Fix #16684, Set @peer_info in #initialize #17036
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #16684
The
#tunnel_peer
method caches the value in the@peer_info
attribute. If#rstream
is closed when this is called, it'll raise an exception and return the address '127.0.0.1' which is incorrect. The#rstream
is only open for a short period of time when serving an HTTP request, which means that if the information was not cached while the socket was opened, it's unavailable.It would appear as though commit 38688e1 introduced in PR #14844 changed where
#tunnel_peer
is called for the first time. After that change, the socket is already closed in the case of thereverse_http
transport, leading to the address '127.0.0.1' being incorrectly reported as the remote host.This change fixes the issue by updating
#initialize
to proactively set@peer_info
if#rstream
is provided. This will ensure that the information is set for later use. If it fails for some reason then@peer_info
will be left unset and#tunnel_peer
will attempt to set it again. This should account for cases of#rstream
being set later. I don't know of any cases of this happening but it seems like something worth accounting for.Verification
List the steps needed to make sure this thing works
msfconsole
reverse_http(s)
handlerDemo
Unpatched on the left, patched on the right.
![image](https://user-images.githubusercontent.com/2058303/191077306-5d2b73c9-40ee-421c-9bd2-e14608ed53cb.png)