diff -up wicd-1.7.0/wicd/wicd-daemon.py.CVE-2012-2095 wicd-1.7.0/wicd/wicd-daemon.py
--- wicd-1.7.0/wicd/wicd-daemon.py.CVE-2012-2095 2012-08-02 13:23:50.350929278 -0400
+++ wicd-1.7.0/wicd/wicd-daemon.py 2012-08-02 13:25:45.757947487 -0400
@@ -1086,9 +1086,9 @@ class WirelessDaemon(dbus.service.Object
def SetWirelessProperty(self, netid, prop, value):
""" Sets property to value in network specified. """
# We don't write script settings here.
- if (prop.strip()).endswith("script"):
- print "Setting script properties through the daemon is not" \
- + " permitted."
+ if misc.sanitize_config(prop).endswith('script'):
+ print 'Setting script properties through the daemon' \
+ + ' is not permitted.'
return False
self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
@@ -1405,14 +1405,14 @@ class WiredDaemon(dbus.service.Object):
return str(iface)
@dbus.service.method('org.wicd.daemon.wired')
- def SetWiredProperty(self, property, value):
+ def SetWiredProperty(self, prop, value):
""" Sets the given property to the given value. """
if self.WiredNetwork:
- if (property.strip()).endswith("script"):
- print "Setting script properties through the daemon" \
- + " is not permitted."
+ if misc.sanitize_config(prop).endswith('script'):
+ print 'Setting script properties through the daemon' \
+ + ' is not permitted.'
return False
- self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value))
+ self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
return True
else:
print 'SetWiredProperty: WiredNetwork does not exist'
distrib
>
Fedora
>
16
>
x86_64
>
media
>
updates-src
>
by-pkgid
>
86c2544c4ea5fadaa452b834e7aa6b7f
>
files
>
3
