infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FixRM #8396 change all lib use of regex to 8-bit pattern

bug/bundler_fix
HD Moore 2013-09-12 16:58:49 -05:00
parent d33d083bb1
commit 72dff03426
25 changed files with 71 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/metasm/metasm/disassemble_api.rb
View File

@ -776,10 +776,10 @@ class Disassembler
def strings_scan(minlen=6)
ret = []
nexto = 0
pattern_scan(/[\x20-\x7e]{#{minlen},}/m, nil, 1024) { |o|
pattern_scan(/[\x20-\x7e]{#{minlen},}/nm, nil, 1024) { |o|
if o - nexto > 0
next unless e = get_edata_at(o)
str = e.data[e.ptr, 1024][/[\x20-\x7e]{#{minlen},}/m]
str = e.data[e.ptr, 1024][/[\x20-\x7e]{#{minlen},}/nm]
ret << [o, str] if not block_given? or yield(o, str)
nexto = o + str.length
end

4
lib/metasm/metasm/gui/dasm_hex.rb
View File

@ -231,7 +231,7 @@ class HexWidget < DrawableWidget
end
if @show_ascii and d
x = xa + d_o*@font_width
d = d.gsub(/[^\x20-\x7e]/, '.')
d = d.gsub(/[^\x20-\x7e]/n, '.')
if wp.empty?
render[d, :ascii]
else
@ -393,7 +393,7 @@ class HexWidget < DrawableWidget
# pop a dialog, scans the sections for a hex pattern
def prompt_search_hex
inputbox('hex pattern to search (hex regexp, use .. for wildcard)') { |pat|
pat = pat.gsub(' ', '').gsub('..', '.').gsub(/[0-9a-f][0-9a-f]/i) { |o| "\\x#{o}" }
pat = pat.gsub(' ', '').gsub('..', '.').gsub(/[0-9a-f][0-9a-f]/ni) { |o| "\\x#{o}" }
pat = Regexp.new(pat, Regexp::MULTILINE, 'n') # 'n' = force ascii-8bit
list = [['addr']] + @dasm.pattern_scan(pat).map { |a| [Expression[a]] }
listwindow("hex search #{pat}", list) { |i| focus_addr i[0] }

12
lib/msf/core/auxiliary/nmap.rb
View File

@ -59,7 +59,7 @@ def get_nmap_ver
nmap_cmd = [self.nmap_bin]
nmap_cmd << "--version"
res << %x{#{nmap_cmd.join(" ")}} rescue nil
res.gsub(/[\x0d\x0a]/,"")
res.gsub(/[\x0d\x0a]/n,"")
end
# Takes a version string in the form of Major.Minor and compares to
@ -68,16 +68,16 @@ end
# Comparing an Integer is okay, though.
def nmap_version_at_least?(test_ver=nil)
raise ArgumentError, "Cannot compare a Float, use a String or Integer" if test_ver.kind_of? Float
unless test_ver.to_s[/^([0-9]+(\x2e[0-9]+)?)/]
unless test_ver.to_s[/^([0-9]+(\x2e[0-9]+)?)/n]
raise ArgumentError, "Bad Nmap comparison version: #{test_ver.inspect}"
end
test_ver_str = test_ver.to_s
tnum_arr = $1.split(/\x2e/)[0,2].map {|x| x.to_i}
tnum_arr = $1.split(/\x2e/n)[0,2].map {|x| x.to_i}
installed_ver = get_nmap_ver()
vtag = installed_ver.split[2] # Should be ["Nmap", "version", "X.YZTAG", "(", "http..", ")"]
return false if (vtag.nil? || vtag.empty?)
return false unless (vtag =~ /^([0-9]+\x2e[0-9]+)/) # Drop the tag.
inum_arr = $1.split(/\x2e/)[0,2].map {|x| x.to_i}
return false unless (vtag =~ /^([0-9]+\x2e[0-9]+)/n) # Drop the tag.
inum_arr = $1.split(/\x2e/n)[0,2].map {|x| x.to_i}
return true if inum_arr[0] > tnum_arr[0]
return false if inum_arr[0] < tnum_arr[0]
inum_arr[1].to_i >= tnum_arr[1].to_i
@ -228,7 +228,7 @@ def nmap_validate_arg(str)
return false
end
# Check for commas outside of quoted arguments
quoted_22 = /\x22[^\x22]*\x22/
quoted_22 = /\x22[^\x22]*\x22/n
requoted_str = str.gsub(/'/,"\"")
if requoted_str.split(quoted_22).join[/,/]
print_error "Malformed nmap arguments (unquoted comma): #{str}"

32
lib/msf/core/db.rb
View File

@ -358,7 +358,7 @@ class DBManager
opts.each { |k,v|
if (host.attribute_names.include?(k.to_s))
unless host.attribute_locked?(k.to_s)
host[k] = v.to_s.gsub(/[\x00-\x1f]/, '')
host[k] = v.to_s.gsub(/[\x00-\x1f]/n, '')
end
else
dlog("Unknown attribute for ::Mdm::Host: #{k}")
@ -481,7 +481,7 @@ class DBManager
if (host.attribute_names.include?(k.to_s))
unless host.attribute_locked?(k.to_s)
host[k] = v.to_s.gsub(/[\x00-\x1f]/, '')
host[k] = v.to_s.gsub(/[\x00-\x1f]/n, '')
end
else
dlog("Unknown attribute for Host: #{k}")
@ -1536,12 +1536,12 @@ class DBManager
if (token[0])
# convert the token to US-ASCII from UTF-8 to prevent an error
token[0] = token[0].unpack("C*").pack("C*")
token[0] = token[0].gsub(/[\x00-\x1f\x7f-\xff]/){|m| "\\x%.2x" % m.unpack("C")[0] }
token[0] = token[0].gsub(/[\x00-\x1f\x7f-\xff]/n){|m| "\\x%.2x" % m.unpack("C")[0] }
end
if (token[1])
token[1] = token[1].unpack("C*").pack("C*")
token[1] = token[1].gsub(/[\x00-\x1f\x7f-\xff]/){|m| "\\x%.2x" % m.unpack("C")[0] }
token[1] = token[1].gsub(/[\x00-\x1f\x7f-\xff]/n){|m| "\\x%.2x" % m.unpack("C")[0] }
end
ret = {}
@ -2853,7 +2853,7 @@ class DBManager
return REXML::Document.new(data)
rescue REXML::ParseException => e
dlog("REXML error: Badly formatted XML, attempting to recover. Error was: #{e.inspect}")
return REXML::Document.new(data.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xff])/){ |x| "\\x%.2x" % x.unpack("C*")[0] })
return REXML::Document.new(data.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xff])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] })
end
end
end
@ -3055,7 +3055,7 @@ class DBManager
@import_filedata[:type] = "Appscan"
return :appscan_xml
when "entities"
if line =~ /creator.*\x43\x4f\x52\x45\x20\x49\x4d\x50\x41\x43\x54/i
if line =~ /creator.*\x43\x4f\x52\x45\x20\x49\x4d\x50\x41\x43\x54/ni
@import_filedata[:type] = "CI"
return :ci_xml
end
@ -3342,8 +3342,8 @@ class DBManager
def inspect_single_packet_http(pkt,wspace,task=nil)
# First, check the server side (data from port 80).
if pkt.is_tcp? and pkt.tcp_src == 80 and !pkt.payload.nil? and !pkt.payload.empty?
if pkt.payload =~ /^HTTP\x2f1\x2e[01]/
http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/)
if pkt.payload =~ /^HTTP\x2f1\x2e[01]/n
http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/n)
if http_server_match.kind_of?(MatchData) and http_server_match[1]
report_service(
:workspace => wspace,
@ -3363,8 +3363,8 @@ class DBManager
# Next, check the client side (data to port 80)
if pkt.is_tcp? and pkt.tcp_dst == 80 and !pkt.payload.nil? and !pkt.payload.empty?
if pkt.payload.match(/[\x00-\x20]HTTP\x2f1\x2e[10]/)
auth_match = pkt.payload.match(/\nAuthorization:\s+Basic\s+([A-Za-z0-9=\x2b]+)/)
if pkt.payload.match(/[\x00-\x20]HTTP\x2f1\x2e[10]/n)
auth_match = pkt.payload.match(/\nAuthorization:\s+Basic\s+([A-Za-z0-9=\x2b]+)/n)
if auth_match.kind_of?(MatchData) and auth_match[1]
b64_cred = auth_match[1]
else
@ -3476,7 +3476,7 @@ class DBManager
data.each_line do |line|
case line
when /^[\s]*#/ # Comment lines
if line[/^#[\s]*([0-9.]+):([0-9]+)(\x2f(tcp|udp))?[\s]*(\x28([^\x29]*)\x29)?/]
if line[/^#[\s]*([0-9.]+):([0-9]+)(\x2f(tcp|udp))?[\s]*(\x28([^\x29]*)\x29)?/n]
addr = $1
port = $2
proto = $4
@ -3492,7 +3492,7 @@ class DBManager
user = ([nil, "<BLANK>"].include?($1)) ? "" : $1
pass = ""
ptype = "smb_hash"
when /^[\s]*([\x21-\x7f]+)[\s]+([\x21-\x7f]+)?/ # Must be a user pass
when /^[\s]*([\x21-\x7f]+)[\s]+([\x21-\x7f]+)?/n # Must be a user pass
user = ([nil, "<BLANK>"].include?($1)) ? "" : dehex($1)
pass = ([nil, "<BLANK>"].include?($2)) ? "" : dehex($2)
ptype = "password"
@ -3531,7 +3531,7 @@ class DBManager
# If hex notation is present, turn them into a character.
def dehex(str)
hexen = str.scan(/\x5cx[0-9a-fA-F]{2}/)
hexen = str.scan(/\x5cx[0-9a-fA-F]{2}/n)
hexen.each { |h|
str.gsub!(h,h[2,2].to_i(16).chr)
}
@ -5039,7 +5039,7 @@ class DBManager
next if r[0] != 'results'
next if r[4] != "12053"
data = r[6]
addr,hname = data.match(/([0-9\x2e]+) resolves as (.+)\x2e\\n/)[1,2]
addr,hname = data.match(/([0-9\x2e]+) resolves as (.+)\x2e\\n/n)[1,2]
addr_map[hname] = addr
end
@ -5160,7 +5160,7 @@ class DBManager
# HostName
host.elements.each('ReportItem') do |item|
next unless item.elements['pluginID'].text == "12053"
addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/)[1]
addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/n)[1]
hname = host.elements['HostName'].text
end
addr ||= host.elements['HostName'].text
@ -5855,7 +5855,7 @@ class DBManager
data.each_line do |line|
next if line =~ /^#/
next if line !~ /^Protocol on ([^:]+):([^\x5c\x2f]+)[\x5c\x2f](tcp|udp) matches (.*)$/
next if line !~ /^Protocol on ([^:]+):([^\x5c\x2f]+)[\x5c\x2f](tcp|udp) matches (.*)$/n
addr = $1
next if bl.include? addr
port = $2.to_i

8
lib/msf/core/db_export.rb
View File

@ -20,7 +20,7 @@ class Export
end
def myusername
@username ||= (ENV['LOGNAME'] || ENV['USERNAME'] || ENV['USER'] || "unknown").to_s.strip.gsub(/[^A-Za-z0-9\x20]/,"_")
@username ||= (ENV['LOGNAME'] || ENV['USERNAME'] || ENV['USER'] || "unknown").to_s.strip.gsub(/[^A-Za-z0-9\x20]/n,"_")
end
# Hosts are always allowed. This is really just a stub.
@ -115,7 +115,7 @@ class Export
user = (c.user.nil? || c.user.empty?) ? "<BLANK>" : c.user
pass = (c.pass.nil? || c.pass.empty?) ? "<BLANK>" : c.pass
if pass != "<BLANK>"
pass = (c.pass.upcase =~ /^[\x20-\x7e]*:[A-F0-9]{48}:[A-F0-9]{50,}/m) ? c.pass : "<BLANK>"
pass = (c.pass.upcase =~ /^[\x20-\x7e]*:[A-F0-9]{48}:[A-F0-9]{50,}/nm) ? c.pass : "<BLANK>"
end
if pass == "<BLANK>"
# Basically this is an error (maybe around [\x20-\x7e] in regex) above
@ -206,7 +206,7 @@ class Export
report_file.write %Q|<?xml version="1.0" encoding="UTF-8"?>\n|
report_file.write %Q|<MetasploitV4>\n|
report_file.write %Q|<generated time="#{Time.now.utc}" user="#{myusername}" project="#{myworkspace.name.gsub(/[^A-Za-z0-9\x20]/,"_")}" product="framework"/>\n|
report_file.write %Q|<generated time="#{Time.now.utc}" user="#{myusername}" project="#{myworkspace.name.gsub(/[^A-Za-z0-9\x20]/n,"_")}" product="framework"/>\n|
yield(:status, "start", "hosts") if block_given?
report_file.write %Q|<hosts>\n|
@ -352,7 +352,7 @@ class Export
if value
data = marshalize(value)
data.force_encoding(Encoding::BINARY) if data.respond_to?('force_encoding')
data.gsub!(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/){ |x| "\\x%.2x" % x.unpack("C*")[0] }
data.gsub!(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] }
el << REXML::Text.new(data)
end
return el

6
lib/msf/core/exploit/arkeia.rb
View File

@ -135,11 +135,11 @@ module Exploit::Remote::Arkeia
end
# Store the version information
mver = resp.match(/IVERSION\x00([^\x00]+)/)
mver = resp.match(/IVERSION\x00([^\x00]+)/n)
info['Version'] = mver[1] if mver
# Store the hostname information
mver = resp.match(/ISERVNAME\x00([^\x00]+)/)
mver = resp.match(/ISERVNAME\x00([^\x00]+)/n)
info['Hostname'] = mver[1] if mver
# Begin the ARKADMIN_GET_MACHINE_INFO request
@ -182,7 +182,7 @@ module Exploit::Remote::Arkeia
# Finally, parse out and store all the parameters
resp.split("TPVALUE\x00").each { |x|
minf = x.match(/^([^\x00]+)\x00PNAME\x00([^\x00]+)/)
minf = x.match(/^([^\x00]+)\x00PNAME\x00([^\x00]+)/n)
if (minf)
info[ minf[2] ] = minf[1]
end

4
lib/msf/core/exploit/http/client.rb
View File

@ -463,8 +463,8 @@ module Exploit::Remote::HttpClient
end
if datastore['RPORT'].to_i == 3790
if res.code == 302 and res.headers and res.headers['Location'] =~ /[\x5c\x2f](login|setup)$/
if res['Server'] =~ /^(thin.*No Hup)|(nginx[\x5c\x2f][\d\.]+)$/
if res.code == 302 and res.headers and res.headers['Location'] =~ /[\x5c\x2f](login|setup)$/n
if res['Server'] =~ /^(thin.*No Hup)|(nginx[\x5c\x2f][\d\.]+)$/n
extras << "Metasploit"
end
end

6
lib/msf/core/exploit/mysql.rb
View File

@ -110,9 +110,9 @@ module Exploit::Remote::MYSQL
end
if plugin_res.respond_to? :split
target_path = plugin_res.split(/[\x5c\x2f]+/).join("/") << "/"
target_path = plugin_res.split(/[\x5c\x2f]+/n).join("/") << "/"
elsif base_res.respond_to? :split
target_path = base_res.split(/[\x5c\x2f]+/).join("/") << "/bin/"
target_path = base_res.split(/[\x5c\x2f]+/n).join("/") << "/bin/"
else
print_error "Cannot determine the plugin directory."
return false
@ -123,7 +123,7 @@ module Exploit::Remote::MYSQL
print_status "Checking for temp directory..."
res = mysql_get_variable("@@tmpdir")
if res.respond_to? :split
target_path = res.split(/[\x5c\x2f]+/).join("/") << "/"
target_path = res.split(/[\x5c\x2f]+/n).join("/") << "/"
else
print_error "Cannot determine the temp directory, exiting."
return false

4
lib/msf/core/exploit/realport.rb
View File

@ -195,7 +195,7 @@ module Exploit::Remote::RealPort
# Send negotiate request
sock.put(pkt2)
res = sock.get_once(-1, 5)
if res.to_s =~ /^\xff/
if res.to_s =~ /^\xff/n
vprint_status("#{target_host}:#{rport} Port:#{port} is closed: #{res.inspect}")
return :closed
end
@ -221,7 +221,7 @@ module Exploit::Remote::RealPort
sock.put(pkt3)
res = sock.get_once(-1, 5)
if res.to_s =~ /^\xff/
if res.to_s =~ /^\xff/n
vprint_status("#{target_host}:#{rport} Port:#{port} is closed: #{res.inspect}")
return :closed
end

6
lib/msf/core/exploit/smb.rb
View File

@ -645,7 +645,7 @@ module Exploit::Remote::SMB
buff << " FP: #{line}\n"
end
prov.split(/\x00\x00+/).each do |line|
prov.split(/\x00\x00+/n).each do |line|
line.gsub!("\x00",'')
line.strip!
next if line.length < 6
@ -755,8 +755,8 @@ module Exploit::Remote::SMBServer
if (pkt_nbs.v['Type'] == 0x81)
# Accept any name they happen to send
host_dst = UTILS.nbname_decode(pkt_nbs.v['Payload'][1,32]).gsub(/[\x00\x20]+$/, '')
host_src = UTILS.nbname_decode(pkt_nbs.v['Payload'][35,32]).gsub(/[\x00\x20]+$/, '')
host_dst = UTILS.nbname_decode(pkt_nbs.v['Payload'][1,32]).gsub(/[\x00\x20]+$/n, '')
host_src = UTILS.nbname_decode(pkt_nbs.v['Payload'][35,32]).gsub(/[\x00\x20]+$/n, '')
smb[:nbdst] = host_dst
smb[:nbsrc] = host_src

6
lib/msf/core/payload.rb
View File

@ -336,9 +336,9 @@ class Payload < Msf::Module
# Check to see if the value is a hex string. If so, convert
# it.
if val.kind_of?(String)
if val =~ /^\\x/
val = [ val.gsub(/\\x/, '') ].pack("H*").unpack(pack)[0]
elsif val =~ /^0x/
if val =~ /^\\x/n
val = [ val.gsub(/\\x/n, '') ].pack("H*").unpack(pack)[0]
elsif val =~ /^0x/n
val = val.hex
end
end

2
lib/rbmysql.rb
View File

@ -280,7 +280,7 @@ class RbMysql
# In Ruby 1.8, this is not safe for multibyte charset such as 'SJIS'.
# You should use place-holder in prepared-statement.
def escape_string(str)
str.gsub(/[\0\n\r\\\'\"\x1a]/) do |s|
str.gsub(/[\0\n\r\\\'\"\x1a]/n) do |s|
case s
when "\0" then "\\0"
when "\n" then "\\n"

2
lib/rbmysql/compat.rb
View File

@ -32,7 +32,7 @@ class RbMysql
alias get_client_info client_info
def escape_string(str)
str.gsub(/[\0\n\r\\\'\"\x1a]/) do |s|
str.gsub(/[\0\n\r\\\'\"\x1a]/n) do |s|
case s
when "\0" then "\\0"
when "\n" then "\\n"

