fix for properly stopping the reverse_http/https handler

The issue seems to be at the root of #4669 is that reverse_http registers an HTTP service but never releases its reference to it. If we stop it directly, there may be a session already connected to it that we kill, so we can't do that. Instead, track if we got a connection or not, and conditionally release our reference based on whether the connection succeeded. This should fix #4669
2015-02-24 11:06:50 -06:00 · 2015-02-24 11:06:50 -06:00 · 3bed2d5136
parent ab4a416958
commit 3bed2d5136
1 changed files with 5 additions and 2 deletions
--- a/lib/msf/core/handler/reverse_http.rb
+++ b/lib/msf/core/handler/reverse_http.rb
@ -161,7 +161,6 @@ module ReverseHttp
  # Simply calls stop handler to ensure that things are cool.
  #
  def cleanup_handler
-    stop_handler
  end

  #
@ -176,7 +175,10 @@ module ReverseHttp
  # active on sub-urls.
  #
  def stop_handler
-    self.service.remove_resource("/") if self.service
+    if self.service
+      self.service.remove_resource("/")
+      Rex::ServiceManager.stop_service(self.service) if self.pending_connections == 0
+    end
  end

  attr_accessor :service # :nodoc:
@ -228,6 +230,7 @@ protected
          :comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
          :ssl                => ssl?,
        })
+        self.pending_connections += 1

      when /^\/INITJM/
        conn_id = generate_uri_checksum(URI_CHECKSUM_CONN) + "_" + Rex::Text.rand_text_alphanumeric(16)