Fix bug caused by fix for CVE

2025-12-22 05:48:03 +01:00 · 2012-04-19 22:38:24 +02:00
parent 0729e342f1
commit 33d60963ef
2 changed files with 14 additions and 47 deletions
--- a/wicd/misc.py
+++ b/wicd/misc.py
@@ -425,6 +425,14 @@ def noneToString(text):
    else:
        return to_unicode(text)

+def sanitize_config(s):
+    """ Sanitize property names to be used in config-files. """
+    s = s.strip()
+    s = s.replace('=', '')
+    s = s.replace(' ', '')
+    s = s.replace('\n', '')
+    return s
+
 def sanitize_escaped(s):
    """ Sanitize double-escaped unicode strings. """
    lastpos = -1
--- a/wicd/wicd-daemon.py
+++ b/wicd/wicd-daemon.py
@@ -946,28 +946,6 @@ class WirelessDaemon(dbus.service.Object):
        self.LastScan = []
        self.config = ConfigManager(wireless_conf, debug=debug)

-        self._validProperties = (
-            'bssid',
-            'essid',
-            'hidden',
-            'channel',
-            'mode',
-            'enctype',
-            'encryption_method',
-            'key',
-            'automatic',
-            'ip',
-            'netmask',
-            'broadcast',
-            'gateway',
-            'use_static_dns',
-            'use_global_dns',
-            'dns1',
-            'dns2',
-            'dns3',
-            'use_settings_globally',
-        )
-
    def get_debug_mode(self):
        return self._debug_mode
    def set_debug_mode(self, mode):
@@ -1086,9 +1064,9 @@ class WirelessDaemon(dbus.service.Object):
    def SetWirelessProperty(self, netid, prop, value):
        """ Sets property to value in network specified. """
        # We don't write script settings here.
-        if prop.strip() not in self._validProperties:
-            print "Trying to set invalid property (or property not " \
-                  "permitted): "+ prop.strip() + "."
+        if misc.sanitize_config(prop).endswith('script'):
+            print 'Setting script properties through the daemon' \
+                  + ' is not permitted.'
            return False
        self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))

@@ -1377,25 +1355,6 @@ class WiredDaemon(dbus.service.Object):
        self.WiredNetwork = {}
        self.config = ConfigManager(wired_conf, debug=debug)

-        self._validProperties = (
-            'ip',
-            'broadcast',
-            'netmask',
-            'gateway',
-            'search_domain',
-            'dns_domain',
-            'dns1',
-            'dns2',
-            'dns3',
-            'encryption_enabled',
-            'default',
-            'dhcphostname',
-            'lastused',
-            'profilename',
-            'use_global_dns',
-            'use_static_dns',
-        )
-
    def get_debug_mode(self):
        return self._debug_mode
    def set_debug_mode(self, mode):
@@ -1447,9 +1406,9 @@ class WiredDaemon(dbus.service.Object):
    def SetWiredProperty(self, prop, value):
        """ Sets the given property to the given value. """
        if self.WiredNetwork:
-            if prop.strip() not in self._validProperties:
-                print "Trying to set invalid property (or property not " \
-                      "permitted): "+ prop.strip() + "."
+            if misc.sanitize_config(prop).endswith('script'):
+                print 'Setting script properties through the daemon' \
+                      + ' is not permitted.'
                return False
            self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
            return True