In #4475, I incorrectly interpreted the role of the 'incomplete' array
in monitor_socket, and that change should be reverted.
What appears to happen is, we play a kind of 3-card monty with the list
of received packets that are waiting for a handler to use them.
monitor_socket continually loops between putting the packets on @pqueue,
then into backlog[] to sort them, then into incomplete[] to list all of
the packets that did not have handlers, finally back into @pqueue again.
If packets don't continually get shuffled back into incomplete, they are
not copied back into @pqueue to get rescanned again.
The only reason anything should really get into incomplete[] is if we
receive a packet, but there is nothing to handle it. This scenario
sounds like a bug, but it is exactly what happens with the Tcp Client
channel - one can open a new channel, and receive a response packet back
from the channel before the subsequent read_once code runs to register a
handler to actually process it. This would be akin to your OS
speculatively accepting data on a TCP socket with no listener, then when
you open the socket for the first time, its already there.
While it would be nice if the handlers were setup before the data was
sent back, rather than relying on a handler being registered some time
between connect and PacketTimeout, this needs to get in now to stop the
bleeding. The original meterpreter crash issue from #4475 appears to be
gone as well.
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).
It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.
I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes#3798. The way I see it, #3798 is actually a module-specific issue.
Fix#4616Fix#3798
Jonathan Claudius
Jon Hart
Tod Beardsley
William Vu
sinn3r
jvazquez-r7
aczire
Spencer McIntyre
Brent Cook
Samuel Huckins