current/SOURCES/wicd-1.7.0-CVE-2012-2095.patch

--- wicd/wicd-daemon.py.orig    2010-01-14 23:49:11.000000000 -0500
+++ wicd/wicd-daemon.py 2012-04-24 14:50:19.681993906 -0400
@@ -978,6 +978,28 @@
                                                  "wireless-settings.conf"),
                                     debug=debug)
 
+        self._validProperties = (
+            'bssid',
+            'essid',
+            'hidden',
+            'channel',
+            'mode',
+            'enctype',
+            'encryption_method',
+            'key',
+            'automatic',
+            'ip',
+            'netmask',
+            'broadcast',
+            'gateway',
+            'use_static_dns',
+            'use_global_dns',
+            'dns1',
+            'dns2',
+            'dns3',
+            'use_settings_globally',
+        )
+
     def get_debug_mode(self):
         return self._debug_mode
     def set_debug_mode(self, mode):
@@ -1086,9 +1108,9 @@
     def SetWirelessProperty(self, netid, prop, value):
         """ Sets property to value in network specified. """
         # We don't write script settings here.
-        if (prop.strip()).endswith("script"):
-            print "Setting script properties through the daemon is not" \
-                  + " permitted."
+        if prop.strip() not in self._validProperties:
+            print "Trying to set invalid property (or property not " \
+                  "permitted): "+ prop.strip() + "."
             return False
         self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
 
@@ -1365,6 +1387,25 @@
                                                  "wired-settings.conf"), 
                                     debug=debug)
 
+        self._validProperties = (
+            'ip',
+            'broadcast',
+            'netmask',
+            'gateway',
+            'search_domain',
+            'dns_domain',
+            'dns1',
+            'dns2',
+            'dns3',
+            'encryption_enabled',
+            'default',
+            'dhcphostname',
+            'lastused',
+            'profilename',
+            'use_global_dns',
+            'use_static_dns',
+        )
+
     def get_debug_mode(self):
         return self._debug_mode
     def set_debug_mode(self, mode):
@@ -1405,14 +1446,14 @@
         return str(iface)
 
     @dbus.service.method('org.wicd.daemon.wired')
-    def SetWiredProperty(self, property, value):
+    def SetWiredProperty(self, prop, value):
         """ Sets the given property to the given value. """
         if self.WiredNetwork:
-            if (property.strip()).endswith("script"):
-                print "Setting script properties through the daemon" \
-                      + " is not permitted."
+            if prop.strip() not in self._validProperties:
+                print "Trying to set invalid property (or property not " \
+                      "permitted): "+ prop.strip() + "."
                 return False
-            self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value))
+            self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
             return True
         else:
             print 'SetWiredProperty: WiredNetwork does not exist'
1	luigiwalser	233152	--- wicd/wicd-daemon.py.orig 2010-01-14 23:49:11.000000000 -0500
2			+++ wicd/wicd-daemon.py 2012-04-24 14:50:19.681993906 -0400
3			@@ -978,6 +978,28 @@
4			"wireless-settings.conf"),
5			debug=debug)
6
7			+ self._validProperties = (
8			+ 'bssid',
9			+ 'essid',
10			+ 'hidden',
11			+ 'channel',
12			+ 'mode',
13			+ 'enctype',
14			+ 'encryption_method',
15			+ 'key',
16			+ 'automatic',
17			+ 'ip',
18			+ 'netmask',
19			+ 'broadcast',
20			+ 'gateway',
21			+ 'use_static_dns',
22			+ 'use_global_dns',
23			+ 'dns1',
24			+ 'dns2',
25			+ 'dns3',
26			+ 'use_settings_globally',
27			+ )
28			+
29			def get_debug_mode(self):
30			return self._debug_mode
31			def set_debug_mode(self, mode):
32			@@ -1086,9 +1108,9 @@
33			def SetWirelessProperty(self, netid, prop, value):
34			""" Sets property to value in network specified. """
35			# We don't write script settings here.
36			- if (prop.strip()).endswith("script"):
37			- print "Setting script properties through the daemon is not" \
38			- + " permitted."
39			+ if prop.strip() not in self._validProperties:
40			+ print "Trying to set invalid property (or property not " \
41			+ "permitted): "+ prop.strip() + "."
42			return False
43			self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))
44
45			@@ -1365,6 +1387,25 @@
46			"wired-settings.conf"),
47			debug=debug)
48
49			+ self._validProperties = (
50			+ 'ip',
51			+ 'broadcast',
52			+ 'netmask',
53			+ 'gateway',
54			+ 'search_domain',
55			+ 'dns_domain',
56			+ 'dns1',
57			+ 'dns2',
58			+ 'dns3',
59			+ 'encryption_enabled',
60			+ 'default',
61			+ 'dhcphostname',
62			+ 'lastused',
63			+ 'profilename',
64			+ 'use_global_dns',
65			+ 'use_static_dns',
66			+ )
67			+
68			def get_debug_mode(self):
69			return self._debug_mode
70			def set_debug_mode(self, mode):
71			@@ -1405,14 +1446,14 @@
72			return str(iface)
73
74			@dbus.service.method('org.wicd.daemon.wired')
75			- def SetWiredProperty(self, property, value):
76			+ def SetWiredProperty(self, prop, value):
77			""" Sets the given property to the given value. """
78			if self.WiredNetwork:
79			- if (property.strip()).endswith("script"):
80			- print "Setting script properties through the daemon" \
81			- + " is not permitted."
82			+ if prop.strip() not in self._validProperties:
83			+ print "Trying to set invalid property (or property not " \
84			+ "permitted): "+ prop.strip() + "."
85			return False
86			- self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value))
87			+ self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
88			return True
89			else:
90			print 'SetWiredProperty: WiredNetwork does not exist'