"stack overflow" in exploits most likely means "stack bof". In aux modules, it's "stack exhaustion"

unstable
sinn3r 2012-02-05 17:48:05 -06:00
parent caee1bba28
commit 2d35cf4b66
1 changed files with 4 additions and 3 deletions

View File

@ -89,12 +89,13 @@ def check_single_file(dparts, fparts, f_rel)
# If an exploit module mentinos the word "stack overflow", chances are they mean "stack buffer overflow". # If an exploit module mentinos the word "stack overflow", chances are they mean "stack buffer overflow".
# "stack overflow" means "stack exhaustion". See explanation: # "stack overflow" means "stack exhaustion". See explanation:
# http://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx # http://blogs.technet.com/b/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx
# However, we will avoid flagging this term in auxiliary modules for now, because it might be a DoS attack.
# In that case, they might really mean stack exhaustion.
bad_term = true bad_term = true
if content =~ /class Metasploit\d < Msf::Exploit::Remote/ and content.gsub("\n", "") =~ /stack[[:space:]]+overflow/i if content =~ /class Metasploit\d < Msf::Exploit::Remote/ and content.gsub("\n", "") =~ /stack[[:space:]]+overflow/i
bad_term = false bad_term = false
show_missing(f, 'WARNING: contains "stack overflow"', bad_term) show_missing(f, 'WARNING: contains "stack overflow" You mean "stack buffer overflow"?', bad_term)
elsif content =~ /class Metasploit\d < Msf::Auxiliary/ and content.gsub("\n", "") =~ /stack[[:space:]]+overflow/i
bad_term = false
show_missing(f, 'WARNING: contains "stack overflow" You mean "stack exhaustion"?', bad_term)
end end
# check criteria based on individual lines # check criteria based on individual lines