Land rapid7#9134, fix buggy handling of partial ingress packet data

bwatters-r7 · bwatters-r7 · commit c2a979dd3cc3 · 2017-11-01T20:06:23.000-05:00
diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb
@@ -147,9 +147,9 @@ def bootstrap(datastore = {}, handler = nil)
         guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
         session.core.set_session_guid(guid)
         session.session_guid = guid
-        # TODO: New statgeless session, do some account in the DB so we can track it later.
+        # TODO: New stageless session, do some account in the DB so we can track it later.
       else
-        # TODO: This session was either staged or previously known, and so we shold do some accounting here!
+        # TODO: This session was either staged or previously known, and so we should do some accounting here!
       end
 
       unless datastore['AutoLoadStdapi'] == false
diff --git a/lib/rex/post/meterpreter/packet_parser.rb b/lib/rex/post/meterpreter/packet_parser.rb
@@ -27,27 +27,28 @@ def reset
   end
 
   #
-  # Reads data from the wire and parse as much of the packet as possible.
+  # Reads data from the socket and parses as much of the packet as possible.
   #
   def recv(sock)
-    bytes_left = self.packet.raw_bytes_required
-
-    if bytes_left > 0
-      raw = sock.read(bytes_left)
-      if raw
+    raw = nil
+    if self.packet.raw_bytes_required > 0
+      while (raw = sock.read(self.packet.raw_bytes_required))
         self.packet.add_raw(raw)
-      else
-        raise EOFError
+        break if self.packet.raw_bytes_required == 0
       end
     end
 
-    if self.packet.raw_bytes_required == 0
-      packet = self.packet
-      reset
-      return packet
+    if self.packet.raw_bytes_required > 0
+      if raw == nil
+        raise EOFError
+      else
+        return nil
+      end
     end
 
-    nil
+    packet = self.packet
+    reset
+    packet
   end
 
 protected
