I think, as you said, the vulnerability could be the import/export by
the path. I added these lines for check that:
=== modified file 'gufw/view/gufw.py'
--- gufw/view/gufw.py 2014-12-13 15:33:17 +0000
+++ gufw/view/gufw.py 2015-01-16 15:51:03 +0000
@@ -344,6 +344,12 @@
def on_menu_import_activate(self, widget, data=None): import_profile = self._file_dialog('open', _("Import Profile"))
+
+ # Shell injection?
+ if not os.path.exists(import_profile):
+ self.show_dialog(self.winMain, _("Path not valid"),
_("Please, report a bug here http://bugs.launchpad.net/gui-ufw"))
+ return
+
profile = os.path.basename(import_profile) #Filename
profile = os.path.splitext(profile)[0] # Ext
+ # Shell injection?
+ if not os.path.exists(export_profile):
+ self.show_dialog(self.winMain, _("Path not valid"),
_("Please, report a bug here http://bugs.launchpad.net/gui-ufw"))
+ return
+
if not export_profile: self.set_statusbar_msg(_("Export cancelled")) return
In other way, I think the profile name can't give a Shell injection,
because the init profiles are read as regular files from
/etc/gufw/*.profile, a new profile will be check this pattern:
^[A-Za-z0-9_-]*$ and a deleted profile will have the previous patter or
it will be a regular file.
Hi! I was thinking about this...
I think, as you said, the vulnerability could be the import/export by
the path. I added these lines for check that:
=== modified file 'gufw/view/gufw.py'
--- gufw/view/gufw.py 2014-12-13 15:33:17 +0000
+++ gufw/view/gufw.py 2015-01-16 15:51:03 +0000
@@ -344,6 +344,12 @@
def on_menu_ import_ activate( self, widget, data=None):
import_ profile = self._file_ dialog( 'open', _("Import Profile")) exists( import_ profile) : dialog( self.winMain, _("Path not valid"), bugs.launchpad. net/gui- ufw")) basename( import_ profile) #Filename splitext( profile) [0] # Ext
+
+ # Shell injection?
+ if not os.path.
+ self.show_
_("Please, report a bug here http://
+ return
+
profile = os.path.
profile = os.path.
@@ -367,6 +373,11 @@ export_ activate( self, widget, data=None):
export_ profile = self._file_ dialog( 'save', _("Export Profile"))
def on_menu_
+ # Shell injection? exists( export_ profile) : dialog( self.winMain, _("Path not valid"), bugs.launchpad. net/gui- ufw"))
self.set_ statusbar_ msg(_(" Export cancelled"))
return
+ if not os.path.
+ self.show_
_("Please, report a bug here http://
+ return
+
if not export_profile:
In other way, I think the profile name can't give a Shell injection, *.profile, a new profile will be check this pattern:
because the init profiles are read as regular files from
/etc/gufw/
^[A-Za-z0-9_-]*$ and a deleted profile will have the previous patter or
it will be a regular file.
What do you think? :)
Thanks a lot for your awesome feedback!
Costales