4
lib/rbreadline.rb
View File

@ -5272,7 +5272,7 @@ module RbReadline
# Actually update the display, period.
def rl_forced_update_display()
if (@visible_line)
@visible_line.gsub!(/[^\x00]/,0.chr)
@visible_line.gsub!(/[^\x00]/n,0.chr)
end
rl_on_new_line()
@forced_display=true if !@forced_display
@ -8520,7 +8520,7 @@ module RbReadline
count -= 1
end
str = (flags == MB_FIND_NONZERO) ? string.sub(/\x00+$/,'') : string
str = (flags == MB_FIND_NONZERO) ? string.sub(/\x00+$/n,'') : string
case @encoding
when 'E'

2
lib/rex/parser/burp_session_nokogiri.rb
View File

@ -116,7 +116,7 @@ module Rex
if query
@state[:query] = "?#{query}" # Can be nil
end
if path =~ /https?:[\x5c\x2f][\x5c\x2f]+[^\x5c\x2f][^\x5c\x2f]+([^?]+)/
if path =~ /https?:[\x5c\x2f][\x5c\x2f]+[^\x5c\x2f][^\x5c\x2f]+([^?]+)/n
real_path = "/#{$1}"
else
real_path = path

2
lib/rex/parser/mbsa_nokogiri.rb
View File

@ -176,7 +176,7 @@ module Rex
:os_family => os_family,
:os_version => os_version,
:os_accuracy => 100,
:os_match => os_info.gsub(/\x2e$/,"")
:os_match => os_info.gsub(/\x2e$/n,"")
}
end
end

4
lib/rex/peparsey/pebase.rb
View File

@ -1627,8 +1627,8 @@ class PeBase
if (rname & 0x80000000 != 0)
rname &= ~0x80000000
unistr = data[rname+2, 2 * data[rname,2].unpack('v')[0] ]
unistr, trash = unistr.split(/\x00\x00/, 2)
return unistr ? unistr.gsub(/\x00/, '') : nil
unistr, trash = unistr.split(/\x00\x00/n, 2)
return unistr ? unistr.gsub(/\x00/n, '') : nil
end
rname.to_s

2
lib/rex/peparsey/section.rb
View File

@ -38,7 +38,7 @@ class Section
return nil if !_section_header
# FIXME make this better...
_section_header.v['Name'].gsub(/\x00+$/, '')
_section_header.v['Name'].gsub(/\x00+$/n, '')
end
def flags

2
lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb
View File

@ -249,7 +249,7 @@ class Registry
response = client.send_request(request)
cls = response.get_tlv(TLV_TYPE_VALUE_DATA)
return nil if not cls
data = cls.value.gsub(/\x00.*/, '')
data = cls.value.gsub(/\x00.*/n, '')
return data
end

2
lib/rex/proto/drda/utils.rb
View File

@ -71,7 +71,7 @@ class Utils
ddm.payload.each do |param|
case param.codepoint
when Constants::SECMEC
info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/
info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/n
when Constants::SECCHKCD
info_hash[:security_check_code] = param.payload.unpack("C").first
# A little spurious? This is always nonzero when there's no SECCHKRM DDM.

2
lib/rex/proto/http/client.rb
View File

@ -504,7 +504,7 @@ class Client
return resp unless resp.code == 401 && resp.headers['WWW-Authenticate']
# Get the challenge and craft the response
ntlm_challenge = resp.headers['WWW-Authenticate'].scan(/#{provider}([A-Z0-9\x2b\x2f=]+)/i).flatten[0]
ntlm_challenge = resp.headers['WWW-Authenticate'].scan(/#{provider}([A-Z0-9\x2b\x2f=]+)/ni).flatten[0]
return resp unless ntlm_challenge
ntlm_message_2 = Rex::Text::decode_base64(ntlm_challenge)

