From 2d35cf4b66f849b195d953789014544dd7ad714c Mon Sep 17 00:00:00 2001
From: sinn3r <msfsinn3r@gmail.com>
Date: Sun, 5 Feb 2012 17:48:05 -0600
Subject: [PATCH] "stack overflow" in exploits most likely means "stack bof".
 In aux modules, it's "stack exhaustion"

---
 tools/msftidy.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tools/msftidy.rb b/tools/msftidy.rb
index 707274f7e6..263ec54af5 100755
--- a/tools/msftidy.rb
+++ b/tools/msftidy.rb
@@ -89,12 +89,13 @@ def check_single_file(dparts, fparts, f_rel)
 	# If an exploit module mentinos the word "stack overflow", chances are they mean "stack buffer overflow".
 	# "stack overflow" means "stack exhaustion".  See explanation:
 	# http://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx
-	# However, we will avoid flagging this term in auxiliary modules for now, because it might be a DoS attack.
-	# In that case, they might really mean stack exhaustion.
 	bad_term = true
 	if content =~ /class Metasploit\d < Msf::Exploit::Remote/ and content.gsub("\n", "") =~ /stack[[:space:]]+overflow/i
 		bad_term = false
-		show_missing(f, 'WARNING: contains "stack overflow"', bad_term)
+		show_missing(f, 'WARNING: contains "stack overflow" You mean "stack buffer overflow"?', bad_term)
+	elsif content =~ /class Metasploit\d < Msf::Auxiliary/ and content.gsub("\n", "") =~ /stack[[:space:]]+overflow/i
+		bad_term = false
+		show_missing(f, 'WARNING: contains "stack overflow" You mean "stack exhaustion"?', bad_term)
 	end
 
 	# check criteria based on individual lines