rex-socket 0.1.27 → 0.1.31

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1c761ab84c205dd7b2046c7249f279f4f9b4ac2ba16168dd4c7cc62e1ac41fb8
-  data.tar.gz: 4ead3c6958a08e49e7255946a772ee8ba4934de87e3f1e1e96ad94db9399fb69
+  metadata.gz: 398f01b37a1c460126d7d3d375f0bf332667e025402c71864637d3c9803de7f4
+  data.tar.gz: ee7bb9810a863055fdf614671831ed60ce2397e524f53aa8c5e211bb274670ab
 SHA512:
-  metadata.gz: 5b2ddff4009180354ffc849c021da8087855406e0fa2d7c549981cc7bdfc13adc854cda40da406605c513d719327fa2464948f2e24c06a533b248a149e171061
-  data.tar.gz: 4a862d8480c701c99a28ff67be3db07ecd5803509f18d712f5acfa42bbb432e3022a5797a8847d13e7a989243e19bf4081ad632e7466ee51e5ef29006a5ab39d
+  metadata.gz: 404fd949220d753521ba39f90cea3fab95668519a293c496ec5e1689a004467a30ca948cb42fd81744cc56e5a50976a97c96be786403a8f90b84514c52d8330e
+  data.tar.gz: 5b940b7536739271b96f9cf97008d3c490a54cdac119b0b9bbe42848c29ee21e78058c989f65c9a50384d0ac291a003f5a86b5a09904cee0c9aca31de9a576ef

data/lib/rex/socket.rb

@@ -730,7 +730,7 @@ module Socket
   # Wrapper around getsockname that stores the local address and local port values.
   #
   def getlocalname
-    if self.localhost.nil? && self.localport.nil?
+    if [nil, '0.0.0.0', '::'].include?(self.localhost) && [nil, 0].include?(self.localport)
       _, self.localhost, self.localport = getsockname
     end
 

data/lib/rex/socket/parameters.rb

@@ -110,10 +110,7 @@ class Rex::Socket::Parameters
       self.sslctx = hash['SSLContext']
     end
 
-    supported_ssl_versions = ['Auto', 'SSL2', 'SSL23', 'TLS1', 'SSL3', :Auto, :SSLv2, :SSLv3, :SSLv23, :TLSv1]
-    if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
-      self.ssl_version = hash['SSLVersion']
-    end
+    self.ssl_version = hash.fetch('SSLVersion', nil)
 
     supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
     if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
@@ -383,7 +380,27 @@ class Rex::Socket::Parameters
 
   # What version of SSL to use (Auto, SSL2, SSL3, SSL23, TLS1)
   # @return [String,Symbol]
-  attr_accessor :ssl_version
+  attr_reader :ssl_version
+  def ssl_version=(version)
+    # Let the caller specify a particular SSL/TLS version
+    case version
+    when 'SSL2'
+      version = :SSLv2
+    # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
+    when 'SSL23', 'TLS', 'Auto'
+      version = :SSLv23
+    when 'SSL3'
+      version = :SSLv3
+    when 'TLS1','TLS1.0'
+      version = :TLSv1
+    when 'TLS1.1'
+      version = :TLSv1_1
+    when 'TLS1.2'
+      version = :TLSv1_2
+    end
+
+    @ssl_version = version
+  end
 
   # What specific SSL Cipher(s) to use, may be a string containing the cipher
   # name or an array of strings containing cipher names e.g.

data/lib/rex/socket/range_walker.rb

@@ -84,27 +84,27 @@ class RangeWalker
 
       # Handle IPv6 CIDR first
       if arg.include?(':') && arg.include?('/')
-        return false if (new_ranges = parse_ipv6_cidr(arg)) == nil
+        next if (new_ranges = parse_ipv6_cidr(arg)).nil?
 
       # Handle plain IPv6 next (support ranges, but not CIDR)
       elsif arg.include?(':')
-        return false if (new_ranges = parse_ipv6(arg)) == nil
+        next if (new_ranges = parse_ipv6(arg)).nil?
 
       # Handle IPv4 CIDR
       elsif arg.include?("/")
-        return false if (new_ranges = parse_ipv4_cidr(arg)) == nil
+        next if (new_ranges = parse_ipv4_cidr(arg)).nil?
 
       # Handle hostnames
       elsif arg =~ /[^-0-9,.*]/
-        return false if (new_ranges = parse_hostname(arg)) == nil
+        next if (new_ranges = parse_hostname(arg)).nil?
 
