From 26074423123f84d1791b17b7534aee5aaac43fe6 Mon Sep 17 00:00:00 2001
From: David Paleino <d.paleino@gmail.com>
Date: Wed, 11 Apr 2012 22:31:07 +0200
Subject: [PATCH] Fix CVE-2012-2095: local privilege escalation, setting
 arbitrary pre/post-connection scripts

---
 wicd/wicd-daemon.py | 57 ++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 49 insertions(+), 8 deletions(-)

diff --git a/wicd/wicd-daemon.py b/wicd/wicd-daemon.py
index 1d6d313..3a2f182 100644
--- a/wicd/wicd-daemon.py
+++ b/wicd/wicd-daemon.py
@@ -946,6 +946,28 @@ class WirelessDaemon(dbus.service.Object):
         self.LastScan = []
         self.config = ConfigManager(wireless_conf, debug=debug)
 
+        self._validProperties = (
+            'bssid',
+            'essid',
+            'hidden',
+            'channel',
+            'mode',
+            'enctype',
+            'encryption_method',
+            'key',
+            'automatic',
+            'ip',
+            'netmask',
+            'broadcast',
+            'gateway',
+            'use_static_dns',
+            'use_global_dns',
+            'dns1',
+            'dns2',
+            'dns3',
+            'use_settings_globally',
+        )
+
     def get_debug_mode(self):
         return self._debug_mode
     def set_debug_mode(self, mode):
@@ -1064,9 +1086,9 @@ class WirelessDaemon(dbus.service.Object):
     def SetWirelessProperty(self, netid, prop, value):
         """ Sets property to value in network specified. """
         # We don't write script settings here.
-        if (prop.strip()).endswith("script"):
-            print "Setting script properties through the daemon is not" \
-                  + " permitted."
+        if prop.strip() not in self._validProperties:
+            print "Trying to set invalid property (or property not " \
+                  "permitted): "+ prop.strip() + "."
             return False
         self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
 
@@ -1355,6 +1377,25 @@ class WiredDaemon(dbus.service.Object):
         self.WiredNetwork = {}
         self.config = ConfigManager(wired_conf, debug=debug)
 
+        self._validProperties = (
+            'ip',
+            'broadcast',
+            'netmask',
+            'gateway',
+            'search_domain',
+            'dns_domain',
+            'dns1',
+            'dns2',
+            'dns3',
+            'encryption_enabled',
+            'default',
+            'dhcphostname',
+            'lastused',
+            'profilename',
+            'use_global_dns',
+            'use_static_dns',
+        )
+
     def get_debug_mode(self):
         return self._debug_mode
     def set_debug_mode(self, mode):
@@ -1403,14 +1444,14 @@ class WiredDaemon(dbus.service.Object):
         return str(iface)
 
     @dbus.service.method('org.wicd.daemon.wired')
-    def SetWiredProperty(self, property, value):
+    def SetWiredProperty(self, prop, value):
         """ Sets the given property to the given value. """
         if self.WiredNetwork:
-            if (property.strip()).endswith("script"):
-                print "Setting script properties through the daemon" \
-                      + " is not permitted."
+            if prop.strip() not in self._validProperties:
+                print "Trying to set invalid property (or property not " \
+                      "permitted): "+ prop.strip() + "."
                 return False
-            self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value))
+            self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
             return True
         else:
             print 'SetWiredProperty: WiredNetwork does not exist'