source

Sarper Akdemir (via logerrit) Wed, 31 Jul 2024 02:19:10 -0700

 sfx2/source/doc/docmacromode.cxx |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)


New commits:
commit 71ce641746e0f6918561c1cd86187ae5f5e74e6f
Author:     Sarper Akdemir <sarper.akde...@allotropia.de>
AuthorDate: Tue Jun 11 12:39:36 2024 +0200
Commit:     Miklos Vajna <vmik...@collabora.com>
CommitDate: Wed Jul 31 11:18:43 2024 +0200

    remove ability to trust not validated macro signatures in high security
    
    Giving the user the option to determine if they should trust an
    invalid signature in HIGH macro security doesn't make sense.
    CommonName of the signature is the most prominent feature presented
    and the CommonName of a certificate can be easily forged for an
    invalid signature, tricking the user into accepting an invalid
    signature.
    
    in the HIGH macro security setting only show the pop-up to
    enable/disable signed macro if the certificate signature can be
    validated.
    
    cherry-picked without UI/String altering bits for 24-2
    
    Change-Id: Ia766fb701660160ee5dc9f6e077f4012a44ce721
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168667
    Tested-by: Jenkins
    Reviewed-by: Sarper Akdemir <sarper.akde...@allotropia.de>
    (cherry picked from commit 2beaa3be3829303e948d401f492dbfd239d60aad)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169525
    Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171279
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>

diff --git a/sfx2/source/doc/docmacromode.cxx b/sfx2/source/doc/docmacromode.cxx
index 887c672a3ffd..7fd32c4bb283 100644
--- a/sfx2/source/doc/docmacromode.cxx
+++ b/sfx2/source/doc/docmacromode.cxx
@@ -226,13 +226,17 @@ namespace sfx2
             // check whether the document is signed with trusted certificate
             if ( nMacroExecutionMode != MacroExecMode::FROM_LIST )
             {
+                SignatureState nSignatureState = 
m_xData->m_rDocumentAccess.getScriptingSignatureState();
+
                 // the trusted macro check will also retrieve the signature 
state ( small optimization )
                 const bool bAllowUIToAddAuthor = nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_NO_WARN
                                                  && (nMacroExecutionMode == 
MacroExecMode::ALWAYS_EXECUTE
-                                                     || 
!SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors));
+                                                     || 
!SvtSecurityOptions::IsReadOnly(SvtSecurityOptions::EOption::MacroTrustedAuthors))
+                                                 && (nMacroExecutionMode != 
MacroExecMode::FROM_LIST_AND_SIGNED_WARN
+                                                     || nSignatureState == 
SignatureState::OK);
+
                 const bool bHasTrustedMacroSignature = 
m_xData->m_rDocumentAccess.hasTrustedScriptingSignature(bAllowUIToAddAuthor);
 
-                SignatureState nSignatureState = 
m_xData->m_rDocumentAccess.getScriptingSignatureState();
                 if ( nSignatureState == SignatureState::BROKEN )
                 {
                     if (!bAllowUIToAddAuthor)

core.git: Branch 'distro/collabora/co-22.05' - sfx2/source

Reply via email to