Fixes #3742 by sanitizing utf-8 characters for the username and system name in session.info.

Tested with German Win2k3EE and a session created with exploit/windows/mssql/mssql_payload.



git-svn-id: file:///home/svn/framework3/trunk@11848 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/base/sessions/command_shell.rb

@@ -144,6 +144,8 @@ class CommandShell
 		if (not self.info or self.info.empty?)
 			initial_output = shell_read(-1, 0.01)
 			if (initial_output)
+				initial_output.force_encoding("ASCII-8BIT") if initial_output.respond_to?(:force_encoding)
+				initial_output.gsub!(/[\x00-\x08\x0b\x0c\x0e-\x19\x7f-\xff]+/n,"_")
 				initial_output.gsub!(/[\r\n\t]+/, ' ')
 				initial_output.strip!
 

lib/msf/base/sessions/meterpreter.rb

@@ -281,7 +281,10 @@ class Meterpreter < Rex::Post::Meterpreter::Client
 			::Timeout.timeout(60) do
 				username  = self.sys.config.getuid
 				sysinfo   = self.sys.config.sysinfo
-				self.info = "#{username} @ #{sysinfo['Computer']}"
+				safe_info = "#{username} @ #{sysinfo['Computer']}"
+				safe_info.force_encoding("ASCII-8BIT") if safe_info.respond_to?(:force_encoding)
+				safe_info.gsub!(/[\x00-\x08\x0b\x0c\x0e-\x19\x7f-\xff]+/n,"_")
+				self.info = safe_info
 			end
 		rescue ::Interrupt
 			raise $!