[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#668456: pu: package wicd/1.7.0+ds1-5+squeeze1

Hello Adam,

On Tue, 17 Apr 2012 20:51:37 +0100, Adam D. Barratt wrote:

> On Thu, 2012-04-12 at 00:31 +0200, David Paleino wrote:
> > I'm hereby requesting permission to upload a fix for wicd to p-u, bug
> > #668397 (CCed), CVE-2012-2095. "git diff" attached.
> > 
> > The patch for stable is slightly different from the one just pushed in
> > unstable: namely, it needed an additional "has_profile", which was used in
> > pre-1.7.1 versions.
> 
> +wicd (1.7.0+ds1-5+squeeze1) UNRELEASED; urgency=low
> +
> +  * debian/patches/:
> +    - fix local privilege escalation, CVE-2012-2095
> +      (31-fix_local_privilege_escalation.patch) (Closes: #668397)
> +
> 
> With the distribution fixed, please go ahead; thanks.

I changed the patch quite a bit, since it was buggy and made wicd not work at
all (see #669388).

Please find it attached: that's the one I'd like to push into p-u.

Thanks,
David

-- 
 . ''`.   Debian developer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 ----|---- http://deb.li/dapal
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174

From: David Paleino <d.paleino@gmail.com>
Subject: fix local privilege escalation, CVE-2012-2095
Origin: upstream, http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/758

---
 wicd/misc.py        |    8 ++++++++
 wicd/wicd-daemon.py |   16 ++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

--- wicd.orig/wicd/wicd-daemon.py
+++ wicd/wicd/wicd-daemon.py
@@ -1088,9 +1088,9 @@ class WirelessDaemon(dbus.service.Object
     def SetWirelessProperty(self, netid, prop, value):
         """ Sets property to value in network specified. """
         # We don't write script settings here.
-        if (prop.strip()).endswith("script"):
-            print "Setting script properties through the daemon is not" \
-                  + " permitted."
+        if misc.sanitize_config(prop).endswith('script'):
+            print 'Setting script properties through the daemon' \
+                  + ' is not permitted.'
             return False
         self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
 
@@ -1407,14 +1407,14 @@ class WiredDaemon(dbus.service.Object):
         return str(iface)
 
     @dbus.service.method('org.wicd.daemon.wired')
-    def SetWiredProperty(self, property, value):
+    def SetWiredProperty(self, prop, value):
         """ Sets the given property to the given value. """
         if self.WiredNetwork:
-            if (property.strip()).endswith("script"):
-                print "Setting script properties through the daemon" \
-                      + " is not permitted."
+            if misc.sanitize_config(prop).endswith('script'):
+                print 'Setting script properties through the daemon' \
+                      + ' is not permitted.'
                 return False
-            self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value))
+            self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
             return True
         else:
             print 'SetWiredProperty: WiredNetwork does not exist'
--- wicd.orig/wicd/misc.py
+++ wicd/wicd/misc.py
@@ -378,6 +378,14 @@ def noneToString(text):
     else:
         return str(text)
 
+def sanitize_config(s):
+    """ Sanitize property names to be used in config-files. """
+    s = s.strip()
+    s = s.replace('=', '')
+    s = s.replace(' ', '')
+    s = s.replace('\n', '')
+    return s
+
 def to_unicode(x):
     """ Attempts to convert a string to utf-8. """
     # If this is a unicode string, encode it and return

Attachment: signature.asc
Description: PGP signature

Reply to: