fix: default is_weak_key is nil; handling of empty key_dec_data

dledda-r7 · dledda-r7 · commit 8a432fb292a3 · 2024-06-21T04:00:02.000-04:00
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
@@ -758,6 +758,7 @@ def valid_transport?(transport)
   #
   def negotiate_tlv_encryption(timeout: client.comm_timeout)
     sym_key = nil
+    is_weak_key = nil
     rsa_key = OpenSSL::PKey::RSA.new(2048)
     rsa_pub_key = rsa_key.public_key
 
@@ -769,10 +770,13 @@ def negotiate_tlv_encryption(timeout: client.comm_timeout)
       key_enc = response.get_tlv_value(TLV_TYPE_ENC_SYM_KEY)
       key_type = response.get_tlv_value(TLV_TYPE_SYM_KEY_TYPE)
       key_length = { Packet::ENC_FLAG_AES128 => 16, Packet::ENC_FLAG_AES256 => 32 }[key_type]
-      is_weak_key = false
       if key_enc
         key_dec_data = rsa_key.private_decrypt(key_enc, OpenSSL::PKey::RSA::PKCS1_PADDING)
+        if !key_dec_data
+          raise Rex::Post::Meterpreter::RequestError
+        end
         sym_key = key_dec_data[0..key_length - 1]
+        is_weak_key = false
         if key_dec_data.length > key_length
           key_dec_data = key_dec_data[key_length...]
           if key_dec_data.length > 0
