embeddedobj/Library_emboleobj.mk | 4 ++++
embeddedobj/source/commonembedding/xfactory.cxx | 16 ++++++++++++++++
embeddedobj/source/msole/xolefactory.cxx | 13 +++++++++++++
3 files changed, 33 insertions(+)
New commits:
commit 75df80e34efcd2d39a49ec91654480e156bcec1f
Author: Sarper Akdemir <sarper.akdemir.ext...@allotropia.de>
AuthorDate: Mon Dec 18 16:23:27 2023 +0300
Commit: Sarper Akdemir <sarper.akdemir.ext...@allotropia.de>
CommitDate: Wed Dec 20 20:15:02 2023 +0100
tdf#158375: further disable embedded objects
there was the possibility of constructing an OOoEmbeddedObjectFactory
or OleEmbeddedObjectFactory directly instead of
UNOEmbeddedObjectCreator.
So disable all createInstance calls for them too. Securing there won't
be active embedded objects.
Change-Id: Ib47ad920d4951790c12d1a8587505cab2f1e126d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160921
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergm...@allotropia.de>
diff --git a/embeddedobj/Library_emboleobj.mk b/embeddedobj/Library_emboleobj.mk
index b7fde953c466..d92f86f2c7d3 100644
--- a/embeddedobj/Library_emboleobj.mk
+++ b/embeddedobj/Library_emboleobj.mk
@@ -10,6 +10,10 @@
$(eval $(call gb_Library_Library,emboleobj))
+$(eval $(call gb_Library_use_custom_headers,emboleobj,\
+ officecfg/registry \
+))
+
$(eval $(call
gb_Library_set_componentfile,emboleobj,embeddedobj/source/msole/emboleobj$(if
$(filter WNT,$(OS)),.windows),services))
$(eval $(call gb_Library_set_include,emboleobj,\
diff --git a/embeddedobj/source/commonembedding/xfactory.cxx
b/embeddedobj/source/commonembedding/xfactory.cxx
index c6f57aa9c643..1460b31fd54b 100644
--- a/embeddedobj/source/commonembedding/xfactory.cxx
+++ b/embeddedobj/source/commonembedding/xfactory.cxx
@@ -23,9 +23,11 @@
#include <com/sun/star/beans/NamedValue.hpp>
#include <com/sun/star/container/XNameAccess.hpp>
#include <com/sun/star/io/IOException.hpp>
+#include <com/sun/star/lang/NoSupportException.hpp>
#include <cppuhelper/supportsservice.hxx>
#include <cppuhelper/weak.hxx>
#include <comphelper/documentconstants.hxx>
+#include <officecfg/Office/Common.hxx>
#include "xfactory.hxx"
#include <commonembobj.hxx>
@@ -41,6 +43,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoEmbeddedObjectFactory::createInsta
const
uno::Sequence< beans::PropertyValue >& aMediaDescr,
const
uno::Sequence< beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
static_cast< ::cppu::OWeakObject*
>(this),
@@ -118,6 +122,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoEmbeddedObjectFactory::createInsta
const uno::Sequence< beans::PropertyValue >& aMediaDescr,
const uno::Sequence< beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
static_cast< ::cppu::OWeakObject*
>(this),
@@ -169,6 +175,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoEmbeddedObjectFactory::createInsta
const OUString& sEntName,
const uno::Sequence<
beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
uno::Reference< uno::XInterface > xResult;
if ( !xStorage.is() )
@@ -212,6 +220,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoEmbeddedObjectFactory::createInsta
const uno::Sequence< beans::PropertyValue >& lObjArgs )
{
// the initialization is completely controlled by user
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
uno::Reference< uno::XInterface >(
static_cast< ::cppu::OWeakObject* >(this) ),
@@ -257,6 +267,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoEmbeddedObjectFactory::createInsta
const uno::Sequence<
beans::PropertyValue >& aMediaDescr,
const uno::Sequence<
beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
uno::Reference< uno::XInterface > xResult;
uno::Sequence< beans::PropertyValue > aTempMedDescr( aMediaDescr );
@@ -302,6 +314,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoEmbeddedObjectFactory::createInsta
const uno::Sequence<
beans::PropertyValue >& lArguments,
const uno::Sequence<
beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
uno::Reference< uno::XInterface > xResult;
// the initialization is completely controlled by user
@@ -381,6 +395,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OOoSpecialEmbeddedObjectFactory::crea
const uno::Sequence< beans::PropertyValue >& /*lArguments*/,
const uno::Sequence< beans::PropertyValue >& /*lObjArgs*/ )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active embedded content is disabled!");
uno::Sequence< beans::NamedValue > aObject =
m_aConfigHelper.GetObjectPropsByClassID( aClassID );
if ( !aObject.hasElements() )
throw io::IOException(); // unexpected mimetype of the storage
diff --git a/embeddedobj/source/msole/xolefactory.cxx
b/embeddedobj/source/msole/xolefactory.cxx
index 1a7728ef8cdd..735e1438c5f8 100644
--- a/embeddedobj/source/msole/xolefactory.cxx
+++ b/embeddedobj/source/msole/xolefactory.cxx
@@ -22,6 +22,7 @@
#include <com/sun/star/container/XNameAccess.hpp>
#include <com/sun/star/embed/Aspects.hpp>
#include <com/sun/star/io/IOException.hpp>
+#include <com/sun/star/lang/NoSupportException.hpp>
#include <com/sun/star/lang/IllegalArgumentException.hpp>
#include "xolefactory.hxx"
@@ -30,6 +31,8 @@
#include <cppuhelper/supportsservice.hxx>
#include <cppuhelper/weak.hxx>
+#include <officecfg/Office/Common.hxx>
+
using namespace ::com::sun::star;
// TODO: do not create OLE objects that represent OOo documents
@@ -41,6 +44,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OleEmbeddedObjectFactory::createInsta
const
uno::Sequence< beans::PropertyValue >& aMedDescr,
const
uno::Sequence< beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active OLE content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
static_cast< ::cppu::OWeakObject*
>(this),
@@ -101,6 +106,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OleEmbeddedObjectFactory::createInsta
const uno::Sequence< beans::PropertyValue >& aMediaDescr,
const uno::Sequence< beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active OLE content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
static_cast< ::cppu::OWeakObject*
>(this),
@@ -133,6 +140,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OleEmbeddedObjectFactory::createInsta
const OUString& sEntName,
const uno::Sequence<
beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active OLE content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
static_cast< ::cppu::OWeakObject*
>(this),
@@ -164,6 +173,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OleEmbeddedObjectFactory::createInsta
const uno::Sequence<
beans::PropertyValue >& aMediaDescr,
const uno::Sequence<
beans::PropertyValue >& lObjArgs )
{
+ if (
officecfg::Office::Common::Security::Scripting::DisableActiveContent::get() )
+ throw lang::NoSupportException("Active OLE content is disabled!");
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
static_cast< ::cppu::OWeakObject*
>(this),
@@ -198,6 +209,8 @@ uno::Reference< uno::XInterface > SAL_CALL
OleEmbeddedObjectFactory::createInsta
const uno::Sequence< beans::PropertyValue >& /*lArguments*/,
const uno::Sequence< beans::PropertyValue >& lObjArgs )
{
+ if
(officecfg::Office::Common::Security::Scripting::DisableActiveContent::get())
+ throw lang::NoSupportException("Active OLE content is disabled!");
// the initialization is completely controlled by user
if ( !xStorage.is() )
throw lang::IllegalArgumentException( "No parent storage is provided!",
