Browse Source

Resolve #4507 - respond_to? + send = evil

Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.

Resolve #4507
sinn3r 4 years ago
parent
commit
d45cdd61aa

+ 4
- 4
lib/msf/core/event_dispatcher.rb View File

@@ -179,23 +179,23 @@ class EventDispatcher
179 179
       if respond_to?(subscribers, true)
180 180
         found = true
181 181
         self.send(subscribers).each do |sub|
182
-          next if not sub.respond_to?(name)
182
+          next if not sub.respond_to?(name, true)
183 183
           sub.send(name, *args)
184 184
         end
185 185
       else
186 186
         (general_event_subscribers + custom_event_subscribers).each do |sub|
187
-          next if not sub.respond_to?(name)
187
+          next if not sub.respond_to?(name, true)
188 188
           sub.send(name, *args)
189 189
           found = true
190 190
         end
191 191
       end
192 192
     when "add"
193
-      if respond_to?(subscribers)
193
+      if respond_to?(subscribers, true)
194 194
         found = true
195 195
         add_event_subscriber(self.send(subscribers), *args)
196 196
       end
197 197
     when "remove"
198
-      if respond_to?(subscribers)
198
+      if respond_to?(subscribers, true)
199 199
         found = true
200 200
         remove_event_subscriber(self.send(subscribers), *args)
201 201
       end

+ 1
- 1
lib/msf/core/exploit/ftpserver.rb View File

@@ -78,7 +78,7 @@ module Exploit::Remote::FtpServer
78 78
     return if not cmd
79 79
 
80 80
     # Allow per-command overrides
81
-    if(self.respond_to?("on_client_command_#{cmd.downcase}"))
81
+    if self.respond_to?("on_client_command_#{cmd.downcase}", true)
82 82
       return self.send("on_client_command_#{cmd.downcase}", c, arg)
83 83
     end
84 84
 

+ 1
- 1
lib/msf/core/post/osx/ruby_dl.rb View File

@@ -32,7 +32,7 @@ module RubyDL
32 32
         def method_missing(meth, *args, &block)
33 33
           str = meth.to_s
34 34
           lower = str[0,1].downcase + str[1..-1]
35
-          if self.respond_to? lower
35
+          if self.respond_to?(lower, true)
36 36
             self.send lower, *args
37 37
           else
38 38
             super

+ 1
- 1
lib/msf/ui/console/command_dispatcher/auxiliary.rb View File

@@ -39,7 +39,7 @@ class Auxiliary
39 39
   # Allow modules to define their own commands
40 40
   #
41 41
   def method_missing(meth, *args)
42
-    if (mod and mod.respond_to?(meth.to_s))
42
+    if (mod and mod.respond_to?(meth.to_s, true) )
43 43
 
44 44
       # Initialize user interaction
45 45
       mod.init_ui(driver.input, driver.output)

+ 5
- 5
lib/msf/ui/console/command_dispatcher/db.rb View File

@@ -1088,13 +1088,13 @@ class Db
1088 1088
             end
1089 1089
           elsif term == "output"
1090 1090
             orderlist << make_sortable(note.data["output"])
1091
-          elsif note.respond_to?(term)
1091
+          elsif note.respond_to?(term, true)
1092 1092
             orderlist << make_sortable(note.send(term))
1093
-          elsif note.respond_to?(term.to_sym)
1093
+          elsif note.respond_to?(term.to_sym, true)
1094 1094
             orderlist << make_sortable(note.send(term.to_sym))
1095
-          elsif note.respond_to?("data") && note.send("data").respond_to?(term)
1095
+          elsif note.respond_to?("data", true) && note.send("data").respond_to?(term, true)
1096 1096
             orderlist << make_sortable(note.send("data").send(term))
1097
-          elsif note.respond_to?("data") && note.send("data").respond_to?(term.to_sym)
1097
+          elsif note.respond_to?("data", true) && note.send("data").respond_to?(term.to_sym, true)
1098 1098
             orderlist << make_sortable(note.send("data").send(term.to_sym))
1099 1099
           else
1100 1100
             orderlist << ""
@@ -1682,7 +1682,7 @@ class Db
1682 1682
       end
1683 1683
     end
1684 1684
     meth = "db_connect_#{framework.db.driver}"
1685
-    if(self.respond_to?(meth))
1685
+    if(self.respond_to?(meth, true))
1686 1686
       self.send(meth, *args)
1687 1687
       if framework.db.active and not framework.db.modules_cached
1688 1688
         print_status("Rebuilding the module cache in the background...")

+ 1
- 1
lib/rabal/tree.rb View File

@@ -173,7 +173,7 @@ class Tree
173 173
   # Tree that responds to the call.
174 174
   #
175 175
   def method_missing(method_id,*params,&block)
176
-    if not parameters.nil? and parameters.respond_to?(method_id) then
176
+    if not parameters.nil? and parameters.respond_to?(method_id, true) then
177 177
       return parameters.send(method_id, *params, &block)
178 178
     elsif not is_root? then
179 179
       @parent.send method_id, *params, &block

+ 1
- 1
lib/rex/parser/foundstone_nokogiri.rb View File

@@ -293,7 +293,7 @@ module Rex
293 293
     # XXX: Actually implement more of these
294 294
     def process_service(service,banner)
295 295
       meth = "process_service_#{service.gsub("-","_")}"
296
-      if self.respond_to? meth
296
+      if self.respond_to?(meth, true)
297 297
         self.send meth, banner
298 298
       else
299 299
         return (first_line banner)

+ 3
- 3
lib/rex/payloads/win32/kernel.rb View File

@@ -24,7 +24,7 @@ module Kernel
24 24
     payload = nil
25 25
 
26 26
     # Generate the recovery stub
27
-    if opts['Recovery'] and Kernel::Recovery.respond_to?(opts['Recovery'])
27
+    if opts['Recovery'] and Kernel::Recovery.respond_to?(opts['Recovery'], true)
28 28
       opts['RecoveryStub'] = Kernel::Recovery.send(opts['Recovery'], opts)
29 29
     end
30 30
 
@@ -35,10 +35,10 @@ module Kernel
35 35
     end
36 36
 
37 37
     # Generate the stager
38
-    if opts['Stager'] and Kernel::Stager.respond_to?(opts['Stager'])
38
+    if opts['Stager'] and Kernel::Stager.respond_to?(opts['Stager'], true)
39 39
       payload = Kernel::Stager.send(opts['Stager'], opts)
40 40
     # Or, generate the migrator
41
-    elsif opts['Migrator'] and Kernel::Migration.respond_to?(opts['Migrator'])
41
+    elsif opts['Migrator'] and Kernel::Migration.respond_to?(opts['Migrator'], true)
42 42
       payload = Kernel::Migration.send(opts['Migrator'], opts)
43 43
     else
44 44
       raise ArgumentError, "A stager or a migrator must be specified."

+ 4
- 4
lib/rex/ui/text/dispatcher_shell.rb View File

@@ -105,7 +105,7 @@ module DispatcherShell
105 105
       print_error "The #{cmd} command is DEPRECATED"
106 106
       if cmd == "db_autopwn"
107 107
         print_error "See http://r-7.co/xY65Zr instead"
108
-      elsif method and self.respond_to?("cmd_#{method}")
108
+      elsif method and self.respond_to?("cmd_#{method}", true)
109 109
         print_error "Use #{method} instead"
110 110
         self.send("cmd_#{method}", *args)
111 111
       end
@@ -116,7 +116,7 @@ module DispatcherShell
116 116
       print_error "The #{cmd} command is DEPRECATED"
117 117
       if cmd == "db_autopwn"
118 118
         print_error "See http://r-7.co/xY65Zr instead"
119
-      elsif method and self.respond_to?("cmd_#{method}_help")
119
+      elsif method and self.respond_to?("cmd_#{method}_help", true)
120 120
         print_error "Use 'help #{method}' instead"
121 121
         self.send("cmd_#{method}_help")
122 122
       end
@@ -150,9 +150,9 @@ module DispatcherShell
150 150
           next if (dispatcher.commands.nil?)
151 151
           next if (dispatcher.commands.length == 0)
152 152
 
153
-          if dispatcher.respond_to?("cmd_#{cmd}")
153
+          if dispatcher.respond_to?("cmd_#{cmd}", true)
154 154
             cmd_found = true
155
-            break unless dispatcher.respond_to? "cmd_#{cmd}_help"
155
+            break unless dispatcher.respond_to?("cmd_#{cmd}_help", true)
156 156
             dispatcher.send("cmd_#{cmd}_help")
157 157
             help_found = true
158 158
             break

+ 1
- 1
modules/exploits/linux/misc/hikvision_rtsp_bof.rb View File

@@ -79,7 +79,7 @@ class Metasploit4 < Msf::Exploit::Remote
79 79
   end
80 80
 
81 81
   def exploit
82
-    unless self.respond_to?(target[:callback])
82
+    unless self.respond_to?(target[:callback], true)
83 83
       fail_with(Failure::NoTarget, "Invalid target specified: no callback function defined")
84 84
     end
85 85
 

+ 1
- 1
modules/exploits/windows/misc/bigant_server_sch_dupf_bof.rb View File

@@ -113,7 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
113 113
     sploit << [target.ret].pack("V")
114 114
     sploit << [target['FakeObject']].pack("V")
115 115
     sploit << [target['FakeObject']].pack("V")
116
-    if target[:callback_rop] and self.respond_to?(target[:callback_rop])
116
+    if target[:callback_rop] and self.respond_to?(target[:callback_rop], true)
117 117
       sploit << self.send(target[:callback_rop])
118 118
     else
119 119
       sploit << [target['JmpESP']].pack("V")

+ 1
- 1
modules/post/osx/capture/keylog_recorder.rb View File

@@ -178,7 +178,7 @@ child_pid = fork do
178 178
         def method_missing(meth, *args, &block)
179 179
           str = meth.to_s
180 180
           lower = str[0,1].downcase + str[1..-1]
181
-          if self.respond_to? lower
181
+          if self.respond_to? lower, true
182 182
             self.send lower, *args
183 183
           else
184 184
             super

+ 2
- 2
plugins/wiki.rb View File

@@ -140,9 +140,9 @@ class Plugin::Wiki < Msf::Plugin
140 140
       outputs = []
141 141
 
142 142
       # Output the table
143
-      if respond_to? "#{command}_to_table"
143
+      if respond_to? "#{command}_to_table", true
144 144
         table = send "#{command}_to_table", tbl_opts
145
-        if table.respond_to? "to_#{wiki_type}"
145
+        if table.respond_to? "to_#{wiki_type}", true
146 146
           if tbl_opts[:file_name]
147 147
             print_status("Wrote the #{command} table to a file as a #{wiki_type} formatted table")
148 148
             File.open(tbl_opts[:file_name],"wb") {|f|

Loading…
Cancel
Save