Merge pull request rapid7#2271 from bturner-r7/bug/db-leaks

Land rapid7#2271, Fix database connection leaks

Author: lsanchez-r7

lib/msf/core/db.rb

@@ -1512,6 +1512,7 @@ def report_auth_info(opts={})
 			raise ArgumentError.new("Invalid address or object for :host (#{opts[:host].inspect})")
 		end
 
+	::ActiveRecord::Base.connection_pool.with_connection {
 		host = opts.delete(:host)
 		ptype = opts.delete(:type) || "password"
 		token = [opts.delete(:user), opts.delete(:pass)]
@@ -1623,6 +1624,7 @@ def report_auth_info(opts={})
     end
 
 		ret[:cred] = cred
+	}
 	end
 
 	alias :report_cred :report_auth_info
@@ -1922,8 +1924,10 @@ def report_vuln_details(vuln, details)
 	# Note that this *can* update data across workspaces
 	#
 	def update_vuln_details(details)
+	::ActiveRecord::Base.connection_pool.with_connection {
 		criteria = details.delete(:key) || {}
 		::Mdm::VulnDetail.update(key, details)
+	}
 	end
 
 	#

lib/msf/core/session_manager.rb

@@ -107,13 +107,17 @@ def initialize(framework)
 					# processing time for large session lists from skewing our update interval.
 
 					last_seen_timer = Time.now.utc
-					values.each do |s|
-						# Update the database entry on a regular basis, marking alive threads
-						# as recently seen.  This notifies other framework instances that this
-						# session is being maintained.
-						if framework.db.active and s.db_record
-							s.db_record.last_seen = Time.now.utc
-							s.db_record.save
+					if framework.db.active
+						::ActiveRecord::Base.connection_pool.with_connection do
+							values.each do |s|
+								# Update the database entry on a regular basis, marking alive threads
+								# as recently seen.  This notifies other framework instances that this
+								# session is being maintained.
+								if s.db_record
+									s.db_record.last_seen = Time.now.utc
+									s.db_record.save
+								end
+							end
 						end
 					end
 				end