Land rapid7#7770, Improve TCP channel handling

Author: acammack-r7

lib/rex/post/meterpreter/channel.rb

@@ -57,22 +57,22 @@ def request_handler(client, packet)
       cid = packet.get_tlv_value(TLV_TYPE_CHANNEL_ID)
 
       # No channel identifier, then drop it
-      if (cid == nil)
+      if cid.nil?
         return false
       end
 
       channel = client.find_channel(cid)
 
       # No valid channel context? The channel may not be registered yet
-      if (channel == nil)
+      if channel.nil?
         return false
       end
 
 
       dio = channel.dio_map(packet.method)
 
       # Supported DIO request? Dump it.
-      if (dio == nil)
+      if dio.nil?
         return true
       end
 
@@ -98,12 +98,12 @@ def Channel.create(client, type = nil, klass = nil,
     request = Packet.create_request('core_channel_open')
 
     # Set the type of channel that we're allocating
-    if (type != nil)
+    if !type.nil?
       request.add_tlv(TLV_TYPE_CHANNEL_TYPE, type)
     end
 
     # If no factory class was provided, use the default native class
-    if (klass == nil)
+    if klass.nil?
       klass = self
     end
 
@@ -112,15 +112,20 @@ def Channel.create(client, type = nil, klass = nil,
     request.add_tlvs(addends);
 
     # Transmit the request and wait for the response
-    response = client.send_request(request)
-    cid      = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
-
-    return nil unless cid
-
-    # Create the channel instance
-    channel  = klass.new(client, cid, type, flags)
+    cid = nil
+    begin
+      response = client.send_request(request)
+      cid = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
+    rescue RequestError
+      # Handle channel open failure exceptions
+    end
 
-    return channel
+    if cid
+      # Create the channel instance
+      klass.new(client, cid, type, flags)
+    else
+      raise Rex::ConnectionRefused
+    end
   end
 
   ##
@@ -169,13 +174,13 @@ def read(length = nil, addends = nil)
   # Reads data from the remote half of the channel.
   #
   def _read(length = nil, addends = nil)
-    if (self.cid == nil)
+    if self.cid.nil?
       raise IOError, "Channel has been closed.", caller
     end
 
     request = Packet.create_request('core_channel_read')
 
-    if (length == nil)
+    if length.nil?
       # Default block size to a higher amount for passive dispatcher
       length = self.client.passive_service ? (1024*1024) : 65536
     end
@@ -217,7 +222,7 @@ def write(buf, length = nil, addends = nil)
   #
   def _write(buf, length = nil, addends = nil)
 
-    if (self.cid == nil)
+    if self.cid.nil?
       raise IOError, "Channel has been closed.", caller
     end
 
@@ -245,7 +250,7 @@ def _write(buf, length = nil, addends = nil)
     response = self.client.send_request(request)
     written  = response.get_tlv(TLV_TYPE_LENGTH)
 
-    return (written == nil) ? 0 : written.value
+    written.nil? ? 0 : written.value
   end
 
   #
@@ -273,7 +278,7 @@ def close_read
   # Closes the channel.
   #
   def self._close(client, cid, addends=nil)
-    if (cid == nil)
+    if cid.nil?
       raise IOError, "Channel has been closed.", caller
     end
 
@@ -302,7 +307,7 @@ def _close(addends = nil)
   # Enables or disables interactive mode.
   #
   def interactive(tf = true, addends = nil)
-    if (self.cid == nil)
+    if self.cid.nil?
       raise IOError, "Channel has been closed.", caller
     end
 

lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb

@@ -56,7 +56,9 @@ def TcpClientChannel.open(client, params)
           'value' => params.retries
         }
       ])
-    c.params = params
+    if c
+      c.params = params
+    end
     c
   end
 

modules/auxiliary/scanner/portscan/tcp.rb

@@ -80,8 +80,10 @@ def run_host(ip)
                 'ConnectTimeout' => (timeout / 1000.0)
               }
             )
-            print_status("#{ip}:#{port} - TCP OPEN")
-            r << [ip,port,"open"]
+            if s
+              print_status("#{ip}:#{port} - TCP OPEN")
+              r << [ip,port,"open"]
+            end
           rescue ::Rex::ConnectionRefused
             vprint_status("#{ip}:#{port} - TCP closed")
             r << [ip,port,"closed"]
@@ -92,7 +94,9 @@ def run_host(ip)
           rescue ::Exception => e
             print_error("#{ip}:#{port} exception #{e.class} #{e} #{e.backtrace}")
           ensure
-            disconnect(s) rescue nil
+            if s
+              disconnect(s) rescue nil
+            end
           end
         end
       end