Sanity check file: arguments for size and move into msfconsole

Author: HD Moore

lib/msf/core/option_container.rb

@@ -191,14 +191,6 @@ def type
   end
 
   def normalize(value)
-    if (value =~ /^file:(.*)/)
-      path = $1
-      begin
-        value = File.read(path)
-      rescue ::Errno::ENOENT, ::Errno::EISDIR
-        value = nil
-      end
-    end
     value
   end
 
@@ -220,14 +212,6 @@ def type
   end
 
   def normalize(value)
-    if (value =~ /^file:(.*)/)
-      path = $1
-      begin
-        value = File.read(path)
-      rescue ::Errno::ENOENT, ::Errno::EISDIR
-        value = nil
-      end
-    end
     value
   end
 
@@ -394,11 +378,7 @@ def type
 
   def normalize(value)
     return nil unless value.kind_of?(String)
-    if (value =~ /^file:(.*)/)
-      path = $1
-      return false if not File.exists?(path) or File.directory?(path)
-      return File.readlines(path).map{ |s| s.strip}.join(" ")
-    elsif (value =~ /^rand:(.*)/)
+    if (value =~ /^rand:(.*)/)
       count = $1.to_i
       return false if count < 1
       ret = ''

lib/msf/ui/console/command_dispatcher/core.rb

@@ -806,7 +806,7 @@ def cmd_rename_job(*args)
     end
 
     # This is not respecting the Protected access control, but this seems to be the only way
-    # to rename a job. If you know a more appropriate way, patches accepted. 
+    # to rename a job. If you know a more appropriate way, patches accepted.
     framework.jobs[job_id].send(:name=, job_name)
     print_status("Job #{job_id} updated")
 
@@ -2068,6 +2068,16 @@ def cmd_set(*args)
       return true
     end
 
+    # If the value starts with file: and exists, load the file as the value
+    if value =~ /^file:(.*)/ && ::File.file?($1)
+      fname = $1
+      if ::File.size(fname) > (1024*1024)
+        print_error("The file name specified is too big (over 1Mb)")
+      else
+        ::File.open(fname, "rb") {|fd| value = fd.read(fd.stat.size) }
+      end
+    end
+
     if append
       datastore[name] = datastore[name] + value
     else