Browse Source

FixRM #8396 change all lib use of regex to 8-bit pattern

HD Moore 6 years ago
parent
commit
72dff03426

+ 2
- 2
lib/metasm/metasm/disassemble_api.rb View File

@@ -776,10 +776,10 @@ class Disassembler
776 776
   def strings_scan(minlen=6)
777 777
     ret = []
778 778
     nexto = 0
779
-    pattern_scan(/[\x20-\x7e]{#{minlen},}/m, nil, 1024) { |o|
779
+    pattern_scan(/[\x20-\x7e]{#{minlen},}/nm, nil, 1024) { |o|
780 780
       if o - nexto > 0
781 781
         next unless e = get_edata_at(o)
782
-        str = e.data[e.ptr, 1024][/[\x20-\x7e]{#{minlen},}/m]
782
+        str = e.data[e.ptr, 1024][/[\x20-\x7e]{#{minlen},}/nm]
783 783
         ret << [o, str] if not block_given? or yield(o, str)
784 784
         nexto = o + str.length
785 785
       end

+ 2
- 2
lib/metasm/metasm/gui/dasm_hex.rb View File

@@ -231,7 +231,7 @@ class HexWidget < DrawableWidget
231 231
       end
232 232
       if @show_ascii and d
233 233
         x = xa + d_o*@font_width
234
-        d = d.gsub(/[^\x20-\x7e]/, '.')
234
+        d = d.gsub(/[^\x20-\x7e]/n, '.')
235 235
         if wp.empty?
236 236
           render[d, :ascii]
237 237
         else
@@ -393,7 +393,7 @@ class HexWidget < DrawableWidget
393 393
   # pop a dialog, scans the sections for a hex pattern
394 394
   def prompt_search_hex
395 395
     inputbox('hex pattern to search (hex regexp, use .. for wildcard)') { |pat|
396
-      pat = pat.gsub(' ', '').gsub('..', '.').gsub(/[0-9a-f][0-9a-f]/i) { |o| "\\x#{o}" }
396
+      pat = pat.gsub(' ', '').gsub('..', '.').gsub(/[0-9a-f][0-9a-f]/ni) { |o| "\\x#{o}" }
397 397
       pat = Regexp.new(pat, Regexp::MULTILINE, 'n')	# 'n' = force ascii-8bit
398 398
       list = [['addr']] + @dasm.pattern_scan(pat).map { |a| [Expression[a]] }
399 399
       listwindow("hex search #{pat}", list) { |i| focus_addr i[0] }

+ 6
- 6
lib/msf/core/auxiliary/nmap.rb View File

@@ -59,7 +59,7 @@ def get_nmap_ver
59 59
   nmap_cmd = [self.nmap_bin]
60 60
   nmap_cmd << "--version"
61 61
   res << %x{#{nmap_cmd.join(" ")}} rescue nil
62
-  res.gsub(/[\x0d\x0a]/,"")
62
+  res.gsub(/[\x0d\x0a]/n,"")
63 63
 end
64 64
 
65 65
 # Takes a version string in the form of Major.Minor and compares to
@@ -68,16 +68,16 @@ end
68 68
 # Comparing an Integer is okay, though.
69 69
 def nmap_version_at_least?(test_ver=nil)
70 70
   raise ArgumentError, "Cannot compare a Float, use a String or Integer" if test_ver.kind_of? Float
71
-  unless test_ver.to_s[/^([0-9]+(\x2e[0-9]+)?)/]
71
+  unless test_ver.to_s[/^([0-9]+(\x2e[0-9]+)?)/n]
72 72
     raise ArgumentError, "Bad Nmap comparison version: #{test_ver.inspect}"
73 73
   end
74 74
   test_ver_str = test_ver.to_s
75
-  tnum_arr = $1.split(/\x2e/)[0,2].map {|x| x.to_i}
75
+  tnum_arr = $1.split(/\x2e/n)[0,2].map {|x| x.to_i}
76 76
   installed_ver = get_nmap_ver()
77 77
   vtag = installed_ver.split[2] # Should be ["Nmap", "version", "X.YZTAG", "(", "http..", ")"]
78 78
   return false if (vtag.nil? || vtag.empty?)
79
-  return false unless (vtag =~ /^([0-9]+\x2e[0-9]+)/) # Drop the tag.
80
-  inum_arr = $1.split(/\x2e/)[0,2].map {|x| x.to_i}
79
+  return false unless (vtag =~ /^([0-9]+\x2e[0-9]+)/n) # Drop the tag.
80
+  inum_arr = $1.split(/\x2e/n)[0,2].map {|x| x.to_i}
81 81
   return true if inum_arr[0] > tnum_arr[0]
82 82
   return false if inum_arr[0] < tnum_arr[0]
83 83
   inum_arr[1].to_i >= tnum_arr[1].to_i
@@ -228,7 +228,7 @@ def nmap_validate_arg(str)
228 228
     return false
229 229
   end
230 230
   # Check for commas outside of quoted arguments
231
-  quoted_22 = /\x22[^\x22]*\x22/
231
+  quoted_22 = /\x22[^\x22]*\x22/n
232 232
   requoted_str = str.gsub(/'/,"\"")
233 233
   if requoted_str.split(quoted_22).join[/,/]
234 234
     print_error "Malformed nmap arguments (unquoted comma): #{str}"

