From 33d60963efd009bdaaadb227ab8b5da4ecf5b48c Mon Sep 17 00:00:00 2001
From: David Paleino <d.paleino@gmail.com>
Date: Thu, 19 Apr 2012 22:38:24 +0200
Subject: [PATCH] Fix bug caused by fix for CVE

---
 wicd/misc.py        |  8 +++++++
 wicd/wicd-daemon.py | 53 +++++----------------------------------------
 2 files changed, 14 insertions(+), 47 deletions(-)

diff --git a/wicd/misc.py b/wicd/misc.py
index 63e3128..43d035c 100644
--- a/wicd/misc.py
+++ b/wicd/misc.py
@@ -425,6 +425,14 @@ def noneToString(text):
     else:
         return to_unicode(text)
 
+def sanitize_config(s):
+    """ Sanitize property names to be used in config-files. """
+    s = s.strip()
+    s = s.replace('=', '')
+    s = s.replace(' ', '')
+    s = s.replace('\n', '')
+    return s
+
 def sanitize_escaped(s):
     """ Sanitize double-escaped unicode strings. """
     lastpos = -1
diff --git a/wicd/wicd-daemon.py b/wicd/wicd-daemon.py
index 3a2f182..6387f50 100644
--- a/wicd/wicd-daemon.py
+++ b/wicd/wicd-daemon.py
@@ -946,28 +946,6 @@ class WirelessDaemon(dbus.service.Object):
         self.LastScan = []
         self.config = ConfigManager(wireless_conf, debug=debug)
 
-        self._validProperties = (
-            'bssid',
-            'essid',
-            'hidden',
-            'channel',
-            'mode',
-            'enctype',
-            'encryption_method',
-            'key',
-            'automatic',
-            'ip',
-            'netmask',
-            'broadcast',
-            'gateway',
-            'use_static_dns',
-            'use_global_dns',
-            'dns1',
-            'dns2',
-            'dns3',
-            'use_settings_globally',
-        )
-
     def get_debug_mode(self):
         return self._debug_mode
     def set_debug_mode(self, mode):
@@ -1086,9 +1064,9 @@ class WirelessDaemon(dbus.service.Object):
     def SetWirelessProperty(self, netid, prop, value):
         """ Sets property to value in network specified. """
         # We don't write script settings here.
-        if prop.strip() not in self._validProperties:
-            print "Trying to set invalid property (or property not " \
-                  "permitted): "+ prop.strip() + "."
+        if misc.sanitize_config(prop).endswith('script'):
+            print 'Setting script properties through the daemon' \
+                  + ' is not permitted.'
             return False
         self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
 
@@ -1377,25 +1355,6 @@ class WiredDaemon(dbus.service.Object):
         self.WiredNetwork = {}
         self.config = ConfigManager(wired_conf, debug=debug)
 
-        self._validProperties = (
-            'ip',
-            'broadcast',
-            'netmask',
-            'gateway',
-            'search_domain',
-            'dns_domain',
-            'dns1',
-            'dns2',
-            'dns3',
-            'encryption_enabled',
-            'default',
-            'dhcphostname',
-            'lastused',
-            'profilename',
-            'use_global_dns',
-            'use_static_dns',
-        )
-
     def get_debug_mode(self):
         return self._debug_mode
     def set_debug_mode(self, mode):
@@ -1447,9 +1406,9 @@ class WiredDaemon(dbus.service.Object):
     def SetWiredProperty(self, prop, value):
         """ Sets the given property to the given value. """
         if self.WiredNetwork:
-            if prop.strip() not in self._validProperties:
-                print "Trying to set invalid property (or property not " \
-                      "permitted): "+ prop.strip() + "."
+            if misc.sanitize_config(prop).endswith('script'):
+                print 'Setting script properties through the daemon' \
+                      + ' is not permitted.'
                 return False
             self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
             return True