From dbbd0dc07ed6ddb927c9610ce5a6cd2dcf046a06 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 12 Oct 2010 16:16:39 +0000 Subject: [PATCH] This ensures that even if some wonky string encoding is passed as the body of a HTTP reply, it will be treated as binary. Fixes some of the HTTP Server exploits on Windows git-svn-id: file:///home/svn/framework3/trunk@10653 4d416f70-5f16-0410-b530-b9f4589650da --- lib/rex/proto/http/packet.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/rex/proto/http/packet.rb b/lib/rex/proto/http/packet.rb index 4122e24e50..25565623c6 100644 --- a/lib/rex/proto/http/packet.rb +++ b/lib/rex/proto/http/packet.rb @@ -165,7 +165,9 @@ class Packet # Converts the packet to a string. # def to_s - content = self.body.dup + # Duplicate and make sure this is 8BIT safe for Ruby 1.9 + content = self.body.unpack("C*").pack("C*") + # Update the content length field in the header with the body length. if (content) if !self.compress.nil?