Land rapid7#9563: improve memory usage on meterpreter file upload

Author: busterb

lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb

@@ -275,17 +275,24 @@ def File.upload_file(dest_file, src_file, &stat)
     # Open the file on the remote side for writing and read
     # all of the contents of the local file
     stat.call('uploading', src_file, dest_file) if (stat)
-    dest_fd = client.fs.file.new(dest_file, "wb")
-    src_buf = ''
-
-    ::File.open(src_file, 'rb') { |f|
-      src_buf = f.read(f.stat.size)
-    }
+    dest_fd = nil
+    src_fd = nil
+    buf_size = 8 * 1024 * 1024
 
     begin
-      dest_fd.write(src_buf)
+      dest_fd = client.fs.file.new(dest_file, "wb")
+      src_fd = ::File.open(src_file, "rb")
+      src_size = src_fd.stat.size
+      while (buf = src_fd.read(buf_size))
+        dest_fd.write(buf)
+        percent = dest_fd.pos.to_f / src_size.to_f * 100.0
+        msg = "Uploaded #{Filesize.new(dest_fd.pos).pretty} of " \
+          "#{Filesize.new(src_size).pretty} (#{percent.round(2)}%)"
+        stat.call(msg, src_file, dest_file)
+      end
     ensure
-      dest_fd.close
+      src_fd.close unless src_fd.nil?
+      dest_fd.close unless dest_fd.nil?
     end
     stat.call('uploaded', src_file, dest_file) if (stat)
   end

lib/rex/post/meterpreter/packet.rb

@@ -874,9 +874,12 @@ def from_r(key=nil)
   # Xor a set of bytes with a given XOR key.
   #
   def xor_bytes(xor_key, bytes)
+    xor_key = xor_key.bytes
     result = ''
-    bytes.bytes.zip(xor_key.bytes.cycle).each do |b|
-      result << (b[0].ord ^ b[1].ord).chr
+    i = 0
+    bytes.each_byte do |b|
+      result << (b ^ xor_key[i % xor_key.length]).chr
+      i += 1
     end
     result
   end