infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update bad mail checks

bug/bundler_fix
Brent Cook 2017-05-14 22:13:31 -05:00
parent 544ea6926c
commit e7be0af72e
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/msf/core/exploit/smtp_deliver.rb
View File

@ -151,11 +151,27 @@ module Exploit::Remote::SMTPDeliver
[nsock, raw_send_recv("EHLO #{domain}\r\n", nsock)]
end
def bad_address(address)
address.bytesize > 2048 || /[\r\n]/ =~ address
end
#
# Sends an email message, connecting to the server first if a connection is
# not already established.
#
def send_message(data)
mailfrom = datastore['MAILFROM'].strip
if bad_address(mailfrom)
print_error "Bad from address, not sending: #{mailfrom}"
return nil
end
mailto = datastore['MAILTO'].strip
if bad_address(mailto)
print_error "Bad to address, not sending: #{mailto}"
return nil
end
send_status = nil
already_connected = connected?
@ -166,9 +182,6 @@ module Exploit::Remote::SMTPDeliver
nsock = connect_login(false)
end
mailto = datastore['MAILTO'].strip
mailfrom = datastore['MAILFROM'].strip
raw_send_recv("MAIL FROM: <#{mailfrom}>\r\n", nsock)
res = raw_send_recv("RCPT TO: <#{mailto}>\r\n", nsock)
if res[0..2] == '250'