[patchlogo]

Debian patch tracking system

- wicd - wicd/1.7.0+ds1-5+squeeze3 - series patch 31-fix_local_privilege_escalation.patch

wicd (1.7.0+ds1-5+squeeze3) 31-fix_local_privilege_escalation.patch

Summary

 wicd/misc.py        |    8 ++++++++
 wicd/wicd-daemon.py |    9 ++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)
download this patch

Patch contents

From: David Paleino <d.paleino@gmail.com>
Subject: fix local privilege escalation, CVE-2012-2095
Origin: upstream, http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/767

---
 wicd/misc.py        |    8 ++++++++
 wicd/wicd-daemon.py |    9 ++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

--- wicd.orig/wicd/wicd-daemon.py
+++ wicd/wicd/wicd-daemon.py
@@ -1088,7 +1088,8 @@ class WirelessDaemon(dbus.service.Object
     def SetWirelessProperty(self, netid, prop, value):
         """ Sets property to value in network specified. """
         # We don't write script settings here.
-        if (prop.strip()).endswith("script"):
+        prop = misc.sanitize_config(prop)
+        if prop.endswith('script'):
             print "Setting script properties through the daemon is not" \
                   + " permitted."
             return False
@@ -1280,7 +1281,8 @@ class WirelessDaemon(dbus.service.Object
     @dbus.service.method('org.wicd.daemon.wireless')
     def SaveWirelessNetworkProperty(self, id, option):
         """ Writes a particular wireless property to disk. """
-        if (option.strip()).endswith("script"):
+        option = misc.sanitize_config(option)
+        if option.endswith("script"):
             print 'You cannot save script information to disk through ' + \
                   'the daemon.'
             return
@@ -1410,7 +1412,8 @@ class WiredDaemon(dbus.service.Object):
     def SetWiredProperty(self, property, value):
         """ Sets the given property to the given value. """
         if self.WiredNetwork:
-            if (property.strip()).endswith("script"):
+            property = misc.sanitize_config(property)
+            if property.endswith('script'):
                 print "Setting script properties through the daemon" \
                       + " is not permitted."
                 return False
--- wicd.orig/wicd/misc.py
+++ wicd/wicd/misc.py
@@ -26,6 +26,7 @@ import os
 import locale
 import sys
 import re
+import string
 import gobject
 from threading import Thread
 from subprocess import Popen, STDOUT, PIPE, call
@@ -378,6 +379,13 @@ def noneToString(text):
     else:
         return str(text)
 
+def sanitize_config(s):
+    """ Sanitize property names to be used in config-files. """
+    allowed = string.ascii_letters + '_' + string.digits
+    table = string.maketrans(allowed, ' ' * len(allowed))
+    blank = string.maketrans('', '')
+    return s.encode('ascii', 'replace').translate(blank, table)
+
 def to_unicode(x):
     """ Attempts to convert a string to utf-8. """
     # If this is a unicode string, encode it and return
page code/design/content is copyright (c) 2008 sean finney <seanius@debian.org>.
patches viewed/retrieved through this system are copyrighted by their respective authors.
browse git repo - clone git repo