Package: netapplet Severity: critical Tags: security, patch Hi Matthew!
The changelog does not show any sign that http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1040 is fixed. The CAN entry is pretty empty (just points at the SuSE security announcement), but they posted a patch to vendor-sec (attached). Can you please review that? Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
Index: netapplet.c
===================================================================
RCS file: /cvs/gnome/netapplet/src/netapplet.c,v
retrieving revision 1.11
diff -u -u -r1.11 netapplet.c
--- netapplet.c 13 Mar 2005 23:39:22 -0000 1.11
+++ netapplet.c 16 Mar 2005 20:50:45 -0000
@@ -91,6 +91,9 @@
static NetApplet *netapplet;
+static guint update_id = 0;
+static gboolean window_shown = FALSE;
+
static void populate_popup_menu (void);
static void
@@ -599,11 +602,24 @@
const char *key;
key = gtk_entry_get_text (GTK_ENTRY (entry_key));
+ key = verify_string (key);
+ if (!key) {
+ GtkWidget *error_dialog;
- netapplet_set_essid (old_essid, key);
-
- if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON
(checkbox_keyring)))
+ error_dialog = gtk_message_dialog_new_with_markup (
+ NULL, 0, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
+ _("<span weight=\"bold\" size=\"larger\">"
+ "Invalid Encryption Key: "
+ "</span>\n\n"
+ "Key contains illegal characters!"));
+ gtk_dialog_run (GTK_DIALOG (error_dialog));
+ gtk_widget_destroy (error_dialog);
+ } else {
+ netapplet_set_essid (old_essid, key);
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON
+ (checkbox_keyring)))
keyring_save (old_essid, key);
+ }
}
g_free (old_essid);
@@ -711,12 +727,43 @@
essid = gtk_entry_get_text (GTK_ENTRY (entry_essid));
key = gtk_entry_get_text (GTK_ENTRY (entry_key));
- if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON
(checkbox_keyring)))
- keyring_save (essid, key);
+ essid = verify_string (essid);
+ if (!essid || *essid == '\0') {
+ GtkWidget *error_dialog;
+
+ error_dialog = gtk_message_dialog_new_with_markup (
+ NULL, 0, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
+ _("<span weight=\"bold\" size=\"larger\">"
+ "Invalid ESSID: "
+ "</span>\n\n"
+ "ESSID is blank or "
+ "contains illegal characters!"));
+ gtk_dialog_run (GTK_DIALOG (error_dialog));
+ gtk_widget_destroy (error_dialog);
+ goto out;
+ }
+ key = verify_string (key);
+ if (!key) {
+ GtkWidget *error_dialog;
+
+ error_dialog = gtk_message_dialog_new_with_markup (
+ NULL, 0, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
+ _("<span weight=\"bold\" size=\"larger\">"
+ "Invalid Encryption Key:</span>\n\n"
+ "Key contains illegal characters!"));
+ gtk_dialog_run (GTK_DIALOG (error_dialog));
+ gtk_widget_destroy (error_dialog);
+ goto out;
+ }
+
+ if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON
+ (checkbox_keyring)))
+ keyring_save (essid, key);
netapplet_set_essid (essid, key);
}
+out:
gtk_widget_destroy (dialog);
g_object_unref (xml);
}
@@ -735,9 +782,6 @@
return label;
}
-static guint update_id = 0;
-static gboolean window_shown = FALSE;
-
static gboolean
update_info(GladeXML *xml)
{
@@ -1255,11 +1299,12 @@
*push_in = TRUE;
}
-
static void
active_scan_on (void)
{
netapplet->active_scanning = TRUE;
+ if (!netapplet->active)
+ return;
if (g_str_has_prefix (netapplet->active->interface, "ath")) {
netapplet_get_accesspoints (netapplet->active->interface);
netapplet_get_wireless (netapplet->active->interface);
Index: netcommon.c
===================================================================
RCS file: /cvs/gnome/netapplet/src/netcommon.c,v
retrieving revision 1.3
diff -u -u -r1.3 netcommon.c
--- netcommon.c 4 Oct 2004 18:34:20 -0000 1.3
+++ netcommon.c 16 Mar 2005 20:50:45 -0000
@@ -22,6 +22,26 @@
# define dbg(fmt,arg...) do { } while(0)
#endif
+/*
+ * Check general strings for sanity. Used for ESSID's and keys. We allow
+ * spaces and alphanumerics, nothing else.
