Skip to content

Commit c6fc5ad

Browse files
committed
Land rapid7#19114, Better enforce types to prevent nil values from causing stack traces
Merge branch 'land-19114' into upstream-master
2 parents 672d3ee + 5675c59 commit c6fc5ad

File tree

3 files changed

+8
-11
lines changed

3 files changed

+8
-11
lines changed

lib/metasploit/framework/ldap/client.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,8 +82,8 @@ def ldap_auth_opts_kerberos(opts)
8282
def ldap_auth_opts_ntlm(opts)
8383
auth_opts = {}
8484
ntlm_client = RubySMB::NTLM::Client.new(
85-
opts[:username],
86-
opts[:password],
85+
(opts[:username].nil? ? '' : opts[:username]),
86+
(opts[:password].nil? ? '' : opts[:password]),
8787
workstation: 'WORKSTATION',
8888
domain: opts[:domain].blank? ? '.' : opts[:domain],
8989
flags:

lib/msf/core/exploit/remote/ms_icpr.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -390,7 +390,7 @@ def get_cert_msext_sid(cert)
390390
# @param [OpenSSL::X509::Certificate] cert
391391
# @return [Array<String>] The UPNs if any were found.
392392
def get_cert_msext_upn(cert)
393-
return unless (san = get_cert_san(cert))
393+
return [] unless (san = get_cert_san(cert))
394394

395395
san[:GeneralNames].value.select do |gn|
396396
gn[:otherName][:type_id]&.value == OID_NT_PRINCIPAL_NAME
@@ -415,7 +415,7 @@ def get_cert_san(cert)
415415
# @param [OpenSSL::X509::Certificate] cert
416416
# @return [Array<String>] The DNS names if any were found.
417417
def get_cert_san_dns(cert)
418-
return unless (san = get_cert_san(cert))
418+
return [] unless (san = get_cert_san(cert))
419419

420420
san[:GeneralNames].value.select do |gn|
421421
gn[:dNSName].value?
@@ -430,7 +430,7 @@ def get_cert_san_dns(cert)
430430
# @param [OpenSSL::X509::Certificate] cert
431431
# @return [Array<String>] The E-mail addresses if any were found.
432432
def get_cert_san_email(cert)
433-
return unless (san = get_cert_san(cert))
433+
return [] unless (san = get_cert_san(cert))
434434

435435
san[:GeneralNames].value.select do |gn|
436436
gn[:rfc822Name].value?

modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -140,9 +140,6 @@ def query_ldap_server(raw_filter, attributes, base_prefix: nil)
140140
returned_entries = @ldap.search(base: full_base_dn, filter: filter, attributes: attributes, controls: controls)
141141
query_result_table = @ldap.get_operation_result.table
142142
validate_query_result!(query_result_table, filter)
143-
144-
return nil if returned_entries.empty?
145-
146143
returned_entries
147144
end
148145

@@ -184,8 +181,8 @@ def convert_sids_to_human_readable_name(sids_array)
184181
attributes = ['sAMAccountName', 'name']
185182
base_prefix = 'CN=Configuration'
186183
sid_entry = query_ldap_server(raw_filter, attributes, base_prefix: base_prefix) # First try with prefix to find entries that may be group specific.
187-
sid_entry = query_ldap_server(raw_filter, attributes) if sid_entry.blank? # Retry without prefix if blank.
188-
if sid_entry.blank?
184+
sid_entry = query_ldap_server(raw_filter, attributes) if sid_entry.empty? # Retry without prefix if blank.
185+
if sid_entry.empty?
189186
print_warning("Could not find any details on the LDAP server for SID #{sid}!")
190187
output << [sid, nil, nil] # Still want to print out the SID even if we couldn't get additional information.
191188
elsif sid_entry[0][:samaccountname][0]
@@ -350,7 +347,7 @@ def find_enrollable_vuln_certificate_templates
350347
attributes = ['cn', 'dnsHostname', 'ntsecuritydescriptor']
351348
base_prefix = 'CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration'
352349
enrollment_ca_data = query_ldap_server(certificate_enrollment_raw_filter, attributes, base_prefix: base_prefix)
353-
next if enrollment_ca_data.blank?
350+
next if enrollment_ca_data.empty?
354351

355352
enrollment_ca_data.each do |ca_server|
356353
begin

0 commit comments

Comments
 (0)