diff -up wicd-1.7.0/wicd/wicd-daemon.py.CVE-2012-2095 wicd-1.7.0/wicd/wicd-daemon.py --- wicd-1.7.0/wicd/wicd-daemon.py.CVE-2012-2095 2012-08-02 13:23:50.350929278 -0400 +++ wicd-1.7.0/wicd/wicd-daemon.py 2012-08-02 13:25:45.757947487 -0400 @@ -1086,9 +1086,9 @@ class WirelessDaemon(dbus.service.Object def SetWirelessProperty(self, netid, prop, value): """ Sets property to value in network specified. """ # We don't write script settings here. - if (prop.strip()).endswith("script"): - print "Setting script properties through the daemon is not" \ - + " permitted." + if misc.sanitize_config(prop).endswith('script'): + print 'Setting script properties through the daemon' \ + + ' is not permitted.' return False self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value)) @@ -1405,14 +1405,14 @@ class WiredDaemon(dbus.service.Object): return str(iface) @dbus.service.method('org.wicd.daemon.wired') - def SetWiredProperty(self, property, value): + def SetWiredProperty(self, prop, value): """ Sets the given property to the given value. """ if self.WiredNetwork: - if (property.strip()).endswith("script"): - print "Setting script properties through the daemon" \ - + " is not permitted." + if misc.sanitize_config(prop).endswith('script'): + print 'Setting script properties through the daemon' \ + + ' is not permitted.' return False - self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value)) + self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value)) return True else: print 'SetWiredProperty: WiredNetwork does not exist'