infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2017-5228

bug/bundler_fix
Justin Steven 2017-02-07 23:44:23 +10:00
parent d0f6d4ef45
commit 56cf6b129d
No known key found for this signature in database
GPG Key ID: F2B6D8D0DC2EBE82
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb
View File

@ -222,7 +222,11 @@ class Dir < Rex::Post::Dir
end
dir_files.each { |src_sub|
dst_item = dst + ::File::SEPARATOR + client.unicode_filter_encode(src_sub)
dst_sub = src_sub.dup
dst_sub.gsub!(::File::SEPARATOR, '_') # '/' on all systems
dst_sub.gsub!(::File::ALT_SEPARATOR, '_') if ::File::ALT_SEPARATOR # nil on Linux, '\' on Windows
dst_item = ::File.join(dst, client.unicode_filter_encode(dst_sub))
src_item = src + client.fs.file.separator + client.unicode_filter_encode(src_sub)
if (src_sub == '.' or src_sub == '..')