+ 16
- 16
lib/msf/core/db.rb View File

@@ -358,7 +358,7 @@ class DBManager
358 358
     opts.each { |k,v|
359 359
       if (host.attribute_names.include?(k.to_s))
360 360
         unless host.attribute_locked?(k.to_s)
361
-          host[k] = v.to_s.gsub(/[\x00-\x1f]/, '')
361
+          host[k] = v.to_s.gsub(/[\x00-\x1f]/n, '')
362 362
         end
363 363
       else
364 364
         dlog("Unknown attribute for ::Mdm::Host: #{k}")
@@ -481,7 +481,7 @@ class DBManager
481 481
 
482 482
       if (host.attribute_names.include?(k.to_s))
483 483
         unless host.attribute_locked?(k.to_s)
484
-          host[k] = v.to_s.gsub(/[\x00-\x1f]/, '')
484
+          host[k] = v.to_s.gsub(/[\x00-\x1f]/n, '')
485 485
         end
486 486
       else
487 487
         dlog("Unknown attribute for Host: #{k}")
@@ -1536,12 +1536,12 @@ class DBManager
1536 1536
     if (token[0])
1537 1537
       # convert the token to US-ASCII from UTF-8 to prevent an error
1538 1538
       token[0] = token[0].unpack("C*").pack("C*")
1539
-      token[0] = token[0].gsub(/[\x00-\x1f\x7f-\xff]/){|m| "\\x%.2x" % m.unpack("C")[0] }
1539
+      token[0] = token[0].gsub(/[\x00-\x1f\x7f-\xff]/n){|m| "\\x%.2x" % m.unpack("C")[0] }
1540 1540
     end
1541 1541
 
1542 1542
     if (token[1])
1543 1543
       token[1] = token[1].unpack("C*").pack("C*")
1544
-      token[1] = token[1].gsub(/[\x00-\x1f\x7f-\xff]/){|m| "\\x%.2x" % m.unpack("C")[0] }
1544
+      token[1] = token[1].gsub(/[\x00-\x1f\x7f-\xff]/n){|m| "\\x%.2x" % m.unpack("C")[0] }
1545 1545
     end
1546 1546
 
1547 1547
     ret = {}
@@ -2853,7 +2853,7 @@ class DBManager
2853 2853
         return REXML::Document.new(data)
2854 2854
       rescue REXML::ParseException => e
2855 2855
         dlog("REXML error: Badly formatted XML, attempting to recover. Error was: #{e.inspect}")
2856
-        return REXML::Document.new(data.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xff])/){ |x| "\\x%.2x" % x.unpack("C*")[0] })
2856
+        return REXML::Document.new(data.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xff])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] })
2857 2857
       end
2858 2858
     end
2859 2859
   end
@@ -3055,7 +3055,7 @@ class DBManager
3055 3055
           @import_filedata[:type] = "Appscan"
3056 3056
           return :appscan_xml
3057 3057
         when "entities"
3058
-          if  line =~ /creator.*\x43\x4f\x52\x45\x20\x49\x4d\x50\x41\x43\x54/i
3058
+          if  line =~ /creator.*\x43\x4f\x52\x45\x20\x49\x4d\x50\x41\x43\x54/ni
3059 3059
             @import_filedata[:type] = "CI"
3060 3060
             return :ci_xml
3061 3061
           end
@@ -3342,8 +3342,8 @@ class DBManager
3342 3342
   def inspect_single_packet_http(pkt,wspace,task=nil)
3343 3343
     # First, check the server side (data from port 80).
3344 3344
     if pkt.is_tcp? and pkt.tcp_src == 80 and !pkt.payload.nil? and !pkt.payload.empty?
3345
-      if pkt.payload =~ /^HTTP\x2f1\x2e[01]/
3346
-        http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/)
3345
+      if pkt.payload =~ /^HTTP\x2f1\x2e[01]/n
3346
+        http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/n)
3347 3347
         if http_server_match.kind_of?(MatchData) and http_server_match[1]
3348 3348
           report_service(
3349 3349
               :workspace => wspace,
@@ -3363,8 +3363,8 @@ class DBManager
3363 3363
 
