infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix #6242, Check nil for sock.read 

Fix #6242
bug/bundler_fix
wchen-r7 2015-11-16 14:24:46 -06:00
parent f0da09090d
commit 17a1f2ee8a
8 changed files with 52 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/auxiliary/scanner/db2/discovery.rb
View File

@ -32,9 +32,15 @@ class Metasploit3 < Msf::Auxiliary
connect_udp connect_udp
udp_sock.put(pkt) udp_sock.put(pkt)
res = udp_sock.read(1024).split(/\x00/) res = udp_sock.read(1024)
unless res
print_error("Unable to determine version info for #{ip}")
return
end
res = res.split(/\x00/)
if (res)
report_note( report_note(
:host => ip, :host => ip,
:proto => 'udp', :proto => 'udp',
@ -42,6 +48,7 @@ class Metasploit3 < Msf::Auxiliary
:type => 'SERVICE_INFO', :type => 'SERVICE_INFO',
:data => res[2] + "_" + res[1] :data => res[2] + "_" + res[1]
) )
report_service( report_service(
:host => ip, :host => ip,
:port => datastore['RPORT'], :port => datastore['RPORT'],
@ -49,16 +56,13 @@ class Metasploit3 < Msf::Auxiliary
:name => "ibm-db2", :name => "ibm-db2",
:info => res[2] + "_" + res[1] :info => res[2] + "_" + res[1]
) )
print_status("Host #{ip} node name is " + res[2] + " with a product id of " + res[1] )
else
print_error("Unable to determine version info for #{ip}")
end
disconnect_udp print_status("Host #{ip} node name is " + res[2] + " with a product id of " + res[1] )
rescue ::Rex::ConnectionError rescue ::Rex::ConnectionError
rescue ::Errno::EPIPE rescue ::Errno::EPIPE
ensure
disconnect_udp
end end
end end

5
modules/auxiliary/scanner/ftp/bison_ftp_traversal.rb
View File

@ -71,6 +71,11 @@ class Metasploit3 < Msf::Auxiliary
# read the file data from the socket that we opened # read the file data from the socket that we opened
response_data = sock.read(1024) response_data = sock.read(1024)
unless response_data
print_error("#{file} not found")
return
end
if response_data.length == 0 if response_data.length == 0
print_status("File (#{file_path})from #{peer} is empty...") print_status("File (#{file_path})from #{peer} is empty...")
return return

5
modules/auxiliary/scanner/ftp/pcman_ftp_traversal.rb
View File

@ -70,6 +70,11 @@ class Metasploit3 < Msf::Auxiliary
# read the file data from the socket that we opened # read the file data from the socket that we opened
response_data = sock.read(1024) response_data = sock.read(1024)
unless response_data
print_error("#{file_path} not found")
return
end
if response_data.length == 0 or ! (res =~ /^150/ ) if response_data.length == 0 or ! (res =~ /^150/ )
print_status("File (#{file_path})from #{peer} is empty...") print_status("File (#{file_path})from #{peer} is empty...")
return return

5
modules/auxiliary/scanner/motorola/timbuktu_udp.rb
View File

@ -52,8 +52,11 @@ class Metasploit3 < Msf::Auxiliary
else else
print_error("Unable to determine info for #{ip}...") print_error("Unable to determine info for #{ip}...")
end end
rescue ::Errno::EPIPE, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused => e
vprint_error(e.message)
elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
ensure
disconnect_udp disconnect_udp
rescue ::Errno::EPIPE, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
end end
end end
end end

2
modules/auxiliary/scanner/oracle/tnspoison_checker.rb
View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
send_packet = tns_packet("(CONNECT_DATA=(COMMAND=service_register_NSGR))") send_packet = tns_packet("(CONNECT_DATA=(COMMAND=service_register_NSGR))")
sock.put(send_packet) sock.put(send_packet)
packet = sock.read(100) packet = sock.read(100)
find_packet = packet.include? "(ERROR_STACK=(ERROR=" find_packet = /\(ERROR_STACK=\(ERROR=/ === packet
find_packet == true ? print_error("#{ip}:#{rport} is not vulnerable ") : print_good("#{ip}:#{rport} is vulnerable") find_packet == true ? print_error("#{ip}:#{rport} is not vulnerable ") : print_good("#{ip}:#{rport} is vulnerable")
# TODO: Module should report_vuln if this finding is solid. # TODO: Module should report_vuln if this finding is solid.
rescue ::Rex::ConnectionError, ::Errno::EPIPE rescue ::Rex::ConnectionError, ::Errno::EPIPE

2
modules/auxiliary/scanner/sap/sap_router_info_request.rb
View File

@ -109,7 +109,7 @@ class Metasploit4 < Msf::Auxiliary
print_good("#{host_port} - Connected to saprouter") print_good("#{host_port} - Connected to saprouter")
print_good("#{host_port} - Sending ROUTER_ADM packet info request") print_good("#{host_port} - Sending ROUTER_ADM packet info request")
sock.put(ni_packet) sock.put(ni_packet)
packet_len = sock.read(4).unpack('H*')[0].to_i 16 packet_len = sock.read(4).to_s.unpack('H*')[0].to_i 16
print_good("#{host_port} - Got INFO response") print_good("#{host_port} - Got INFO response")
while packet_len !=0 while packet_len !=0
count += 1 count += 1

6
modules/post/windows/gather/forensics/nbd_server.rb
View File

@ -76,6 +76,12 @@ class Metasploit3 < Msf::Post
while true while true
request = rsock.read(28) request = rsock.read(28)
unless request
print_error("No data received")
break
end
magic, request, nbd_handle, offset_n, length = request.unpack("NNa8a8N") magic, request, nbd_handle, offset_n, length = request.unpack("NNa8a8N")
if magic != 0x25609513 if magic != 0x25609513

6
modules/post/windows/manage/nbd_server.rb
View File

@ -74,6 +74,12 @@ class Metasploit3 < Msf::Post
while true while true
request = rsock.read(28) request = rsock.read(28)
unless request
print_error("No data received")
break
end
magic, request, nbd_handle, offset_n, length = request.unpack("NNa8a8N") magic, request, nbd_handle, offset_n, length = request.unpack("NNa8a8N")
if magic != 0x25609513 if magic != 0x25609513