From 9b9bd2b7a761f6bb7772d4a3a7d3d22fa8b1b6c1 Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Sat, 28 Jan 2006 07:12:35 +0000
Subject: [PATCH] Fixed bugs in io/stream:  1) no longer modify the buffer
 argument in send  2) no longer duplicate the buffer argument in write

Added some basic telnet control character detection to socket:
 1) ^D closes a connection
 2) ^C closes a connection
 3) ^Z just prints it out

Problems with control character handling in msfd:
 1) The current handlers are signal based, could be more than one msfd client
 2) Calling ui._suspend isn't possible from the Input driver class (no context now)


git-svn-id: file:///home/svn/incoming/trunk@3462 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/rex/io/stream.rb            | 21 +++++++++---------
 lib/rex/ui/text/input/socket.rb | 38 +++++++++++++++++++++++++++++++--
 2 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/lib/rex/io/stream.rb b/lib/rex/io/stream.rb
index 50f1381100..bdaec6eb56 100644
--- a/lib/rex/io/stream.rb
+++ b/lib/rex/io/stream.rb
@@ -33,13 +33,12 @@ module Stream
 	#
 	def write(buf, opts = {})
 		tsent = 0
-
+		bidx  = 0
+		
 		begin
-			while (buf.length > 0)
-				sent = fd.syswrite(buf.slice(0, 32768))
-
-				buf.slice!(0, sent) if (sent > 0)
-
+			while (bidx < buf.length)
+				sent  = fd.syswrite(buf[bidx, 32768])
+				bidx  += sent if sent > 0
 				tsent += sent
 			end
 		rescue IOError
@@ -142,19 +141,19 @@ module Stream
 	def put(buf, opts = {})
 		return 0 if (buf == nil or buf.length == 0)
 
-		send_buf = buf.dup()
-		send_len = send_buf.length
+		send_len = buf.length
+		send_idx = 0
 		wait     = opts['Timeout'] || 0
 
 		# Keep writing until our send length drops to zero
-		while (send_len > 0)
-			curr_len  = timed_write(send_buf, wait, opts)
+		while (send_idx < send_len)
+			curr_len  = timed_write(buf[send_idx, buf.length-send_idx], wait, opts)
 
 			# If the write operation failed due to an IOError, then we fail.
 			return buf.length - send_len if (curr_len == nil)
 
 			send_len -= curr_len
-			send_buf.slice!(0, curr_len)
+			send_idx += curr_len
 		end
 
 		return buf.length - send_len
diff --git a/lib/rex/ui/text/input/socket.rb b/lib/rex/ui/text/input/socket.rb
index 96324cea98..99f8a63f64 100644
--- a/lib/rex/ui/text/input/socket.rb
+++ b/lib/rex/ui/text/input/socket.rb
@@ -33,7 +33,42 @@ class Input::Socket < Rex::Ui::Text::Input
 	# Wait for a line of input to be read from a socket.
 	#
 	def gets
-		return @sock.gets
+	
+		# Initialize the line buffer
+		line = ''
+		
+		# Read data one byte at a time until we see a LF
+		while (true)
+
+			break if line.include?("\n")
+			
+			# Read another character of input
+			char = @sock.getc
+			
+			# Telnet sends 0x04 as EOF
+			if (char == 4)
+				@sock.write("[*] Caught ^D, closing the socket...\n")
+				@sock.close
+				return
+			end
+			
+			# Append this character to the string
+			line << char
+
+			# Handle telnet sequences
+			case line
+				when /\xff\xf4\xff\xfd\x06/
+					@sock.write("[*] Caught ^C, closing the socket...\n")
+					@sock.close
+					return
+					
+				when /\xff\xed\xff\xfd\x06/
+					@sock.write("[*] Caught ^Z\n")
+					return		
+			end
+		end
+		
+		return line
 	end
 
 	#
@@ -42,7 +77,6 @@ class Input::Socket < Rex::Ui::Text::Input
 	def _print_prompt(prompt)
 		@sock.write(prompt)
 		@sock.flush
-		prompt
 	end
 
 	#