3364 3364
     # Next, check the client side (data to port 80)
3365 3365
     if pkt.is_tcp? and pkt.tcp_dst == 80 and !pkt.payload.nil? and !pkt.payload.empty?
3366
-      if pkt.payload.match(/[\x00-\x20]HTTP\x2f1\x2e[10]/)
3367
-        auth_match = pkt.payload.match(/\nAuthorization:\s+Basic\s+([A-Za-z0-9=\x2b]+)/)
3366
+      if pkt.payload.match(/[\x00-\x20]HTTP\x2f1\x2e[10]/n)
3367
+        auth_match = pkt.payload.match(/\nAuthorization:\s+Basic\s+([A-Za-z0-9=\x2b]+)/n)
3368 3368
         if auth_match.kind_of?(MatchData) and auth_match[1]
3369 3369
           b64_cred = auth_match[1]
3370 3370
         else
@@ -3476,7 +3476,7 @@ class DBManager
3476 3476
     data.each_line do |line|
3477 3477
       case line
3478 3478
       when /^[\s]*#/ # Comment lines
3479
-        if line[/^#[\s]*([0-9.]+):([0-9]+)(\x2f(tcp|udp))?[\s]*(\x28([^\x29]*)\x29)?/]
3479
+        if line[/^#[\s]*([0-9.]+):([0-9]+)(\x2f(tcp|udp))?[\s]*(\x28([^\x29]*)\x29)?/n]
3480 3480
           addr = $1
3481 3481
           port = $2
3482 3482
           proto = $4
@@ -3492,7 +3492,7 @@ class DBManager
3492 3492
         user = ([nil, "<BLANK>"].include?($1)) ? "" : $1
3493 3493
         pass = ""
3494 3494
         ptype = "smb_hash"
3495
-      when /^[\s]*([\x21-\x7f]+)[\s]+([\x21-\x7f]+)?/ # Must be a user pass
3495
+      when /^[\s]*([\x21-\x7f]+)[\s]+([\x21-\x7f]+)?/n # Must be a user pass
3496 3496
         user = ([nil, "<BLANK>"].include?($1)) ? "" : dehex($1)
3497 3497
         pass = ([nil, "<BLANK>"].include?($2)) ? "" : dehex($2)
3498 3498
         ptype = "password"
@@ -3531,7 +3531,7 @@ class DBManager
3531 3531
 
3532 3532
   # If hex notation is present, turn them into a character.
3533 3533
   def dehex(str)
3534
-    hexen = str.scan(/\x5cx[0-9a-fA-F]{2}/)
3534
+    hexen = str.scan(/\x5cx[0-9a-fA-F]{2}/n)
3535 3535
     hexen.each { |h|
3536 3536
       str.gsub!(h,h[2,2].to_i(16).chr)
3537 3537
     }
@@ -5039,7 +5039,7 @@ class DBManager
5039 5039
       next if r[0] != 'results'
5040 5040
       next if r[4] != "12053"
5041 5041
       data = r[6]
5042
-      addr,hname = data.match(/([0-9\x2e]+) resolves as (.+)\x2e\\n/)[1,2]
5042
+      addr,hname = data.match(/([0-9\x2e]+) resolves as (.+)\x2e\\n/n)[1,2]
5043 5043
       addr_map[hname] = addr
5044 5044
     end
5045 5045
 
@@ -5160,7 +5160,7 @@ class DBManager
5160 5160
       # HostName
5161 5161
       host.elements.each('ReportItem') do |item|
5162 5162
         next unless item.elements['pluginID'].text == "12053"
5163
-        addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/)[1]
5163
+        addr = item.elements['data'].text.match(/([0-9\x2e]+) resolves as/n)[1]
5164 5164
         hname = host.elements['HostName'].text
5165 5165
       end
5166 5166
       addr ||= host.elements['HostName'].text
@@ -5855,7 +5855,7 @@ class DBManager
5855 5855
 
