Skip to content

Commit b48aa8f

Browse files
joevennixjoevennix
committed
Merge pull request #13 from wvu-r7/pr/3691
Add verify_checksum and use it
2 parents 671c7f1 + 5c1d958 commit b48aa8f

File tree

1 file changed

+16
-2
lines changed

1 file changed

+16
-2
lines changed

lib/msf/core/exploit/gdb.rb

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,9 @@ class BadAckError < RuntimeError; end
2121
# thrown when a response is incorrect
2222
class BadResponseError < RuntimeError; end
2323

24+
# thrown when a checksum is invalid
25+
class BadChecksumError < RuntimeError; end
26+
2427
# Default list of supported GDB features to send the to the target
2528
GDB_FEATURES = 'qSupported:multiprocess+;qRelocInsn+;qvCont+;'
2629

@@ -58,12 +61,15 @@ def send_cmd(cmd)
5861
# Reads (and possibly decodes) from the socket and sends an ACK to verify receipt
5962
# @param opts [Hash] the options hash
6063
# @option opts :decode [Boolean] rle decoding should be applied to the response
64+
# @option opts :verify [Boolean] verify the response's checksum
6165
# @return [String] the response
6266
# @raise [BadResponseError] if the expected response is missing
67+
# @raise [BadChecksumError] if the checksum is invalid
6368
def read_response(opts={})
64-
decode = opts.fetch(:decode, false)
69+
decode, verify = opts.fetch(:decode, false), opts.fetch(:verify, true)
6570
res = sock.get_once
6671
raise BadResponseError if res.nil?
72+
raise BadChecksumError if (verify && !verify_checksum(res))
6773
res = decode_rle(res) if decode
6874
vprint_status('Result: '+res)
6975
send_ack
@@ -86,12 +92,20 @@ def decode_rle(msg)
8692

8793
# The two-digit checksum is computed as the modulo 256 sum of all characters
8894
# between the leading ‘$’ and the trailing ‘#’ (an eight bit unsigned checksum).
89-
# @param [String] str the string to calculate the checksum of
95+
# @param str [String] the string to calculate the checksum of
9096
# @return [String] hex string containing checksum
9197
def checksum(str)
9298
"%02x" % str.bytes.inject(0) { |b, sum| (sum+b)%256 }
9399
end
94100

101+
# Verifies a response's checksum
102+
# @param res [String] the response to check
103+
# @return [Boolean] whether the checksum is valid
104+
def verify_checksum(res)
105+
msg, chksum = res.match(/^\$(.*)#(\h{2})$/)[1..2]
106+
checksum(msg) == chksum
107+
end
108+
95109
# Writes the buffer +buf+ to the address +addr+ in the remote process's memory
96110
# @param buf [String] the buffer to write
97111
# @param addr [String] the hex-encoded address to write to

0 commit comments

Comments
 (0)