From 731c2f99d1e9b16ebcbb88e23a9aef9b136228c3 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Wed, 7 Jan 2015 15:19:28 -0600
Subject: [PATCH] Handle better java references

---
 lib/rex/java/serialization/model/new_array.rb  | 5 +++++
 lib/rex/java/serialization/model/new_object.rb | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/rex/java/serialization/model/new_array.rb b/lib/rex/java/serialization/model/new_array.rb
index 7c7730c62a..1f77d4b427 100644
--- a/lib/rex/java/serialization/model/new_array.rb
+++ b/lib/rex/java/serialization/model/new_array.rb
@@ -109,6 +109,11 @@ module Rex
 
             desc = array_description.description
 
+            if desc.class == Reference
+              ref = desc.handle - BASE_WIRE_HANDLE
+              desc = stream.references[ref]
+            end
+
             unless desc.class_name.contents[0] == '[' # Array
               raise ::RuntimeError, 'Unsupported NewArray description'
             end
diff --git a/lib/rex/java/serialization/model/new_object.rb b/lib/rex/java/serialization/model/new_object.rb
index 572566a51c..045a11243b 100644
--- a/lib/rex/java/serialization/model/new_object.rb
+++ b/lib/rex/java/serialization/model/new_object.rb
@@ -94,7 +94,12 @@ module Rex
             values = []
 
             unless my_class_desc.super_class.description.class == NullReference
-              values += decode_class_data(io, my_class_desc.super_class.description)
+              if my_class_desc.super_class.description.class == Reference
+                ref = my_class_desc.super_class.description.handle - BASE_WIRE_HANDLE
+                values += decode_class_data(io, stream.references[ref])
+              else
+                values += decode_class_data(io, my_class_desc.super_class.description)
+              end
             end
 
             values += decode_class_fields(io, my_class_desc)