5856 5856
     data.each_line do |line|
5857 5857
       next if line =~ /^#/
5858
-      next if line !~ /^Protocol on ([^:]+):([^\x5c\x2f]+)[\x5c\x2f](tcp|udp) matches (.*)$/
5858
+      next if line !~ /^Protocol on ([^:]+):([^\x5c\x2f]+)[\x5c\x2f](tcp|udp) matches (.*)$/n
5859 5859
       addr   = $1
5860 5860
       next if bl.include? addr
5861 5861
       port   = $2.to_i

+ 4
- 4
lib/msf/core/db_export.rb View File

@@ -20,7 +20,7 @@ class Export
20 20
   end
21 21
 
22 22
   def myusername
23
-    @username ||= (ENV['LOGNAME'] || ENV['USERNAME'] || ENV['USER'] || "unknown").to_s.strip.gsub(/[^A-Za-z0-9\x20]/,"_")
23
+    @username ||= (ENV['LOGNAME'] || ENV['USERNAME'] || ENV['USER'] || "unknown").to_s.strip.gsub(/[^A-Za-z0-9\x20]/n,"_")
24 24
   end
25 25
 
26 26
   # Hosts are always allowed. This is really just a stub.
@@ -115,7 +115,7 @@ class Export
115 115
             user = (c.user.nil? || c.user.empty?) ? "<BLANK>" : c.user
116 116
             pass = (c.pass.nil? || c.pass.empty?) ? "<BLANK>" : c.pass
117 117
             if pass != "<BLANK>"
118
-              pass = (c.pass.upcase =~ /^[\x20-\x7e]*:[A-F0-9]{48}:[A-F0-9]{50,}/m) ? c.pass : "<BLANK>"
118
+              pass = (c.pass.upcase =~ /^[\x20-\x7e]*:[A-F0-9]{48}:[A-F0-9]{50,}/nm) ? c.pass : "<BLANK>"
119 119
             end
120 120
             if pass == "<BLANK>"
121 121
               # Basically this is an error (maybe around [\x20-\x7e] in regex) above
@@ -206,7 +206,7 @@ class Export
206 206
 
207 207
     report_file.write %Q|<?xml version="1.0" encoding="UTF-8"?>\n|
208 208
     report_file.write %Q|<MetasploitV4>\n|
209
-    report_file.write %Q|<generated time="#{Time.now.utc}" user="#{myusername}" project="#{myworkspace.name.gsub(/[^A-Za-z0-9\x20]/,"_")}" product="framework"/>\n|
209
+    report_file.write %Q|<generated time="#{Time.now.utc}" user="#{myusername}" project="#{myworkspace.name.gsub(/[^A-Za-z0-9\x20]/n,"_")}" product="framework"/>\n|
210 210
 
211 211
     yield(:status, "start", "hosts") if block_given?
212 212
     report_file.write %Q|<hosts>\n|
@@ -352,7 +352,7 @@ class Export
352 352
     if value
353 353
       data = marshalize(value)
354 354
       data.force_encoding(Encoding::BINARY) if data.respond_to?('force_encoding')
355
-      data.gsub!(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/){ |x| "\\x%.2x" % x.unpack("C*")[0] }
355
+      data.gsub!(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] }
356 356
       el << REXML::Text.new(data)
357 357
     end
358 358
     return el

+ 3
- 3
lib/msf/core/exploit/arkeia.rb View File

@@ -135,11 +135,11 @@ module Exploit::Remote::Arkeia
135 135
     end
136 136
 
137 137
     # Store the version information
138
-    mver = resp.match(/IVERSION\x00([^\x00]+)/)
138
+    mver = resp.match(/IVERSION\x00([^\x00]+)/n)
139 139
     info['Version'] = mver[1] if mver
140 140
 
141 141
     # Store the hostname information
142
-    mver = resp.match(/ISERVNAME\x00([^\x00]+)/)
142
+    mver = resp.match(/ISERVNAME\x00([^\x00]+)/n)
143 143
     info['Hostname'] = mver[1] if mver
144 144
 
145 145
     # Begin the ARKADMIN_GET_MACHINE_INFO request
@@ -182,7 +182,7 @@ module Exploit::Remote::Arkeia
182 182
 
