filter/source/config/cache/constant.hxx | 1 + filter/source/config/cache/filtercache.cxx | 7 ++++--- include/sfx2/docfilt.hxx | 5 ++++- include/tools/errcode.hxx | 2 ++ officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs | 8 ++++++++ sfx2/source/bastyp/fltfnc.cxx | 10 +++++++++- sfx2/source/doc/docfilt.cxx | 9 ++++++--- sfx2/source/doc/objstor.cxx | 6 ++++++ svx/source/src/errtxt.src | 4 ++++ 9 files changed, 44 insertions(+), 8 deletions(-)
New commits: commit 08e5950b29a57d7baef3ff598cce592ee8c2c94c Author: Andras Timar <andras.ti...@collabora.com> Date: Thu Mar 8 16:07:11 2018 +0100 Let sysadmins disable individual file format filters It makes sense to disable a filter, as a temporary security measure, when there is a 0-day vulnerability in it. E.g., when 0-day found in AbiWord filter, this config snippet disables it: <item oor:path="/org.openoffice.TypeDetection.Filter"> <node oor:name="Filters"> <node oor:name="AbiWord"> <prop oor:name="Enabled" oor:finalized="true"> <value>false</value> </prop> </node> </node> </item> Reviewed-on: https://gerrit.libreoffice.org/50961 Reviewed-by: Andras Timar <andras.ti...@collabora.com> Tested-by: Andras Timar <andras.ti...@collabora.com> (cherry picked from commit 4547fa2c1e205e1989611b1c4493cbbd12541372) Change-Id: I8b84250c7e4aac3555877d23f58ed13a2210ebfc Reviewed-on: https://gerrit.libreoffice.org/51058 Reviewed-by: Andras Timar <andras.ti...@collabora.com> Tested-by: Andras Timar <andras.ti...@collabora.com> diff --git a/filter/source/config/cache/constant.hxx b/filter/source/config/cache/constant.hxx index 7e8cc0218a9a..3207ad5ca8ad 100644 --- a/filter/source/config/cache/constant.hxx +++ b/filter/source/config/cache/constant.hxx @@ -60,6 +60,7 @@ #define PROPNAME_TEMPLATENAME "TemplateName" #define PROPNAME_FILEFORMATVERSION "FileFormatVersion" #define PROPNAME_EXPORTEXTENSION "ExportExtension" +#define PROPNAME_ENABLED "Enabled" /** @short used to identify a frame loader or detect service item property against the configuration API and can be used diff --git a/filter/source/config/cache/filtercache.cxx b/filter/source/config/cache/filtercache.cxx index 86d092e73b1a..297b1909a9a6 100644 --- a/filter/source/config/cache/filtercache.cxx +++ b/filter/source/config/cache/filtercache.cxx @@ -63,10 +63,11 @@ FilterCache::FilterCache() , m_eFillState(E_CONTAINS_NOTHING ) { int i = 0; - OUString sStandardProps[9]; + OUString sStandardProps[10]; sStandardProps[i++] = PROPNAME_USERDATA; sStandardProps[i++] = PROPNAME_TEMPLATENAME; + sStandardProps[i++] = PROPNAME_ENABLED; // E_READ_UPDATE only above sStandardProps[i++] = PROPNAME_TYPE; sStandardProps[i++] = PROPNAME_FILEFORMATVERSION; @@ -79,9 +80,9 @@ FilterCache::FilterCache() // E_READ_NOTHING -> creative nothingness. m_aStandardProps[E_READ_STANDARD] = - css::uno::Sequence< OUString >(sStandardProps + 2, 7); + css::uno::Sequence< OUString >(sStandardProps + 3, 7); m_aStandardProps[E_READ_UPDATE] = - css::uno::Sequence< OUString >(sStandardProps, 2); + css::uno::Sequence< OUString >(sStandardProps, 3); m_aStandardProps[E_READ_ALL] = css::uno::Sequence< OUString >(sStandardProps, SAL_N_ELEMENTS(sStandardProps)); diff --git a/include/sfx2/docfilt.hxx b/include/sfx2/docfilt.hxx index 0a68d80e9243..6fd944f727b9 100644 --- a/include/sfx2/docfilt.hxx +++ b/include/sfx2/docfilt.hxx @@ -61,6 +61,7 @@ class SFX2_DLLPUBLIC SfxFilter sal_uIntPtr nVersion; SotClipboardFormatId lFormat; sal_uInt16 nDocIcon; + bool mbEnabled; public: SfxFilter( const OUString& rProvider, const OUString& rFilterName ); @@ -73,7 +74,8 @@ public: sal_uInt16 nDocIcon, const OUString &rMimeType, const OUString &rUserData, - const OUString& rServiceName ); + const OUString& rServiceName, + bool bEnabled = true ); ~SfxFilter(); bool IsAllowedAsTemplate() const { return bool(nFormatType & SfxFilterFlags::TEMPLATE); } @@ -118,6 +120,7 @@ public: css::lang::WrappedTargetException, css::uno::RuntimeException, std::exception ); + bool IsEnabled() const { return mbEnabled; } }; #endif diff --git a/include/tools/errcode.hxx b/include/tools/errcode.hxx index 5a8f57af462b..a177d176c79d 100644 --- a/include/tools/errcode.hxx +++ b/include/tools/errcode.hxx @@ -241,6 +241,8 @@ inline sal_uInt32 ERRCODE_TOERROR( ErrCode x ) ERRCODE_AREA_IO) #define ERRCODE_IO_NOTSTORABLEINBINARYFORMAT CAST_TO_UINT32(39UL |ERRCODE_CLASS_FORMAT|\ ERRCODE_AREA_IO) +#define ERRCODE_IO_FILTERDISABLED CAST_TO_UINT32(40UL |ERRCODE_CLASS_FORMAT|\ + ERRCODE_AREA_IO) // FsysErrorCodes diff --git a/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs b/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs index d4d12de48425..5433e1349798 100644 --- a/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs +++ b/officecfg/registry/schema/org/openoffice/TypeDetection/Filter.xcs @@ -94,6 +94,14 @@ this filter.</desc> </info> </prop> + <prop oor:name="Enabled" oor:type="xs:boolean" oor:nillable="false"> + <info> + <desc>Whether the filter is enabled. It makes sense to disable a filter, + as a temporary security measure, when there is a 0-day vulnerability in + it.</desc> + </info> + <value>true</value> + </prop> </group> </templates> <component> diff --git a/sfx2/source/bastyp/fltfnc.cxx b/sfx2/source/bastyp/fltfnc.cxx index 3132535768b6..30976e9b0139 100644 --- a/sfx2/source/bastyp/fltfnc.cxx +++ b/sfx2/source/bastyp/fltfnc.cxx @@ -933,6 +933,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl( OUString sExtension ; OUString sPattern ; OUString sServiceName ; + bool bEnabled = true ; // first get directly available properties sal_Int32 nFilterPropertyCount = lFilterProperties.getLength(); @@ -1027,6 +1028,11 @@ void SfxFilterContainer::ReadSingleFilter_Impl( } } } + else if ( lFilterProperties[nFilterProperty].Name == "Enabled" ) + { + lFilterProperties[nFilterProperty].Value >>= bEnabled; + } + } if ( sServiceName.isEmpty() ) @@ -1064,7 +1070,8 @@ void SfxFilterContainer::ReadSingleFilter_Impl( (sal_uInt16)nDocumentIconId , sMimeType , sUserData , - sServiceName )); + sServiceName , + bEnabled )); rList.push_back( pFilter ); } else @@ -1079,6 +1086,7 @@ void SfxFilterContainer::ReadSingleFilter_Impl( pFilt->aMimeType = sMimeType; pFilt->aUserData = sUserData; pFilt->aServiceName = sServiceName; + pFilt->mbEnabled = bEnabled; } SfxFilter* pFilt = const_cast<SfxFilter*>(pFilter.get()); diff --git a/sfx2/source/doc/docfilt.cxx b/sfx2/source/doc/docfilt.cxx index 061cf8f3d289..3996f2fc8b0d 100644 --- a/sfx2/source/doc/docfilt.cxx +++ b/sfx2/source/doc/docfilt.cxx @@ -43,7 +43,8 @@ SfxFilter::SfxFilter( const OUString& rProvider, const OUString &rFilterName ) : nFormatType(SfxFilterFlags::NONE), nVersion(0), lFormat(SotClipboardFormatId::NONE), - nDocIcon(0) + nDocIcon(0), + mbEnabled(true) { } @@ -55,7 +56,8 @@ SfxFilter::SfxFilter( const OUString &rName, sal_uInt16 nIcon, const OUString &rMimeType, const OUString &rUsrDat, - const OUString &rServiceName ): + const OUString &rServiceName, + bool bEnabled ): aWildCard(rWildCard, ';'), aTypeName(rTypNm), aUserData(rUsrDat), @@ -66,7 +68,8 @@ SfxFilter::SfxFilter( const OUString &rName, nFormatType(nType), nVersion(SOFFICE_FILEFORMAT_50), lFormat(lFmt), - nDocIcon(nIcon) + nDocIcon(nIcon), + mbEnabled(bEnabled) { OUString aExts = GetWildcard().getGlob(); OUString aShort, aLong; diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index 02837baf99e1..dfb08a42945a 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -658,6 +658,12 @@ bool SfxObjectShell::DoLoad( SfxMedium *pMed ) pImpl->nLoadedFlags = SfxLoadedFlags::NONE; pImpl->bModelInitialized = false; + if (pFilter && !pFilter->IsEnabled()) + { + SetError( ERRCODE_IO_FILTERDISABLED, OSL_LOG_PREFIX ); + } + + //TODO/LATER: make a clear strategy how to handle "UsesStorage" etc. bool bOwnStorageFormat = IsOwnStorageFormat( *pMedium ); bool bHasStorage = IsPackageStorageFormat_Impl( *pMedium ); diff --git a/svx/source/src/errtxt.src b/svx/source/src/errtxt.src index ab00f1b94a5a..0484a929db80 100644 --- a/svx/source/src/errtxt.src +++ b/svx/source/src/errtxt.src @@ -508,6 +508,10 @@ Resource RID_ERRHDL { Text [ en-US ] = "File format error found at $(ARG1)(row,col)."; }; + String ERRCODE_IO_FILTERDISABLED + { + Text [ en-US ] = "The filter for this file format is disabled in configuration. Please contact your systems administrator."; + }; }; /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits