-
Notifications
You must be signed in to change notification settings - Fork 31
Open
Description
The logging methods used by rex-socket are defined globally by the Metasploit Framework. Because the elog function and LEV_3 constant is not defined within rex-socket it will crash when used outside of Metasploit.
There are at least 4 instances:
lib/rex/socket/parameters.rb:140: elog("Failed to read cert: #{e.class}: #{e}", LogSource)
lib/rex/socket/parameters.rb:148: elog("Failed to read client cert: #{e.class}: #{e}", LogSource)
lib/rex/socket/parameters.rb:156: elog("Failed to read client key: #{e.class}: #{e}", LogSource)
lib/rex/socket.rb:750: elog("#{e.message} (#{e.class})#{e.backtrace * "\n"}\n", LogSource, LEV_3)
The issue can be confirmed by triggering an error log. In the following scenario, the user creates a new Rex::Socket::Parameters instance and specifies an SSLCert file that exists, but can not be read. This assumes you're not running as root of course.
[1] pry(main)> require 'rex/socket'
=> true
[2] pry(main)> Rex::Socket::Parameters.new('SSLCert' => '/etc/shadow')
NameError: uninitialized constant Rex::Socket::Parameters::LogSource
Did you mean? Rex::Socket::LogSource
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:140:in `rescue in initialize'
Caused by Errno::EACCES: Permission denied @ rb_sysopen - /etc/shadow
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:138:in `read'
[3] pry(main)>
Fixing the LogSource reference:
diff --git a/lib/rex/socket/parameters.rb b/lib/rex/socket/parameters.rb
index bb78631..e7e5509 100644
--- a/lib/rex/socket/parameters.rb
+++ b/lib/rex/socket/parameters.rb
@@ -137,7 +137,7 @@ class Rex::Socket::Parameters
begin
self.ssl_cert = ::File.read(hash['SSLCert'])
rescue ::Exception => e
- elog("Failed to read cert: #{e.class}: #{e}", LogSource)
+ elog("Failed to read cert: #{e.class}: #{e}", Rex::Socket::LogSource)
end
end
[1] pry(main)> require 'rex/socket'
=> true
[2] pry(main)> Rex::Socket::Parameters.new('SSLCert' => '/etc/shadow')
NoMethodError: undefined method `elog' for #<Rex::Socket::Parameters:0x00000000013d15c0 @ssl_version=nil>
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:140:in `rescue in initialize'
Caused by Errno::EACCES: Permission denied @ rb_sysopen - /etc/shadow
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:138:in `read'
[3] pry(main)>
Since this gem isn't dependant on Metasploit, the logging should function independently of it.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels