mo fixes mo specs

SEERM #7536 SEERM #7537
2013-07-18 15:00:57 -05:00 · 2013-07-18 15:00:57 -05:00 · ec82644bd3
parent 57dd525714
commit ec82644bd3
4 changed files with 32 additions and 5 deletions
--- a/lib/msf/core/option_container.rb
+++ b/lib/msf/core/option_container.rb
@ -338,8 +338,8 @@ class OptAddress < OptBase
        # Covers a wierdcase where an incomplete ipv4 address will have it's
        # missing octets filled in  with 0's. (e.g 192.168 become 192.0.0.168)
        # which does not feel like a legit behaviour
-        if value =~ /^(\d{1,3}\.*){1,3}$/ and getaddr_result.gsub('.0','') == value
-          return false
+        if value =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
+          return false unless value =~ Rex::Socket::MATCH_IPV4
        end
 			rescue
 				return false
@ -384,7 +384,9 @@ class OptAddressRange < OptBase
    return false unless value.kind_of?(String) or value.kind_of?(NilClass)

 		if (value != nil and value.empty? == false)
-			walker = Rex::Socket::RangeWalker.new(normalize(value))
+      normalized = normalize(value)
+      return false if normalized.nil?
+			walker = Rex::Socket::RangeWalker.new(normalized)
 			if (not walker or not walker.valid?)
 				return false
 			end
--- a/lib/rex/socket/range_walker.rb
+++ b/lib/rex/socket/range_walker.rb
@ -95,9 +95,12 @@ class RangeWalker
 				return false if ip_part.nil? or ip_part.empty? or mask_part.nil? or mask_part.empty?
 				return false if mask_part !~ /^[0-9]{1,2}$/ # Illegal mask -- numerals only
 				return false if mask_part.to_i > 32 # This too -- between 0 and 32.
+        if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
+          return false unless ip_part =~ Rex::Socket::MATCH_IPV4
+        end
 				begin
-					Rex::Socket.addr_atoi(ip_part) # This allows for "www.metasploit.com/24" which is fun.
-				rescue Resolv::ResolvError
+					Rex::Socket.getaddress(ip_part) # This allows for "www.metasploit.com/24" which is fun.
+				rescue Resolv::ResolvError, ::SocketError
 					return false # Can't resolve the ip_part, so bail.
 				end

--- a/spec/lib/msf/core/option_container/optaddressrange_spec.rb
+++ b/spec/lib/msf/core/option_container/optaddressrange_spec.rb
@ -70,6 +70,18 @@ describe Msf::OptAddressRange do
      optional_rhosts.valid?(nil).should == true
    end

+    it 'should return false for a range missing octets' do
+      subject.valid?('192.168/24').should == false
+    end
+
+    it 'should return false for a range with too many octets' do
+      subject.valid?('192.168.1.2.0/24').should == false
+    end
+
+    it 'should return true for a CIDR range' do
+      subject.valid?('192.168.1.0/24').should == true
+    end
+
  end


--- a/spec/lib/rex/socket/range_walker_spec.rb
+++ b/spec/lib/rex/socket/range_walker_spec.rb
@ -28,6 +28,16 @@ describe Rex::Socket::RangeWalker do
    walker.should include("10.1.3.5")
  end

+  it 'should reject CIDR ranges with missing octets' do
+    walker = Rex::Socket::RangeWalker.new('192.168/24')
+    walker.should_not be_valid
+  end
+
+  it 'should reject a CIDR range with too many octets' do
+    walker = Rex::Socket::RangeWalker.new('192.168.1.2.0/24')
+    walker.should_not be_valid
+  end
+
  it "should default the lower bound of a range to 0" do
    walker = Rex::Socket::RangeWalker.new("10.1.3.-17")
    walker.should be_valid