From 2ec92030ae034c384d3a6db036b0146166600599 Mon Sep 17 00:00:00 2001 From: m m Date: Sun, 9 Sep 2012 18:43:01 +0200 Subject: [PATCH 1/3] fix netstat program name --- .../stdapi/server/net/config/netstat.c | 68 +++++++++++++++---- 1 file changed, 53 insertions(+), 15 deletions(-) diff --git a/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c b/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c index b50d35d260..a34ddb0a1a 100644 --- a/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c +++ b/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c @@ -644,26 +644,64 @@ DWORD linux_parse_proc_net_file(char * filename, struct connection_table ** tabl DWORD linux_proc_get_program_name(struct connection_entry * connection, unsigned char * pid) { FILE *fd; - char buffer[30], buffer_file[50], name[30]; + char buffer[30], buffer_file[256], name[256]; + char * bname; + int do_status = 0; - snprintf(buffer, sizeof(buffer), "/proc/%s/status", pid); + do { + // try /proc/PID/cmdline first + snprintf(buffer, sizeof(buffer)-1, "/proc/%s/cmdline", pid); + fd = fopen(buffer, "r"); - fd = fopen(buffer, "r"); - if (fd == NULL) - return -1; + // will try /proc/PID/status + if (fd == NULL) { + do_status = 1; + break; + } + if (fgets(buffer_file, sizeof(buffer_file), fd) == NULL) { + fclose(fd); + do_status = 1; + break; + } + // each entry in cmdline is seperated by '\0' so buffer_file contains first the path of the executable launched + if ((bname = basename(buffer_file)) == NULL) { + fclose(fd); + do_status = 1; + break; + } + // copy basename into name to be consistent at the end + strncpy(name, bname, sizeof(name)-1); + name[sizeof(name)-1] = '\0'; - if (fgets(buffer_file, sizeof(buffer_file), fd) == NULL) { - fclose(fd); - return -1; - } + } while (0); - if (sscanf(buffer_file, "Name: %s\n", name) != 1) { - fclose(fd); - return -1; - } + if (fd != NULL) + fclose(fd); - snprintf(connection->program_name, sizeof(connection->program_name), "%s/%s",pid,name); - fclose(fd); + + // /proc/PID/cmdline failed, try /proc/PID/status + if (do_status == 1) { + snprintf(buffer, sizeof(buffer), "/proc/%s/status", pid); + fd = fopen(buffer, "r"); + + // will try /proc/PID/status + if (fd == NULL) + return -1; + + if (fgets(buffer_file, sizeof(buffer_file), fd) == NULL) { + fclose(fd); + return -1; + } + + if (sscanf(buffer_file, "Name: %200s\n", name) != 1) { + fclose(fd); + return -1; + } + fclose(fd); + + } + + snprintf(connection->program_name, sizeof(connection->program_name), "%s/%s", pid, name); return 0; } From 76e05dff30656bacc8527f533a073320d8663e48 Mon Sep 17 00:00:00 2001 From: m m Date: Sun, 9 Sep 2012 18:52:36 +0200 Subject: [PATCH 2/3] fix netstat program name --- .../source/extensions/stdapi/server/net/config/netstat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c b/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c index a34ddb0a1a..6adaa90c2b 100644 --- a/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c +++ b/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c @@ -681,7 +681,7 @@ DWORD linux_proc_get_program_name(struct connection_entry * connection, unsigned // /proc/PID/cmdline failed, try /proc/PID/status if (do_status == 1) { - snprintf(buffer, sizeof(buffer), "/proc/%s/status", pid); + snprintf(buffer, sizeof(buffer)-1, "/proc/%s/status", pid); fd = fopen(buffer, "r"); // will try /proc/PID/status From 40b383e247293a99b528d81bd0be9b2b4cec1fae Mon Sep 17 00:00:00 2001 From: m m Date: Mon, 10 Sep 2012 08:43:07 +0200 Subject: [PATCH 3/3] I was pretty sure to have removed those fclose before --- .../source/extensions/stdapi/server/net/config/netstat.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c b/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c index 6adaa90c2b..3fa6bbc0f9 100644 --- a/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c +++ b/external/source/meterpreter/source/extensions/stdapi/server/net/config/netstat.c @@ -659,13 +659,11 @@ DWORD linux_proc_get_program_name(struct connection_entry * connection, unsigned break; } if (fgets(buffer_file, sizeof(buffer_file), fd) == NULL) { - fclose(fd); do_status = 1; break; } // each entry in cmdline is seperated by '\0' so buffer_file contains first the path of the executable launched if ((bname = basename(buffer_file)) == NULL) { - fclose(fd); do_status = 1; break; }