rUserData,
- const OUString& rServiceName );
+ const OUString& rServiceName,
+ bool bEnabled = true );
~SfxFilter();
bool IsAllowedAsTemplate() const { return bool(nFormatType & SfxFilterFlags::TEMPLATE); }
@@ -118,6 +120,7 @@ public:
css::lang::WrappedTargetException,
css::uno::RuntimeException,
std::exception );
+ bool IsEnabled() const { return mbEnabled; }
};
#endif
diff --git a/include/tools/errcode.hxx b/include/tools/errcode.hxx
index 5a8f57af462b..a177d176c79d 100644
--- a/include/tools/errcode.hxx
+++ b/include/tools/errcode.hxx
@@ -241,6 +241,8 @@ inline sal_uInt32 ERRCODE_TOERROR( ErrCode x )
ERRCODE_AREA_IO)
#define ERRCODE_IO_NOTSTORABLEINBINARYFORMAT CAST_TO_UINT32(39UL |ERRCODE_CLASS_FORMAT|\
ERRCODE_AREA_IO)
+#define ERRCODE_IO_FILTERDISABLED CAST_TO_UINT32(40UL |ERRCODE_CLASS_FORMAT|\
+ ERRCODE_AREA_IO)
// FsysErrorCodes
diff --git a/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs b/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs
index d4d12de48425..5433e1349798 100644
--- a/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs
+++ b/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs
@@ -94,6 +94,14 @@
this filter.</desc>
</info>
</prop>
+ <prop oor:name="Enabled" oor:type="xs:boolean" oor:nillable="false">
+ <info>
+ <desc>Whether the filter is enabled. It makes sense to disable a filter,
+ as a temporary security measure, when there is a 0-day vulnerability in
+ it.</desc>
+ </info>
+ <value>true</value>
+ </prop>
</group>
</templates>
<component>
diff --git a/sfx2/source/bastyp/fltfnc.cxx b/sfx2/source/bastyp/fltfnc.cxx
index 3132535768b6..30976e9b0139 100644
--- a/sfx2/source/bastyp/fltfnc.cxx
+++ b/sfx2/source/bastyp/fltfnc.cxx
@@ -933,6 +933,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
OUString sExtension ;
OUString sPattern ;
OUString sServiceName ;
+ bool bEnabled = true ;
// first get directly available properties
sal_Int32 nFilterPropertyCount = lFilterProperties.getLength();
@@ -1027,6 +1028,11 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
}
}
}
+ else if ( lFilterProperties[nFilterProperty].Name == "Enabled" )
+ {
+ lFilterProperties[nFilterProperty].Value >>= bEnabled;
+ }
+
}
if ( sServiceName.isEmpty() )
@@ -1064,7 +1070,8 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
(sal_uInt16)nDocumentIconId ,
sMimeType ,
sUserData ,
- sServiceName ));
+ sServiceName ,
+ bEnabled ));
rList.push_back( pFilter );
}
else
@@ -1079,6 +1086,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl(
pFilt->aMimeType = sMimeType;
pFilt->aUserData = sUserData;
pFilt->aServiceName = sServiceName;
+ pFilt->mbEnabled = bEnabled;
}
SfxFilter* pFilt = const_cast<SfxFilter*>(pFilter.get());
diff --git a/sfx2/source/doc/docfilt.cxx b/sfx2/source/doc/docfilt.cxx
index 061cf8f3d289..3996f2fc8b0d 100644
--- a/sfx2/source/doc/docfilt.cxx
+++ b/sfx2/source/doc/docfilt.cxx
@@ -43,7 +43,8 @@ SfxFilter::SfxFilter( const OUString& rProvider, const OUString &rFilterName ) :
nFormatType(SfxFilterFlags::NONE),
nVersion(0),
lFormat(SotClipboardFormatId::NONE),
- nDocIcon(0)
+ nDocIcon(0),
+ mbEnabled(true)
{
}
@@ -55,7 +56,8 @@ SfxFilter::SfxFilter( const OUString &rName,
sal_uInt16 nIcon,
const OUString &rMimeType,
const OUString &rUsrDat,
- const OUString &rServiceName ):
+ const OUString &rServiceName,
+ bool bEnabled ):
aWildCard(rWildCard, ';'),
aTypeName(rTypNm),
aUserData(rUsrDat),
@@ -66,7 +68,8 @@ SfxFilter::SfxFilter( const OUString &rName,
nFormatType(nType),
nVersion(SOFFICE_FILEFORMAT_50),
lFormat(lFmt),
- nDocIcon(nIcon)
+ nDocIcon(nIcon),
+ mbEnabled(bEnabled)
{
OUString aExts = GetWildcard().getGlob();
OUString aShort, aLong;
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index 02837baf99e1..dfb08a42945a 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -658,6 +658,12 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed )
pImpl->nLoadedFlags = SfxLoadedFlags::NONE;
pImpl->bModelInitialized = false;
+ if (pFilter && !pFilter->IsEnabled())
+ {
+ SetError( ERRCODE_IO_FILTERDISABLED, OSL_LOG_PREFIX );
+ }
+
+
//TODO/LATER: make a clear strategy how to handle "UsesStorage" etc.
bool bOwnStorageFormat = IsOwnStorageFormat( *pMedium );
bool bHasStorage = IsPackageStorageFormat_Impl( *pMedium );
diff --git a/svx/source/src/errtxt.src b/svx/source/src/errtxt.src
index ab00f1b94a5a..0484a929db80 100644
--- a/svx/source/src/errtxt.src
+++ b/svx/source/src/errtxt.src
@@ -508,6 +508,10 @@ Resource RID_ERRHDL
{
Text [ en-US ] = "File format error found at $(ARG1)(row,col).";
};
+ String ERRCODE_IO_FILTERDISABLED
+ {
+ Text [ en-US ] = "The filter for this file format is disabled in configuration. Please contact your systems administrator.";
+ };
};
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
More information about the Libreoffice-commits
mailing list