sfx2: SfxObjectShell should not trust any signature on repaired packagemimo-7.2.7.2.M18 distro/mimo/mimo-7-2

Change-Id: I0317f80989e9dabd23e88e3caab26ede3fb5bd56 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169883 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 8b333575ee680664fa3d83249ccec90881754ad7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169930 Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171912 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> (cherry picked from commit d052f800991eab7011b39dee55a14f0071226d23) (cherry picked from commit 842887f165cdb199b17f7dd44c7dc92abc9651c9)
author: Michael Stahl <michael.stahl@allotropia.de> 2024-07-02 13:24:38 +0200
committer: Aron Budea <aron.budea@collabora.com> 2024-08-22 21:29:01 +0200
commit: bd11f8bd6f56b853e2ef3e988366092a51ff1544 (patch)
tree: c7e0db18e363a036ff553f85eab01bacaa4b096f
parent: 0b624ec349a71f503a2f7e8c094beef0ff1d6128 (diff)
3 files changed, 18 insertions, 0 deletions
diff --git a/sfx2/source/doc/objmisc.cxx b/sfx2/source/doc/objmisc.cxx
index 8b68b7e34cc3..202dc465f54d 100644
--- a/sfx2/source/doc/objmisc.cxx
+++ b/sfx2/source/doc/objmisc.cxx
@@ -930,6 +930,12 @@ void SfxObjectShell::BreakMacroSign_Impl( bool bBreakMacroSign )
 
 void SfxObjectShell::CheckSecurityOnLoading_Impl()
 {
+    if (GetErrorCode() == ERRCODE_IO_BROKENPACKAGE)
+    {   // safety first: don't run any macros from broken package.
+        pImpl->aMacroMode.disallowMacroExecution();
+        return; // do not get signature status - needs to be done after RepairPackage
+    }
+
     // make sure LO evaluates the macro signatures, so it can be preserved
     GetScriptingSignatureState();
 
diff --git a/sfx2/source/doc/objserv.cxx b/sfx2/source/doc/objserv.cxx
index 71cb3f00e619..52dffb51b241 100644
--- a/sfx2/source/doc/objserv.cxx
+++ b/sfx2/source/doc/objserv.cxx
@@ -1761,6 +1761,16 @@ SignatureState SfxObjectShell::ImplGetSignatureState( bool bScriptingContent )
 
         uno::Sequence< security::DocumentSignatureInformation > aInfos = GetDocumentSignatureInformation( bScriptingContent );
         *pState = DocumentSignatures::getSignatureState(aInfos);
+
+        // repaired package cannot be trusted
+        if (*pState != SignatureState::NOSIGNATURES)
+        {
+            SfxBoolItem const*const pRepairItem= SfxItemSet::GetItem<SfxBoolItem>(GetMedium()->GetItemSet(), SID_REPAIRPACKAGE, false);
+            if (pRepairItem && pRepairItem->GetValue())
+            {
+                *pState = SignatureState::BROKEN;
+            }
+        }
     }
 
     if ( *pState == SignatureState::OK || *pState == SignatureState::NOTVALIDATED
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx
index d30e52f25c03..f3569356f81f 100644
--- a/sfx2/source/doc/objstor.cxx
+++ b/sfx2/source/doc/objstor.cxx
@@ -377,6 +377,8 @@ void SfxObjectShell::PrepareSecondTryLoad_Impl()
 {
     // only for internal use
     pImpl->m_xDocStorage.clear();
+    pImpl->nDocumentSignatureState = SignatureState::UNKNOWN;
+    pImpl->nScriptingSignatureState = SignatureState::UNKNOWN;
     pImpl->m_bIsInit = false;
     ResetError();
 }
author	Michael Stahl <michael.stahl@allotropia.de>	2024-07-02 13:24:38 +0200
committer	Aron Budea <aron.budea@collabora.com>	2024-08-22 21:29:01 +0200
commit	bd11f8bd6f56b853e2ef3e988366092a51ff1544 (patch)
tree	c7e0db18e363a036ff553f85eab01bacaa4b096f
parent	0b624ec349a71f503a2f7e8c094beef0ff1d6128 (diff)