Properly escape certificates/keys when sending them to NetworkManager

seveas · seveas · commit 91ab5368b4d8 · 2017-03-06T22:05:40.000+01:00
diff --git a/NetworkManager.py b/NetworkManager.py
@@ -471,6 +471,9 @@ def to_dbus(klass, method, arg, val, signature):
                     settings[key]['cloned-mac-address'] = fixups.mac_to_dbus(settings[key]['cloned-mac-address'])
                 if 'bssid' in settings[key]:
                     settings[key]['bssid'] = fixups.mac_to_dbus(settings[key]['bssid'])
+                for cert in ['ca-cert', 'client-cert', 'phase2-ca-cert', 'phase2-client-cert', 'private-key']:
+                    if cert in settings[key]:
+                        settings[key][cert] = fixups.cert_to_dbus(settings[key][cert])
             if 'ssid' in settings.get('802-11-wireless', {}):
                 settings['802-11-wireless']['ssid'] = fixups.ssid_to_dbus(settings['802-11-wireless']['ssid'])
             if 'ipv4' in settings:
@@ -687,6 +690,14 @@ def route_to_dbus(route,family):
             metric
         ]
 
+    @staticmethod
+    def cert_to_dbus(cert):
+        if not isinstance(cert, bytes):
+            if not cert.startswith('file://'):
+                cert = 'file://' + cert
+            cert = cert.encode('utf-8') + b'\0'
+        return [dbus.Byte(x) for x in cert]
+
 # Turn NetworkManager and Settings into singleton objects
 NetworkManager = NetworkManager()
 Settings = Settings()