183 183
     # Finally, parse out and store all the parameters
184 184
     resp.split("TPVALUE\x00").each { |x|
185
-      minf = x.match(/^([^\x00]+)\x00PNAME\x00([^\x00]+)/)
185
+      minf = x.match(/^([^\x00]+)\x00PNAME\x00([^\x00]+)/n)
186 186
       if (minf)
187 187
         info[ minf[2] ] = minf[1]
188 188
       end

+ 2
- 2
lib/msf/core/exploit/http/client.rb View File

@@ -463,8 +463,8 @@ module Exploit::Remote::HttpClient
463 463
     end
464 464
 
465 465
     if datastore['RPORT'].to_i == 3790
466
-      if res.code == 302 and res.headers and res.headers['Location'] =~ /[\x5c\x2f](login|setup)$/
467
-        if res['Server'] =~ /^(thin.*No Hup)|(nginx[\x5c\x2f][\d\.]+)$/
466
+      if res.code == 302 and res.headers and res.headers['Location'] =~ /[\x5c\x2f](login|setup)$/n
467
+        if res['Server'] =~ /^(thin.*No Hup)|(nginx[\x5c\x2f][\d\.]+)$/n
468 468
           extras << "Metasploit"
469 469
         end
470 470
       end

+ 3
- 3
lib/msf/core/exploit/mysql.rb View File

@@ -110,9 +110,9 @@ module Exploit::Remote::MYSQL
110 110
     end
111 111
 
112 112
     if plugin_res.respond_to? :split
113
-      target_path = plugin_res.split(/[\x5c\x2f]+/).join("/") << "/"
113
+      target_path = plugin_res.split(/[\x5c\x2f]+/n).join("/") << "/"
114 114
     elsif base_res.respond_to? :split
115
-      target_path = base_res.split(/[\x5c\x2f]+/).join("/") << "/bin/"
115
+      target_path = base_res.split(/[\x5c\x2f]+/n).join("/") << "/bin/"
116 116
     else
117 117
       print_error "Cannot determine the plugin directory."
118 118
       return false
@@ -123,7 +123,7 @@ module Exploit::Remote::MYSQL
123 123
     print_status "Checking for temp directory..."
124 124
     res = mysql_get_variable("@@tmpdir")
125 125
     if res.respond_to? :split
126
-      target_path = res.split(/[\x5c\x2f]+/).join("/") << "/"
126
+      target_path = res.split(/[\x5c\x2f]+/n).join("/") << "/"
127 127
     else
128 128
       print_error "Cannot determine the temp directory, exiting."
129 129
       return false

+ 2
- 2
lib/msf/core/exploit/realport.rb View File

@@ -195,7 +195,7 @@ module Exploit::Remote::RealPort
195 195
     # Send negotiate request
196 196
     sock.put(pkt2)
197 197
     res = sock.get_once(-1, 5)
198
-    if res.to_s =~ /^\xff/
198
+    if res.to_s =~ /^\xff/n
199 199
       vprint_status("#{target_host}:#{rport} Port:#{port} is closed: #{res.inspect}")
200 200
       return :closed
201 201
     end
@@ -221,7 +221,7 @@ module Exploit::Remote::RealPort
221 221
     sock.put(pkt3)
222 222
     res = sock.get_once(-1, 5)
223 223
 
224
-    if res.to_s =~ /^\xff/
224
+    if res.to_s =~ /^\xff/n
225 225
       vprint_status("#{target_host}:#{rport} Port:#{port} is closed: #{res.inspect}")
226 226
       return :closed
227 227
     end

+ 3
- 3
lib/msf/core/exploit/smb.rb View File

@@ -645,7 +645,7 @@ module Exploit::Remote::SMB
645 645
               buff << "   FP: #{line}\n"
646 646
             end
647 647
 
648
-            prov.split(/\x00\x00+/).each do |line|
648
+            prov.split(/\x00\x00+/n).each do |line|
649 649
               line.gsub!("\x00",'')
650 650
               line.strip!
651 651
               next if line.length < 6
@@ -755,8 +755,8 @@ module Exploit::Remote::SMBServer
755 755
       if (pkt_nbs.v['Type'] == 0x81)
756 756
         # Accept any name they happen to send
757 757
 
758
-        host_dst = UTILS.nbname_decode(pkt_nbs.v['Payload'][1,32]).gsub(/[\x00\x20]+$/, '')
759
-        host_src = UTILS.nbname_decode(pkt_nbs.v['Payload'][35,32]).gsub(/[\x00\x20]+$/, '')
758
+        host_dst = UTILS.nbname_decode(pkt_nbs.v['Payload'][1,32]).gsub(/[\x00\x20]+$/n, '')
759
+        host_src = UTILS.nbname_decode(pkt_nbs.v['Payload'][35,32]).gsub(/[\x00\x20]+$/n, '')
760 760
 
