Fix a bug in NULL pointer bug when reading UDP channels #207
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes a segmentation fault where if in
udp_client_read
,network_client_read_msg
returnsNULL
it was not being checked before being passed tomemcpy
. This lead to the Meterpreter session crashing.After fixing this issue, I noticed that
channel_set_interactive
was incorrectly using an unsigned value forbuf_len
causing it to not properly handle error statuses of-1
. I updated that so it will only forward data tosend_write_request
when the value is a positive integer.You can reproduce this using the
enum_dns
module.Testing Steps
route add 0.0.0.0 -1
auxiliary/gather/enum_dns
module, set the DOMAIN todigi.ninja
(domain taken from auxiliary/gather/enum_dns - Auxiliary failed: NoMethodError undefined method `port' for #<Dnsruby::RR::IN::CNAME:0x000055891929efa8> metasploit-framework#13952)Example Output
Up to this point used the unpatched version. Between these two lines, I compiled my changes from this PR and re-ran the mettle binary.