File sysconfig-CVE-2011-4182-fixed-quoting-in-ifserv... of Package sysconfig

Overview Repositories Revisions Requests Users Attributes Meta

File sysconfig-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch of Package sysconfig

From 74f224c74c2c463365b0d39c14117870ce5776d5 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Fri, 16 Dec 2011 16:03:15 +0100
Subject: [PATCH] CVE-2011-4182 - fixed quoting in ifservices script

Fixed to quote config / interface variables in ifservices script
and cleaned up content of the ESSID which gets appended to them
by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182).
Fixed also to return proper exit code 0 in NM dispatcher hooks.

Signed-off-by: Marius Tomaschewski <mt@suse.com>
---
 scripts/ifup-services       |   10 +++++-----
 scripts/netcontrol_services |    6 ++++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/scripts/ifup-services b/scripts/ifup-services
index 2047d34..8a3b083 100755
--- a/scripts/ifup-services
+++ b/scripts/ifup-services
@@ -95,15 +95,15 @@ done
 ######################################################################
 # check presence of configuration file and source it
 #
-test -f ./ifcfg-$CONFIG && . ./ifcfg-$CONFIG
+test -f "./ifcfg-$CONFIG" && . "./ifcfg-$CONFIG"
 if [ -d "ifservices-$CONFIG" ] ; then
-	cd ifservices-$CONFIG
+	cd "ifservices-$CONFIG"
 elif [ -d "ifservices-$INTERFACE" ] ; then
-	cd ifservices-$INTERFACE
+	cd "ifservices-$INTERFACE"
 elif [ -d "ifservices-${INTERFACE%%-*}" ] ; then
-	cd ifservices-${INTERFACE%%-*}
+	cd "ifservices-${INTERFACE%%-*}"
 elif [ -d "ifservices" ] ; then
-	cd ifservices
+	cd "ifservices"
 else
 	debug "No services to handle for '$CONFIG $INTERFACE'"
 	exit 0
diff --git a/scripts/netcontrol_services b/scripts/netcontrol_services
index 928f466..d0a55b7 100755
--- a/scripts/netcontrol_services
+++ b/scripts/netcontrol_services
@@ -28,10 +28,12 @@
 # Note that services are stopped always _after_ the interface is down. Stopping
 # services earlier would require a change in NetworkManager itself.
 
-cd /etc/sysconfig/network/ || exit
+cd /etc/sysconfig/network/ || exit 0
 test -r ./config && . ./config
 test -r scripts/functions && . scripts/functions
 
-E="`iwconfig ${1} 2>/dev/null | sed -n 's/^.*ESSID:\"$[^\"]*$\".*$/\1/p'`"
+E=`iwconfig "${1}" 2>/dev/null | \
+	sed -n 's/^.*ESSID:\"$[^\"]*$\".*$/\1/p' | \
+	sed -e 's/[^abcdefghijklmnopqrstuvwxyz0123456789=._-]/_/gi'`
 info_mesg "calling 'if${2}-services ${1}${E:+-$E}'"
 scripts/if${2}-services "${1}${E:+-$E}"
-- 
1.7.3.4

Places

File sysconfig-CVE-2011-4182-fixed-quoting-in-ifservices-script.patch of Package sysconfig

Places