761 761
         smb[:nbdst] = host_dst
762 762
         smb[:nbsrc] = host_src

+ 3
- 3
lib/msf/core/payload.rb View File

@@ -336,9 +336,9 @@ class Payload < Msf::Module
336 336
           # Check to see if the value is a hex string.  If so, convert
337 337
           # it.
338 338
           if val.kind_of?(String)
339
-            if val =~ /^\\x/
340
-              val = [ val.gsub(/\\x/, '') ].pack("H*").unpack(pack)[0]
341
-            elsif val =~ /^0x/
339
+            if val =~ /^\\x/n
340
+              val = [ val.gsub(/\\x/n, '') ].pack("H*").unpack(pack)[0]
341
+            elsif val =~ /^0x/n
342 342
               val = val.hex
343 343
             end
344 344
           end

+ 1
- 1
lib/rbmysql.rb View File

@@ -280,7 +280,7 @@ class RbMysql
280 280
   # In Ruby 1.8, this is not safe for multibyte charset such as 'SJIS'.
281 281
   # You should use place-holder in prepared-statement.
282 282
   def escape_string(str)
283
-    str.gsub(/[\0\n\r\\\'\"\x1a]/) do |s|
283
+    str.gsub(/[\0\n\r\\\'\"\x1a]/n) do |s|
284 284
       case s
285 285
       when "\0" then "\\0"
286 286
       when "\n" then "\\n"

+ 1
- 1
lib/rbmysql/compat.rb View File

@@ -32,7 +32,7 @@ class RbMysql
32 32
     alias get_client_info client_info
33 33
 
34 34
     def escape_string(str)
35
-      str.gsub(/[\0\n\r\\\'\"\x1a]/) do |s|
35
+      str.gsub(/[\0\n\r\\\'\"\x1a]/n) do |s|
36 36
         case s
37 37
         when "\0" then "\\0"
38 38
         when "\n" then "\\n"

+ 2
- 2
lib/rbreadline.rb View File

@@ -5272,7 +5272,7 @@ module RbReadline
5272 5272
    # Actually update the display, period.
5273 5273
    def rl_forced_update_display()
5274 5274
       if (@visible_line)
5275
-         @visible_line.gsub!(/[^\x00]/,0.chr)
5275
+         @visible_line.gsub!(/[^\x00]/n,0.chr)
5276 5276
       end
5277 5277
       rl_on_new_line()
5278 5278
       @forced_display=true if !@forced_display
@@ -8520,7 +8520,7 @@ module RbReadline
8520 8520
          count -= 1
8521 8521
       end
8522 8522
 
8523
-      str = (flags == MB_FIND_NONZERO) ? string.sub(/\x00+$/,'') : string
8523
+      str = (flags == MB_FIND_NONZERO) ? string.sub(/\x00+$/n,'') : string
8524 8524
 
8525 8525
       case @encoding
8526 8526
       when 'E'

+ 1
- 1
lib/rex/parser/burp_session_nokogiri.rb View File

@@ -116,7 +116,7 @@ module Rex
116 116
       if query
117 117
         @state[:query] = "?#{query}" # Can be nil
118 118
       end
119
-      if path =~ /https?:[\x5c\x2f][\x5c\x2f]+[^\x5c\x2f][^\x5c\x2f]+([^?]+)/
119
+      if path =~ /https?:[\x5c\x2f][\x5c\x2f]+[^\x5c\x2f][^\x5c\x2f]+([^?]+)/n
120 120
         real_path = "/#{$1}"
121 121
       else
122 122
         real_path = path

+ 1
- 1
lib/rex/parser/mbsa_nokogiri.rb View File

@@ -176,7 +176,7 @@ module Rex
176 176
           :os_family => os_family,
177 177
           :os_version => os_version,
178 178
           :os_accuracy => 100,
179
-          :os_match => os_info.gsub(/\x2e$/,"")
179
+          :os_match => os_info.gsub(/\x2e$/n,"")
180 180
         }
181 181
       end
182 182
     end