12
lib/rex/proto/smb/client.rb
View File

@ -635,7 +635,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
self.auth_user_id = ack['Payload']['SMB'].v['UserID']
info = ack['Payload'].v['Payload'].split(/\x00/)
info = ack['Payload'].v['Payload'].split(/\x00/n)
self.peer_native_os = info[0]
self.peer_native_lm = info[1]
self.default_domain = info[2]
@ -711,7 +711,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
self.auth_user_id = ack['Payload']['SMB'].v['UserID']
info = ack['Payload'].v['Payload'].split(/\x00/)
info = ack['Payload'].v['Payload'].split(/\x00/n)
self.peer_native_os = info[0]
self.peer_native_lm = info[1]
@ -760,7 +760,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
self.auth_user_id = ack['Payload']['SMB'].v['UserID']
info = ack['Payload'].v['Payload'].split(/\x00/)
info = ack['Payload'].v['Payload'].split(/\x00/n)
self.peer_native_os = info[0]
self.peer_native_lm = info[1]
@ -841,7 +841,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
blob = data.slice!(0, ack['Payload'].v['SecurityBlobLen'])
# Extract the native lanman and os strings
info = data.split(/\x00/)
info = data.split(/\x00/n)
self.peer_native_os = info[0]
self.peer_native_lm = info[1]
@ -1019,7 +1019,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
blob = data.slice!(0, ack['Payload'].v['SecurityBlobLen'])
# Extract the native lanman and os strings
info = data.split(/\x00/)
info = data.split(/\x00/n)
self.peer_native_os = info[0]
self.peer_native_lm = info[1]
@ -1881,7 +1881,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
'C'+ # Short File Name Length
'C' # Reserved
)
name = resp_data[didx + 70 + 24, info[15]].sub(/\x00+$/, '')
name = resp_data[didx + 70 + 24, info[15]].sub(/\x00+$/n, '')
files[name] =
{
'type' => ((info[14] & 0x10)==0x10) ? 'D' : 'F',

8
lib/rex/text.rb
View File

@ -875,7 +875,7 @@ module Text
#
def self.ascii_safe_hex(str, whitespace=false)
if whitespace
str.gsub(/([\x00-\x20\x80-\xFF])/){ |x| "\\x%.2x" % x.unpack("C*")[0] }
str.gsub(/([\x00-\x20\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] }
else
str.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0]}
end
@ -1076,7 +1076,7 @@ module Text
def self.dehex(str)
return str unless str.respond_to? :match
return str unless str.respond_to? :gsub
regex = /\x5cx[0-9a-f]{2}/mi
regex = /\x5cx[0-9a-f]{2}/nmi
if str.match(regex)
str.gsub(regex) { |x| x[2,2].to_i(16).chr }
else
@ -1091,7 +1091,7 @@ module Text
def self.dehex!(str)
return str unless str.respond_to? :match
return str unless str.respond_to? :gsub
regex = /\x5cx[0-9a-f]{2}/mi
regex = /\x5cx[0-9a-f]{2}/nmi
str.gsub!(regex) { |x| x[2,2].to_i(16).chr }
end
@ -1563,7 +1563,7 @@ module Text
end
def self.unicode_filter_decode(str)
str.to_s.gsub( /\$U\$([\x20-\x2c\x2e-\x7E]*)\-0x([A-Fa-f0-9]+)/ ){|m| [$2].pack("H*") }
str.to_s.gsub( /\$U\$([\x20-\x2c\x2e-\x7E]*)\-0x([A-Fa-f0-9]+)/n ){|m| [$2].pack("H*") }
end
protected

4
lib/rex/ui/text/input/socket.rb
View File

@ -62,12 +62,12 @@ class Input::Socket < Rex::Ui::Text::Input
# Handle telnet sequences
case line
when /\xff\xf4\xff\xfd\x06/
when /\xff\xf4\xff\xfd\x06/n
@sock.write("[*] Caught ^C, closing the socket...\n")
@sock.close
return
when /\xff\xed\xff\xfd\x06/
when /\xff\xed\xff\xfd\x06/n
@sock.write("[*] Caught ^Z\n")
return
end

2
lib/rkelly/visitors/evaluation_visitor.rb
View File

@ -316,7 +316,7 @@ module RKelly
when Numeric
object.value
when ::String
s = object.value.gsub(/(\A[\s\xB\xA0]*|[\s\xB\xA0]*\Z)/, '')
s = object.value.gsub(/(\A[\s\xB\xA0]*|[\s\xB\xA0]*\Z)/n, '')
if s.length == 0
0
else