Land #7488 Allows DRDoS mixin to handle empty responses

2016-10-25 13:53:39 -05:00 · 2016-10-25 13:53:39 -05:00 · c83474ea5c
parent fd7b14ed48 12508f7140
commit c83474ea5c
2 changed files with 11 additions and 1 deletions
--- a/lib/msf/core/auxiliary/drdos.rb
+++ b/lib/msf/core/auxiliary/drdos.rb
@ -46,7 +46,11 @@ module Auxiliary::DRDoS
      bandwidth_amplification = total_size - request.size
      if bandwidth_amplification > 0
        vulnerable = true
-        multiplier = total_size / request.size
+        if request.size == 0
+          multiplier = total_size
+        else
+          multiplier = total_size / request.size
+        end
        this_proof += "a #{multiplier}x, #{bandwidth_amplification}-byte bandwidth amplification"
      else
        this_proof += 'no bandwidth amplification'
--- a/spec/lib/msf/core/auxiliary/drdos_spec.rb
+++ b/spec/lib/msf/core/auxiliary/drdos_spec.rb
@ -34,5 +34,11 @@ RSpec.describe Msf::Auxiliary::DRDoS do
      result, _ = subject.prove_amplification(map)
      expect(result).to be false
    end
+
+    it 'should handle empty responses' do
+      map = { '' => [ 'foo' ] }
+      result, _ = subject.prove_amplification(map)
+      expect(result).to be true
+    end
  end
 end