+ 2
- 2
lib/rex/peparsey/pebase.rb View File

@@ -1627,8 +1627,8 @@ class PeBase
1627 1627
     if (rname & 0x80000000 != 0)
1628 1628
       rname &= ~0x80000000
1629 1629
       unistr = data[rname+2, 2 * data[rname,2].unpack('v')[0] ]
1630
-      unistr, trash = unistr.split(/\x00\x00/, 2)
1631
-      return unistr ? unistr.gsub(/\x00/, '') : nil
1630
+      unistr, trash = unistr.split(/\x00\x00/n, 2)
1631
+      return unistr ? unistr.gsub(/\x00/n, '') : nil
1632 1632
     end
1633 1633
 
1634 1634
     rname.to_s

+ 1
- 1
lib/rex/peparsey/section.rb View File

@@ -38,7 +38,7 @@ class Section
38 38
     return nil if !_section_header
39 39
 
40 40
     # FIXME make this better...
41
-    _section_header.v['Name'].gsub(/\x00+$/, '')
41
+    _section_header.v['Name'].gsub(/\x00+$/n, '')
42 42
   end
43 43
 
44 44
   def flags

+ 1
- 1
lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb View File

@@ -249,7 +249,7 @@ class Registry
249 249
     response = client.send_request(request)
250 250
     cls = response.get_tlv(TLV_TYPE_VALUE_DATA)
251 251
     return nil if not cls
252
-    data = cls.value.gsub(/\x00.*/, '')
252
+    data = cls.value.gsub(/\x00.*/n, '')
253 253
     return data
254 254
   end
255 255
 

+ 1
- 1
lib/rex/proto/drda/utils.rb View File

@@ -71,7 +71,7 @@ class Utils
71 71
     ddm.payload.each do |param|
72 72
       case param.codepoint
73 73
       when Constants::SECMEC
74
-        info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/
74
+        info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/n
75 75
       when Constants::SECCHKCD
76 76
         info_hash[:security_check_code] = param.payload.unpack("C").first
77 77
         # A little spurious? This is always nonzero when there's no SECCHKRM DDM.

+ 1
- 1
lib/rex/proto/http/client.rb View File

@@ -504,7 +504,7 @@ class Client
504 504
       return resp unless resp.code == 401 && resp.headers['WWW-Authenticate']
505 505
 
506 506
       # Get the challenge and craft the response
507
-      ntlm_challenge = resp.headers['WWW-Authenticate'].scan(/#{provider}([A-Z0-9\x2b\x2f=]+)/i).flatten[0]
507
+      ntlm_challenge = resp.headers['WWW-Authenticate'].scan(/#{provider}([A-Z0-9\x2b\x2f=]+)/ni).flatten[0]
508 508
       return resp unless ntlm_challenge
509 509
 
510 510
       ntlm_message_2 = Rex::Text::decode_base64(ntlm_challenge)

+ 6
- 6
lib/rex/proto/smb/client.rb View File

@@ -635,7 +635,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
635 635
 
636 636
     self.auth_user_id = ack['Payload']['SMB'].v['UserID']
637 637
 
638
-    info = ack['Payload'].v['Payload'].split(/\x00/)
638
+    info = ack['Payload'].v['Payload'].split(/\x00/n)
639 639
     self.peer_native_os = info[0]
640 640
     self.peer_native_lm = info[1]
641 641
     self.default_domain = info[2]
@@ -711,7 +711,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
711 711
 
712 712
     self.auth_user_id = ack['Payload']['SMB'].v['UserID']
713 713
 
714
-    info = ack['Payload'].v['Payload'].split(/\x00/)
714
+    info = ack['Payload'].v['Payload'].split(/\x00/n)
715 715
 
716 716
     self.peer_native_os = info[0]
717 717
     self.peer_native_lm = info[1]
@@ -760,7 +760,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
760 760
 
761 761
     self.auth_user_id = ack['Payload']['SMB'].v['UserID']
762 762
 
763
-    info = ack['Payload'].v['Payload'].split(/\x00/)
763
+    info = ack['Payload'].v['Payload'].split(/\x00/n)
764 764
 
765 765
     self.peer_native_os = info[0]
766 766
     self.peer_native_lm = info[1]
@@ -841,7 +841,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
841 841
     blob = data.slice!(0, ack['Payload'].v['SecurityBlobLen'])
842 842
 
843 843
     # Extract the native lanman and os strings
844
-    info = data.split(/\x00/)
844
+    info = data.split(/\x00/n)
845 845
     self.peer_native_os = info[0]
846 846
     self.peer_native_lm = info[1]
847 847
 
@@ -1019,7 +1019,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
1019 1019
     blob = data.slice!(0, ack['Payload'].v['SecurityBlobLen'])
1020 1020
 
1021 1021
     # Extract the native lanman and os strings
1022
-    info = data.split(/\x00/)
1022
+    info = data.split(/\x00/n)
1023 1023
     self.peer_native_os = info[0]
1024 1024
     self.peer_native_lm = info[1]
1025 1025
 
@@ -1881,7 +1881,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
1881 1881
             'C'+	# Short File Name Length
1882 1882
             'C' 	# Reserved
1883 1883
           )
1884
-          name = resp_data[didx + 70 + 24, info[15]].sub(/\x00+$/, '')
1884
+          name = resp_data[didx + 70 + 24, info[15]].sub(/\x00+$/n, '')
1885 1885
           files[name] =
1886 1886
           {
1887 1887
             'type' => ((info[14] & 0x10)==0x10) ? 'D' : 'F',

+ 4
- 4
lib/rex/text.rb View File

@@ -875,7 +875,7 @@ module Text
875 875
   #
876 876
   def self.ascii_safe_hex(str, whitespace=false)
877 877
     if whitespace
878
-      str.gsub(/([\x00-\x20\x80-\xFF])/){ |x| "\\x%.2x" % x.unpack("C*")[0] }
878
+      str.gsub(/([\x00-\x20\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0] }
879 879
     else
880 880
       str.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0]}
881 881
     end
@@ -1076,7 +1076,7 @@ module Text
1076 1076
   def self.dehex(str)
1077 1077
     return str unless str.respond_to? :match
1078 1078
     return str unless str.respond_to? :gsub
1079
-    regex = /\x5cx[0-9a-f]{2}/mi
1079
+    regex = /\x5cx[0-9a-f]{2}/nmi
1080 1080
     if str.match(regex)
1081 1081
       str.gsub(regex) { |x| x[2,2].to_i(16).chr }
1082 1082
     else
@@ -1091,7 +1091,7 @@ module Text
1091 1091
   def self.dehex!(str)
1092 1092
     return str unless str.respond_to? :match
1093 1093
     return str unless str.respond_to? :gsub
1094
-    regex = /\x5cx[0-9a-f]{2}/mi
1094
+    regex = /\x5cx[0-9a-f]{2}/nmi
1095 1095
     str.gsub!(regex) { |x| x[2,2].to_i(16).chr }
1096 1096
   end
1097 1097
 
@@ -1563,7 +1563,7 @@ module Text
1563 1563
   end
1564 1564
 
1565 1565
   def self.unicode_filter_decode(str)
1566
-    str.to_s.gsub( /\$U\$([\x20-\x2c\x2e-\x7E]*)\-0x([A-Fa-f0-9]+)/ ){|m| [$2].pack("H*") }
1566
+    str.to_s.gsub( /\$U\$([\x20-\x2c\x2e-\x7E]*)\-0x([A-Fa-f0-9]+)/n ){|m| [$2].pack("H*") }
1567 1567
   end
1568 1568
 
1569 1569
 protected

+ 2
- 2
lib/rex/ui/text/input/socket.rb View File

@@ -62,12 +62,12 @@ class Input::Socket < Rex::Ui::Text::Input
62 62
 
63 63
       # Handle telnet sequences
64 64
       case line
65
-        when /\xff\xf4\xff\xfd\x06/
65
+        when /\xff\xf4\xff\xfd\x06/n
66 66
           @sock.write("[*] Caught ^C, closing the socket...\n")
67 67
           @sock.close
68 68
           return
69 69
 
70
-        when /\xff\xed\xff\xfd\x06/
70
+        when /\xff\xed\xff\xfd\x06/n
71 71
           @sock.write("[*] Caught ^Z\n")
72 72
           return
73 73
       end

+ 1
- 1
lib/rkelly/visitors/evaluation_visitor.rb View File

@@ -316,7 +316,7 @@ module RKelly
316 316
           when Numeric
317 317
             object.value
318 318
           when ::String
319
-            s = object.value.gsub(/(\A[\s\xB\xA0]*|[\s\xB\xA0]*\Z)/, '')
319
+            s = object.value.gsub(/(\A[\s\xB\xA0]*|[\s\xB\xA0]*\Z)/n, '')
320 320
             if s.length == 0
321 321
               0
322 322
             else

Loading…
Cancel
Save