dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #386 from jlee-r7/fix-posix-execute 

Fix posix execute
This commit is contained in:
sinn3r 2012-05-13 16:17:34 -07:00
parent 2e8b11ca78 73331b66e6
commit 0b817944c3
1 changed files with 22 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
external/source/meterpreter/source/extensions/stdapi/server/sys/process/process.c vendored
View File

@ -553,11 +553,12 @@ DWORD request_sys_process_execute(Remote *remote, Packet *packet)
#else
PCHAR path, arguments;;
DWORD flags;
char *argv[64], *p;
char *argv[8], *command_line;
int cl_len = 0;
int in[2] = { -1, -1 }, out[2] = {-1, -1}; // file descriptors
int master = -1, slave = -1;
int devnull = -1;
int idx;
int idx, i;
pid_t pid;
int have_pty = -1;
@ -585,18 +586,26 @@ DWORD request_sys_process_execute(Remote *remote, Packet *packet)
idx = 0;
if(arguments) {
p = arguments;
argv[idx++] = path;
argv[idx++] = arguments;
for(p = strchr(p, ' '); p && idx < 63; p = strchr(p, ' ')) {
*p++ = 0;
argv[idx++] = p;
}
argv[idx++] = NULL;
// Add one for the null, one for the space
cl_len = strlen(path) + strlen(arguments) + 2;
command_line = malloc(cl_len);
memset(command_line, 0, cl_len);
strcat(command_line, path);
strcat(command_line, " ");
strcat(command_line, arguments);
argv[idx++] = "sh";
argv[idx++] = "-c";
argv[idx++] = command_line;
path = "/bin/sh";
} else {
argv[idx++] = path;
argv[idx++] = NULL;
}
argv[idx++] = NULL;
//for (i = 0; i < idx; i++) {
// dprintf(" argv[%d] = %s", i, argv[i]);
//}
// If the channelized flag is set, create a pipe for stdin/stdout/stderr
// such that input can be directed to and from the remote endpoint
@ -684,7 +693,6 @@ DWORD request_sys_process_execute(Remote *remote, Packet *packet)
pid = fork();
switch(pid) {
int i;
case -1:
result = errno;
break;
@ -735,8 +743,10 @@ DWORD request_sys_process_execute(Remote *remote, Packet *packet)
exit(EXIT_FAILURE);
default:
dprintf("child pid is %d\n", pid);
packet_add_tlv_uint(response, TLV_TYPE_PID,(DWORD)pid);
if (flags & PROCESS_EXECUTE_FLAG_CHANNELIZED) {
if(have_pty) {
dprintf("child channelized\n");
close(slave);
} else {
close(in[0]);