Land #6243, check nil for sock.read

bug/bundler_fix
Louis Sato 2015-11-23 11:15:51 -06:00
commit 493e476a43
No known key found for this signature in database
GPG Key ID: 501290E4CECB7DF4
8 changed files with 53 additions and 23 deletions

View File

@ -32,33 +32,37 @@ class Metasploit3 < Msf::Auxiliary
connect_udp
udp_sock.put(pkt)
res = udp_sock.read(1024).split(/\x00/)
res = udp_sock.read(1024)
if (res)
report_note(
:host => ip,
:proto => 'udp',
:port => datastore['RPORT'],
:type => 'SERVICE_INFO',
:data => res[2] + "_" + res[1]
)
report_service(
:host => ip,
:port => datastore['RPORT'],
:proto => 'udp',
:name => "ibm-db2",
:info => res[2] + "_" + res[1]
)
print_status("Host #{ip} node name is " + res[2] + " with a product id of " + res[1] )
else
unless res
print_error("Unable to determine version info for #{ip}")
return
end
disconnect_udp
res = res.split(/\x00/)
report_note(
:host => ip,
:proto => 'udp',
:port => datastore['RPORT'],
:type => 'SERVICE_INFO',
:data => "#{res[2]}_#{res[1]}"
)
report_service(
:host => ip,
:port => datastore['RPORT'],
:proto => 'udp',
:name => "ibm-db2",
:info => "#{res[2]}_#{res[1]}"
)
print_status("Host #{ip} node name is " + res[2] + " with a product id of " + res[1] )
rescue ::Rex::ConnectionError
rescue ::Errno::EPIPE
ensure
disconnect_udp
end
end

View File

@ -71,6 +71,11 @@ class Metasploit3 < Msf::Auxiliary
# read the file data from the socket that we opened
response_data = sock.read(1024)
unless response_data
print_error("#{file} not found")
return
end
if response_data.length == 0
print_status("File (#{file_path})from #{peer} is empty...")
return

View File

@ -70,6 +70,11 @@ class Metasploit3 < Msf::Auxiliary
# read the file data from the socket that we opened
response_data = sock.read(1024)
unless response_data
print_error("#{file_path} not found")
return
end
if response_data.length == 0 or ! (res =~ /^150/ )
print_status("File (#{file_path})from #{peer} is empty...")
return

View File

@ -52,8 +52,8 @@ class Metasploit3 < Msf::Auxiliary
else
print_error("Unable to determine info for #{ip}...")
end
ensure
disconnect_udp
rescue ::Errno::EPIPE, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
end
end
end

View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
send_packet = tns_packet("(CONNECT_DATA=(COMMAND=service_register_NSGR))")
sock.put(send_packet)
packet = sock.read(100)
find_packet = packet.include? "(ERROR_STACK=(ERROR="
find_packet = /\(ERROR_STACK=\(ERROR=/ === packet
find_packet == true ? print_error("#{ip}:#{rport} is not vulnerable ") : print_good("#{ip}:#{rport} is vulnerable")
# TODO: Module should report_vuln if this finding is solid.
rescue ::Rex::ConnectionError, ::Errno::EPIPE

View File

@ -109,7 +109,11 @@ class Metasploit4 < Msf::Auxiliary
print_good("#{host_port} - Connected to saprouter")
print_good("#{host_port} - Sending ROUTER_ADM packet info request")
sock.put(ni_packet)
packet_len = sock.read(4).unpack('H*')[0].to_i 16
sock_res = sock.read(4)
unless sock_res
fail_with(Failure::Unknown, 'Unable to get the packet length')
end
packet_len = sock_res.unpack('H*')[0].to_i 16
print_good("#{host_port} - Got INFO response")
while packet_len !=0
count += 1

View File

@ -76,6 +76,12 @@ class Metasploit3 < Msf::Post
while true
request = rsock.read(28)
unless request
print_error("No data received")
break
end
magic, request, nbd_handle, offset_n, length = request.unpack("NNa8a8N")
if magic != 0x25609513

View File

@ -74,6 +74,12 @@ class Metasploit3 < Msf::Post
while true
request = rsock.read(28)
unless request
print_error("No data received")
break
end
magic, request, nbd_handle, offset_n, length = request.unpack("NNa8a8N")
if magic != 0x25609513