dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Validate payload size even when not encoding

This commit is contained in:
Spencer McIntyre 2022-02-25 15:40:32 -05:00
parent 65626bedd4
commit 147837e9b6
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/msf/core/encoded_payload.rb
View File

@ -75,7 +75,7 @@ class EncodedPayload
# If encoder is set, it could be an encoders list
# The form is "<encoder>:<iteration>, <encoder2>:<iteration>"...
if reqs['Encoder']
unless reqs['Encoder'].blank?
encoder_str = reqs['Encoder']
encoder_str.scan(/([^:, ]+):?([^,]+)?/).map do |encoder_opt|
reqs['Encoder'] = encoder_opt[0]
@ -129,6 +129,10 @@ class EncodedPayload
# encoded attribute.
#
def encode
# Get the minimum number of nops to use
min = (reqs['MinNops'] || 0).to_i
min = 0 if reqs['DisableNops']
# If the exploit needs the payload to be encoded, we need to run the list of
# encoders in ranked precedence and try to encode with them.
if needs_encoding
@ -245,10 +249,6 @@ class EncodedPayload
break
end
# Get the minimum number of nops to use
min = (reqs['MinNops'] || 0).to_i
min = 0 if reqs['DisableNops']
# Check to see if we have enough room for the minimum requirements
if ((reqs['Space']) and (reqs['Space'] < eout.length + min))
wlog("#{err_start}: Encoded payload version is too large (#{eout.length} bytes) with encoder #{encoder.refname}",
@ -284,6 +284,11 @@ class EncodedPayload
ilog("#{pinst.refname}: payload contains no badchars, skipping automatic encoding", 'core', LEV_0)
end
if reqs['Space'] and (reqs['Space'] < raw.length + min)
wlog("#{pinst.refname}: Raw (unencoded) payload is too large (#{raw.length} bytes)", 'core', LEV_1)
raise PayloadSpaceViolation, 'The payload exceeds the specified space', caller
end
self.encoded = raw
end
@ -530,7 +535,7 @@ protected
attr_accessor :reqs
def needs_encoding
reqs['Encoder'] || reqs['ForceEncode'] || has_chars?(reqs['BadChars'])
!reqs['Encoder'].blank? || reqs['ForceEncode'] || has_chars?(reqs['BadChars'])
end
def has_chars?(chars)