fix backward meterpreter packet timeout logic

The current logic times out every packet almost immediately, making it possible
for almost any non-trivial meterpreter session to receive duplicate packets.

This causes problems especially with any interactions that involve passing
resource handles or pointers back and forth between MSF and meterpreter, since
meterpreter can be told to operate on freed pointers, double-closes, etc.

This probably fixes tons of heisenbugs, including #3798.

To reproduce this, I enabled all debug messages in meterpreter to slow it
down, then ran this RC script with a reverse TCP meterpreter, after linking in
the test modules:

(cd modules/post
 ln -s ../../test/modules/post/test)

die.rc:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.43.1
exploit -j
sleep 5
use post/test/services
set SESSION 1
run
bug/bundler_fix
Brent Cook 2014-12-29 08:15:51 -06:00
parent 6613745d56
commit bbb41c39b8
1 changed files with 1 additions and 1 deletions

View File

@ -356,7 +356,7 @@ module PacketDispatcher
begin
if ! dispatch_inbound_packet(pkt)
# Only requeue packets newer than the timeout
if (::Time.now.to_i - pkt.created_at.to_i < PacketTimeout)
if (::Time.now.to_i - pkt.created_at.to_i > PacketTimeout)
incomplete << pkt
end
end