Add a second chance on cmd_use for bug #4549 #4615
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a weak attempt to solve a race condition between modules loading and cmd_use being fired. Upon startup, saved configurations, running resource scripts, and running commands will sometimes jump ahead of the module loading procedure. I have not discovered where the race actually is and how to cause the race to happen. However, the timing seems to be fairly close to a second; by waiting three seconds after trying use again, we seem to be in the clear, at least according to testing. Fixes rapid7#4549, but better solutions are welcome!
|
Marking this as |
added 2 commits
January 20, 2015 16:21
Because it reads nicer, though `mod` will never be `FalseClass`
|
I couldn't use |
todb-r7
pushed a commit
to todb-r7/metasploit-framework
that referenced
this pull request
Mar 17, 2015
This reverts commit a52f491, reversing changes made to 2f4ad97. [See rapid7#4340]
todb-r7
pushed a commit
to todb-r7/metasploit-framework
that referenced
this pull request
Mar 17, 2015
Replaces the strategy in rapid7#4615. [See rapid7#4340]
todb-r7
pushed a commit
to todb-r7/metasploit-framework
that referenced
this pull request
Mar 17, 2015
In order to avoid wasting too much time sleeping between attempts, just sleep 0.1 seconds and retry 300 times. Also fixed a style bug on line 2565, use `return false unless mod` instead of `return false if mod.nil?` [See rapid7#4340] [See rapid7#4615]
4 tasks
todb-r7
pushed a commit
to todb-r7/metasploit-framework
that referenced
this pull request
Mar 24, 2015
This reverts commit a52f491, reversing changes made to 2f4ad97. [See rapid7#4340]
todb-r7
pushed a commit
to todb-r7/metasploit-framework
that referenced
this pull request
Mar 24, 2015
Replaces the strategy in rapid7#4615. [See rapid7#4340]
todb-r7
pushed a commit
to todb-r7/metasploit-framework
that referenced
this pull request
Mar 24, 2015
In order to avoid wasting too much time sleeping between attempts, just sleep 0.1 seconds and retry 300 times. Also fixed a style bug on line 2565, use `return false unless mod` instead of `return false if mod.nil?` [See rapid7#4340] [See rapid7#4615]
This was referenced Dec 20, 2016
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a weak attempt to solve a race condition between modules loading and cmd_use being fired. Upon startup, saved configurations, running resource scripts, and running commands will sometimes jump ahead of the module loading procedure.
I have not discovered where the race actually is and how to cause the race to happen. However, the timing seems to be fairly close to a second; by waiting three seconds after trying use again, we seem to be in the clear, at least according to testing.
Fixes #4549, but better solutions are welcome.
Verification
for i in {1..20}; do echo Attempt $i; time ./msfconsole -Lqx "use auxiliary/scanner/http/http_version;exit"; echo Sleeping...; sleep 5; doneIn the usual case, where the modules load before you try to use the one, you should see something like this:
If you're currently unlucky, or enter a period of unluckiness, you will see see a result like this:
Note the three second difference between
Attempt 1andAttempt 2.Yes, this is a test that relies on luck. Totally scientific, I know.
I don't know what causes the initial fail, but it is resolved after a three second delay. This delayed
cmd_usefunctionality will only last as long as the conditions are that thecmd_usewould otherwise normally fail.time ./msfconsole -Lqx "use auxiliary/fake/module/here;exit"Note that the time taken should be three seconds longer than normal, just as in the caught failure case.
@limhoff-r7 or @jlee-r7 will likely have a better solution for this some time, but please don't let that block you landing this. I'm not thrilled with the fix but it's better than having automated jobs fail out. It's also better than asking users to remember to drop in
sleepcommands in their rc scripts.