From a56dd5d1ff5afec6bde5352359a2690eee45bd17 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 20 Apr 2015 15:44:45 -0500 Subject: [PATCH 1/5] Do minor style cleanup --- lib/msf/core/option_container.rb | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/msf/core/option_container.rb b/lib/msf/core/option_container.rb index 479f5590d0..a3ec186e26 100644 --- a/lib/msf/core/option_container.rb +++ b/lib/msf/core/option_container.rb @@ -378,17 +378,18 @@ class OptAddressRange < OptBase def normalize(value) return nil unless value.kind_of?(String) - if (value =~ /^rand:(.*)/) + if value =~ /^rand:(.*)/ count = $1.to_i return false if count < 1 ret = '' - count.times { - ret << " " if not ret.empty? - ret << [ rand(0x100000000) ].pack("N").unpack("C*").map{|x| x.to_s }.join(".") - } + count.times do + ret << ' ' unless ret.empty? + ret << [ rand(0x100000000) ].pack('N').unpack('C*').map{|x| x.to_s }.join('.') + end return ret end - return value + + value end def valid?(value) From 1b85cd2853815aae8bc0b74be15815fc9ffb9db7 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 20 Apr 2015 15:53:58 -0500 Subject: [PATCH 2/5] Use single quotes --- lib/msf/ui/console/command_dispatcher/core.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb index f76af2bcc0..bd5e831c6e 100644 --- a/lib/msf/ui/console/command_dispatcher/core.rb +++ b/lib/msf/ui/console/command_dispatcher/core.rb @@ -2072,9 +2072,9 @@ class Core if value =~ /^file:(.*)/ && ::File.file?($1) fname = $1 if ::File.size(fname) > (1024*1024) - print_error("The file name specified is too big (over 1Mb)") + print_error('The file name specified is too big (over 1Mb)') else - ::File.open(fname, "rb") {|fd| value = fd.read(fd.stat.size) } + ::File.open(fname, 'rb') {|fd| value = fd.read(fd.stat.size) } end end From c629d8593a6f6e4f72e83dbf8a62f228e989f7f4 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 20 Apr 2015 16:19:29 -0500 Subject: [PATCH 3/5] Solve my own concerning about race conditions, just in case... --- lib/msf/ui/console/command_dispatcher/core.rb | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb index bd5e831c6e..61a073782e 100644 --- a/lib/msf/ui/console/command_dispatcher/core.rb +++ b/lib/msf/ui/console/command_dispatcher/core.rb @@ -2069,12 +2069,22 @@ class Core end # If the value starts with file: and exists, load the file as the value - if value =~ /^file:(.*)/ && ::File.file?($1) + if value =~ /^file:(.*)/ fname = $1 - if ::File.size(fname) > (1024*1024) + + begin + fd = ::File.new(fname) + rescue ::Errno::ENOENT + print_error('The file name specified does not exist') + fd = nil + end + + if fd && fd.stat.size > (1024 * 1024) print_error('The file name specified is too big (over 1Mb)') - else - ::File.open(fname, 'rb') {|fd| value = fd.read(fd.stat.size) } + fd.close + elsif fd + value = fd.read(fd.stat.size) + fd.close end end From 329e28c47cf221d43e6b37022b920f7c108520a1 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 20 Apr 2015 16:29:11 -0500 Subject: [PATCH 4/5] Keep the old value if value can't be loaded from file --- lib/msf/ui/console/command_dispatcher/core.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb index 61a073782e..179db404e8 100644 --- a/lib/msf/ui/console/command_dispatcher/core.rb +++ b/lib/msf/ui/console/command_dispatcher/core.rb @@ -2068,7 +2068,8 @@ class Core return true end - # If the value starts with file: and exists, load the file as the value + # If the value starts with file: exists, and size isn't too big load the file as the value + # Otherwise keep the old value if value =~ /^file:(.*)/ fname = $1 @@ -2076,11 +2077,13 @@ class Core fd = ::File.new(fname) rescue ::Errno::ENOENT print_error('The file name specified does not exist') + value = datastore[name] fd = nil end if fd && fd.stat.size > (1024 * 1024) print_error('The file name specified is too big (over 1Mb)') + value = datastore[name] fd.close elsif fd value = fd.read(fd.stat.size) From 831e65261dffa9cf344f47a9fcc393206d7f97ba Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 20 Apr 2015 17:37:41 -0500 Subject: [PATCH 5/5] Add lengths specs --- lib/msf/ui/console/command_dispatcher/core.rb | 2 +- .../console/command_dispatcher/core_spec.rb | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb index 179db404e8..046ba75587 100644 --- a/lib/msf/ui/console/command_dispatcher/core.rb +++ b/lib/msf/ui/console/command_dispatcher/core.rb @@ -2074,7 +2074,7 @@ class Core fname = $1 begin - fd = ::File.new(fname) + fd = ::File.new(fname, 'rb') rescue ::Errno::ENOENT print_error('The file name specified does not exist') value = datastore[name] diff --git a/spec/lib/msf/ui/console/command_dispatcher/core_spec.rb b/spec/lib/msf/ui/console/command_dispatcher/core_spec.rb index 234ae76c3a..4569e2ec74 100644 --- a/spec/lib/msf/ui/console/command_dispatcher/core_spec.rb +++ b/spec/lib/msf/ui/console/command_dispatcher/core_spec.rb @@ -160,6 +160,70 @@ describe Msf::Ui::Console::CommandDispatcher::Core do it "should show the correct value when both the module and the framework have this variable" do set_and_test_variable(name, 'FRAMEWORK', 'MODULE', /^#{name} => FRAMEWORK$/, /^#{name} => MODULE$/) end + + context "when using file: prefix in the value" do + context "when the file exists" do + + before(:each) do + allow(::File).to receive(:new) do |filename, mode| + fd = StringIO.new(file_contents, mode) + fd + end + + allow_any_instance_of(::StringIO).to receive(:stat) do |io| + file_contents + end + end + + context "when the size is 1MB" do + let(:file_name) do + ::Rex::Text.rand_text_alpha(10).upcase + end + + let(:file_contents) do + ::Rex::Text.rand_text_alpha(1024 * 1024).upcase + end + + it "should show the new value" do + set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => #{file_contents}$/) + end + end + + context "when the size is greater than 1MB" do + let(:file_name) do + ::Rex::Text.rand_text_alpha(10).upcase + end + + let(:file_contents) do + ::Rex::Text.rand_text_alpha(1024 * 1025).upcase + end + + it "should show the old value" do + set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => $/) + end + end + + context "when the size is less than 1MB" do + let(:file_name) do + ::Rex::Text.rand_text_alpha(10).upcase + end + + let(:file_contents) do + ::Rex::Text.rand_text_alpha(10).upcase + end + + it "should show the new value" do + set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => #{file_contents}$/) + end + end + end + + context "when the file doesn't exist" do + it "should show the old value" do + set_and_test_variable(name, nil, "file:/#{::Rex::Text.rand_text_alpha(10).upcase}", nil, /^#{name} => $/) + end + end + end end end end