infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Raise exceptions when unserialization isn't possible

bug/bundler_fix
jvazquez-r7 2014-12-02 15:31:31 -06:00
parent 622a18bc22
commit e9e584e107
11 changed files with 58 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/rex/java/serialization/model/annotation.rb
View File

@ -18,22 +18,21 @@ module Rex
#
# @param io [IO] the io to read from
# @return [self] if deserialization is possible
# @return [nil] if deserialization isn't possible
# @raise [RuntimeError] if unsupported contents
# @raise [RuntimeError] if deserialization isn't possible
def decode(io)
loop do
opcode = io.read(1)
return nil if opcode.nil?
if opcode.nil?
raise ::RuntimeError, 'Failed to unserialize Annotation'
end
opcode = opcode.unpack('C')[0]
case opcode
when Rex::Java::Serialization::TC_BLOCKDATA
block = BlockData.decode(io)
return nil if block.nil?
self.contents << block
when Rex::Java::Serialization::TC_BLOCKDATALONG
block = BlockDataLong.decode(io)
return nil if block.nil?
self.contents << block
when Rex::Java::Serialization::TC_ENDBLOCKDATA
return self
@ -49,8 +48,7 @@ module Rex
# Serializes the Java::Serialization::Model::Annotation
#
# @return [String] if serialization is possible
# @return [nil] if serialization isn't possible
# @raise [RuntimeError] if unsupported contents
# @raise [RuntimeError] if serialization isn't possible
def encode
encoded = ''
@ -64,7 +62,6 @@ module Rex
raise ::RuntimeError, 'Unsupported content'
end
encoded_content = content.encode
return nil if encoded_content.nil?
encoded << encoded_content
end

11
lib/rex/java/serialization/model/block_data.rb
View File

@ -22,17 +22,19 @@ module Rex
#
# @param io [IO] the io to read from
# @return [self] if deserialization is possible
# @return [nil] if deserialization isn't possible
# @raise [RuntimeError] if deserialization isn't possible
def decode(io)
raw_length = io.read(1)
return nil if raw_length.nil?
raise RuntimeError, 'Failed to unserialize BlockData' if raw_length.nil?
self.length = raw_length.unpack('C')[0]
if length == 0
self.contents = ''
else
self.contents = io.read(length)
return nil if contents.nil? || contents.length != length
if contents.nil? || contents.length != length
raise RuntimeError, 'Failed to unserialize BlockData'
end
end
self
@ -40,8 +42,7 @@ module Rex
# Serializes the Java::Serialization::Model::BlockData
#
# @return [String] if serialization is possible
# @return [nil] if serialization isn't possible
# @return [String]
def encode
encoded = [length].pack('C')
encoded << contents

13
lib/rex/java/serialization/model/block_data_long.rb
View File

@ -22,17 +22,21 @@ module Rex
#
# @param io [IO] the io to read from
# @return [self] if deserialization is possible
# @return [nil] if deserialization isn't possible
# @raise [RuntimeError] if deserialization isn't possible
def decode(io)
raw_length = io.read(4)
return nil if raw_length.nil?
if raw_length.nil? || raw_length.length != 4
raise ::RuntimeError, 'Failed to unserialize BlockDataLong'
end
self.length = raw_length.unpack('N')[0]
if length == 0
self.contents = ''
else
self.contents = io.read(length)
return nil if contents.nil? || contents.length != length
if contents.nil? || contents.length != length
raise ::RuntimeError, 'Failed to unserialize BlockData'
end
end
self
@ -40,8 +44,7 @@ module Rex
# Serializes the Java::Serialization::Model::BlockDataLong
#
# @return [String] if serialization is possible
# @return [nil] if serialization isn't possible
# @return [String]
def encode
encoded = [length].pack('N')
encoded << contents

20
lib/rex/java/serialization/model/field.rb
View File

@ -44,18 +44,19 @@ module Rex
#
# @param io [IO] the io to read from
# @return [self] if deserialization is possible
# @return [nil] if deserialization isn't possible
# @faise [RuntimeError] if deserialization isn't possible
def decode(io)
code = io.read(1)
return nil unless code && is_valid?(code)
self.type = TYPE_CODES[code]
unless code && is_valid?(code)
raise ::RuntimeError, 'Failed to unserialize Field'
end
self.type = TYPE_CODES[code]
self.name = Utf.decode(io)
return nil if name.nil?
if is_object?
self.field_type = decode_field_type(io)
return nil if field_type.nil?
end
self
@ -64,10 +65,10 @@ module Rex
# Serializes the Java::Serialization::Model::Field
#
# @return [String] if serialization is possible
# @return [nil] if serialization isn't possible
# @raise [RuntimeError] if serialization isn't possible
def encode
unless is_type_valid?
return nil
raise ::RuntimeError, 'Failed to serialize Field'
end
encoded = ''
@ -142,9 +143,12 @@ module Rex
#
# @param io [IO] the io to read from
# @return [Java::Serialization::Model::Utf]
# @raise [RuntimeError] if unserialization isn't possible
def decode_field_type(io)
opcode = io.read(1)
return nil unless opcode && opcode == [Java::Serialization::TC_STRING].pack('C')
unless opcode && opcode == [Java::Serialization::TC_STRING].pack('C')
raise ::RuntimeError, 'Failed to unserialize Field'
end
type = Utf.decode(io)
type

11
lib/rex/java/serialization/model/long_utf.rb
View File

@ -11,14 +11,18 @@ module Rex
# @return [nil] if deserialization isn't possible
def decode(io)
raw_length = io.read(8)
return nil if raw_length.nil?
if raw_length.nil? || raw_length.length != 8
raise ::RuntimeError, 'Failed to unserialize LongUtf'
end
self.length = raw_length.unpack('Q>')[0]
if length == 0
self.contents = ''
else
self.contents = io.read(length)
return nil if contents.nil? || contents.length != length
if contents.nil? || contents.length != length
raise ::RuntimeError, 'Failed to unserialize LongUtf'
end
end
self
@ -26,8 +30,7 @@ module Rex
# Serializes the Java::Serialization::Model::LongUtf
#
# @return [String] if serialization is possible
# @return [nil] if serialization isn't possible
# @return [String]
def encode
encoded = [length].pack('Q>')
encoded << contents

13
lib/rex/java/serialization/model/utf.rb
View File

@ -22,17 +22,21 @@ module Rex
#
# @param io [IO] the io to read from
# @return [self] if deserialization is possible
# @return [nil] if deserialization isn't possible
# @raise [RuntimeError] if deserialization isn't possible
def decode(io)
raw_length = io.read(2)
return nil if raw_length.nil?
if raw_length.nil? || raw_length.length != 2
raise ::RuntimeError, 'Failed to unserialize Utf'
end
self.length = raw_length.unpack('n')[0]
if length == 0
self.contents = ''
else
self.contents = io.read(length)
return nil if contents.nil? || contents.length != length
if contents.nil? || contents.length != length
raise ::RuntimeError, 'Failed to unserialize Utf'
end
end
self
@ -40,8 +44,7 @@ module Rex
# Serializes the Java::Serialization::Model::Utf
#
# @return [String] if serialization is possible
# @return [nil] if serialization isn't possible
# @return [String]
def encode
encoded = [length].pack('n')
encoded << contents

4
spec/lib/rex/java/serialization/model/block_data_long_spec.rb
View File

@ -45,7 +45,7 @@ describe Rex::Java::Serialization::Model::BlockDataLong do
describe "#decode" do
context "when stream contains empty string" do
it "returns nil" do
expect(block.decode(empty_io)).to be_nil
expect { block.decode(empty_io) }.to raise_error(::RuntimeError)
end
end
@ -67,7 +67,7 @@ describe Rex::Java::Serialization::Model::BlockDataLong do
context "when stream contains incomplete block" do
it "returns nil" do
expect(block.decode(incomplete_block_io)).to be_nil
expect { block.decode(incomplete_block_io) }.to raise_error(::RuntimeError)
end
end

4
spec/lib/rex/java/serialization/model/block_data_spec.rb
View File

@ -45,7 +45,7 @@ describe Rex::Java::Serialization::Model::BlockData do
describe "#decode" do
context "when stream contains empty string" do
it "returns nil" do
expect(block.decode(empty_io)).to be_nil
expect { block.decode(empty_io) }.to raise_error(::RuntimeError)
end
end
@ -67,7 +67,7 @@ describe Rex::Java::Serialization::Model::BlockData do
context "when stream contains incomplete block" do
it "returns nil" do
expect(block.decode(incomplete_block_io)).to be_nil
expect { block.decode(incomplete_block_io) }.to raise_error(::RuntimeError)
end
end

2
spec/lib/rex/java/serialization/model/field_spec.rb
View File

@ -31,7 +31,7 @@ describe Rex::Java::Serialization::Model::Field do
describe "#encode" do
context "when empty field" do
it { expect(field.encode).to be_nil }
it { expect { field.encode }.to raise_error(::RuntimeError) }
end
context "when primitive field" do

6
spec/lib/rex/java/serialization/model/long_utf_spec.rb
View File

@ -44,8 +44,8 @@ describe Rex::Java::Serialization::Model::LongUtf do
describe "#decode" do
context "when stream contains empty string" do
it "returns nil" do
expect(long_utf.decode(empty_io)).to be_nil
it "raises RuntimeError" do
expect { long_utf.decode(empty_io) }.to raise_error(::RuntimeError)
end
end
@ -67,7 +67,7 @@ describe Rex::Java::Serialization::Model::LongUtf do
context "when stream contains incomplete long_utf" do
it "returns nil" do
expect(long_utf.decode(incomplete_utf_io)).to be_nil
expect { long_utf.decode(incomplete_utf_io) }.to raise_error(::RuntimeError)
end
end

8
spec/lib/rex/java/serialization/model/utf_spec.rb
View File

@ -44,8 +44,8 @@ describe Rex::Java::Serialization::Model::Utf do
describe "#decode" do
context "when stream contains empty string" do
it "returns nil" do
expect(utf.decode(empty_io)).to be_nil
it "raises RuntimeError" do
expect { utf.decode(empty_io) }.to raise_error(::RuntimeError)
end
end
@ -66,8 +66,8 @@ describe Rex::Java::Serialization::Model::Utf do
end
context "when stream contains incomplete utf" do
it "returns nil" do
expect(utf.decode(incomplete_utf_io)).to be_nil
it "raises RuntimeError" do
expect { utf.decode(incomplete_utf_io) }.to raise_error(::RuntimeError)
end
end