+ */
+const char *
+verify_string (const char *str)
+{
+ const char *s = str;
+
+ if (!str || *s == '\0')
+ return str;
+
+ do {
+ if (!g_ascii_isalnum (*s) && *s != ' ')
+ return NULL;
+ } while (*++s != '\0');
+
+ return str;
+}
+
static GIOStatus
netcommon_write_chars_all (GIOChannel *channel, const char *buf,
gssize count, GError **err)
Index: netcommon.h
===================================================================
RCS file: /cvs/gnome/netapplet/src/netcommon.h,v
retrieving revision 1.2
diff -u -u -r1.2 netcommon.h
--- netcommon.h 4 Oct 2004 18:26:15 -0000 1.2
+++ netcommon.h 16 Mar 2005 20:50:45 -0000
@@ -12,6 +12,8 @@
#define CLIPBOARD_NAME "NETAPPLET_SELECTION"
+const char * verify_string (const char *str);
+
void netcommon_send_message (GIOChannel *channel,
const char *command,
...);
Index: netdaemon.c
===================================================================
RCS file: /cvs/gnome/netapplet/src/netdaemon.c,v
retrieving revision 1.7
diff -u -u -r1.7 netdaemon.c
--- netdaemon.c 7 Mar 2005 16:30:44 -0000 1.7
+++ netdaemon.c 16 Mar 2005 20:50:45 -0000
@@ -433,6 +433,30 @@
}
#endif
+/*
+ * Sanitize the interface. We cannot trust the networking shell
+ * scripts, which have escaping problems out the wazoo.
+ */
+static const char *
+verify_interface (const char *interface)
+{
+ GSList *iface_list, *iter;
+
+ if (!interface)
+ return NULL;
+
+ iface_list = get_interfaces ();
+ if (!iface_list)
+ return NULL;
+
+ for (iter = iface_list; iter != NULL; iter = iter->next) {
+ if (strcmp (iter->data, interface) == 0)
+ return interface;
+ }
+
+ return NULL;
+}
+
static void
netdaemon_disconnect_all (void)
{
@@ -462,7 +486,11 @@
static void
netdaemon_do_change_active (GIOChannel *channel G_GNUC_UNUSED, char **args)
{
- if (!args[1])
+ const char *interface;
+
+ /* Is this interface valid ? */
+ interface = verify_interface (args[1]);
+ if (!interface)
return;
/*
@@ -477,14 +505,15 @@
* a static IP from sharing earlier, reset it to Managed mode with
* a dynamic IP now.
*/
- if (! strcmp (get_network_type (args[1]), TYPE_WIRELESS))
- modify_interface_config (args[1], "dhcp", NULL, NULL,
"Managed", NULL, NULL);
+ if (!strcmp (get_network_type (interface), TYPE_WIRELESS))
+ modify_interface_config (interface, "dhcp", NULL, NULL,
+ "Managed", NULL, NULL);
/* Bring the interface up */
- if (ifup (args[1])) {
- netcommon_send_message (channel, "active", args[1], NULL);
+ if (ifup (interface)) {
+ netcommon_send_message (channel, "active", interface, NULL);
g_free (active_iface);
- active_iface = g_strdup (args[1]);
+ active_iface = g_strdup (interface);
}
/*
@@ -511,7 +540,7 @@
const char *type;
if (active_iface != NULL &&
- strcmp (active_iface, interface) == 0)
+ strcmp (active_iface, interface) == 0)
found_active = TRUE;
type = get_network_type (interface);
@@ -884,10 +913,14 @@
static void
netdaemon_do_get_accesspoints (GIOChannel *channel, char **args)
{
- const char *interface = args[1];
+ const char *interface;
struct iwreq wrq;
int fd;
+ interface = verify_interface (args[1]);
+ if (!interface)
+ return;
+
fd = iw_sockets_open ();
if (fd < 0)
return;
@@ -993,20 +1026,32 @@
static void
netdaemon_do_change_essid (GIOChannel *channel, char **args)
{
- if (modify_interface_config (args[1],
- "dhcp", /* bootproto */
- NULL, /* ip address */
- NULL, /* netmask */
- "Managed", /* Wireless mode */
- args[2], /* essid */
- args[3])) /* key */
+ const char *interface, *essid, *key;
+
+ interface = verify_interface (args[1]);
+ if (!interface)
+ return;
+ essid = verify_string (args[2]);
+ if (!essid)
+ return;
+ key = verify_string (args[3]);
+ if (!key)
+ return;
+
+ if (modify_interface_config (interface, /* interface */
+ "dhcp", /* bootproto */
+ NULL, /* ip address */
+ NULL, /* netmask */
+ "Managed", /* Wireless mode */
+ essid, /* essid */
+ key)) /* key */
netdaemon_do_change_active (channel, args);
}
static void
netdaemon_do_get_wireless (GIOChannel *channel, char **args)
{
- const char *interface = args[1];
+ const char *interface;
int skfd;
struct iwreq wrq;
char essid[IW_ESSID_MAX_SIZE + 1];
@@ -1015,6 +1060,10 @@
char *escaped_essid, *msg;
float quality;
+ interface = verify_interface (args[1]);
+ if (!interface)
+ return;
+
skfd = iw_sockets_open ();
if (skfd < 0)
return;
signature.asc
Description: Digital signature