       # Handle IPv4 ranges
       elsif arg =~ MATCH_IPV4_RANGE
         # Then it's in the format of 1.2.3.4-5.6.7.8
-        return false if (new_ranges = parse_ipv4_ranges(arg)) == nil
+        next if (new_ranges = parse_ipv4_ranges(arg)).nil?
 
       else
-        new_ranges = expand_nmap(arg)
+        next if (new_ranges = expand_nmap(arg)).nil?
       end
 
       ranges += new_ranges
@@ -134,7 +134,7 @@ class RangeWalker
   #
   # @return [Hash<Symbol, String>] The next host in the range
   def next_host
-    return false if not valid?
+    return unless valid?
 
     if (@curr_addr > @ranges[@curr_range_index].stop)
       # Then we are at the end of this range. Grab the next one.
@@ -247,7 +247,7 @@ class RangeWalker
   def expand_cidr(arg)
     start,stop = Rex::Socket.cidr_crack(arg)
     if !start or !stop
-      return false
+      return
     end
     range = Range.new
     range.start = Rex::Socket.addr_atoi(start)
@@ -275,18 +275,16 @@ class RangeWalker
   #
   def expand_nmap(arg)
     # Can't really do anything with IPv6
-    return false if arg.include?(":")
+    return if arg.include?(":")
 
     # nmap calls these errors, but it's hard to catch them with our
     # splitting below, so short-cut them here
-    return false if arg.include?(",-") or arg.include?("-,")
+    return if arg.include?(",-") or arg.include?("-,")
 
     bytes = []
     sections = arg.split('.')
-    if sections.length != 4
-      # Too many or not enough dots
-      return false
-    end
+    return unless sections.length == 4  # Too many or not enough dots
+
     sections.each { |section|
       if section.empty?
         # pretty sure this is an unintentional artifact of the C
@@ -300,7 +298,7 @@ class RangeWalker
         # I think this ought to be 1-254, but this is how nmap does it.
         section = "0-255"
       elsif section.include?("*")
-        return false
+        return
       end
 
       # Break down the sections into ranges like so
@@ -317,18 +315,18 @@ class RangeWalker
           # if the upper bound is empty, stop at 255
           #
           bounds = r.split('-', -1)
-          return false if (bounds.length > 2)
+          return if (bounds.length > 2)
 
           bounds[0] = 0   if bounds[0].nil? or bounds[0].empty?
           bounds[1] = 255 if bounds[1].nil? or bounds[1].empty?
           bounds.map!{|b| b.to_i}
-          return false if bounds[0] > bounds[1]
+          return if bounds[0] > bounds[1]
         else
           # Then it's a single value
           bounds[0] = r.to_i
         end
-        return false if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
-        return false if bounds[1] and bounds[0] > bounds[1]
+        return if bounds[0] > 255 or (bounds[1] and bounds[1] > 255)
+        return if bounds[1] and bounds[0] > bounds[1]
         if bounds[1]
           bounds[0].upto(bounds[1]) do |i|
             sets.push(i)
@@ -401,7 +399,7 @@ class RangeWalker
     return if !valid_cidr_chars?(arg)
 
     ip_part, mask_part = arg.split("/")
-    return false unless (0..32).include? mask_part.to_i
+    return unless (0..32).include? mask_part.to_i
     if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
       return unless Rex::Socket.is_ipv4?(ip_part)
     end

data/lib/rex/socket/ssl.rb

@@ -11,6 +11,9 @@ require 'openssl'
 ###
 module Rex::Socket::Ssl
 
+  # Default to SSLv23 (automatically negotiate)
+  DEFAULT_SSL_VERSION = :SSLv23
+
   module CertProvider
 
     def self.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil)
@@ -122,7 +125,14 @@ module Rex::Socket::Ssl
       key, cert, chain = ssl_generate_certificate(cert_vars: {cn: params.ssl_cn})
     end
 
-    ctx = OpenSSL::SSL::SSLContext.new()
+    version = params&.ssl_version || DEFAULT_SSL_VERSION
+    # Raise an error if no selected versions are supported
+    unless Rex::Socket::SslTcp.system_ssl_methods.include? version
+      raise ArgumentError,
+        "This version of Ruby does not support the requested SSL/TLS version #{version}"
+    end
+
+    ctx = OpenSSL::SSL::SSLContext.new(version)
     ctx.key = key
     ctx.cert = cert
     ctx.extra_chain_cert = chain

data/lib/rex/socket/ssl_tcp.rb

@@ -65,35 +65,14 @@ begin
   def initsock(params = nil)
     super
 
-    # Default to SSLv23 (automatically negotiate)
-    version = :SSLv23
-
-    # Let the caller specify a particular SSL/TLS version
-    if params
-      case params.ssl_version
-      when 'SSL2', :SSLv2
-        version = :SSLv2
-      # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
-      when 'SSL23', :SSLv23, 'TLS', 'Auto'
-        version = :SSLv23
-      when 'SSL3', :SSLv3
-        version = :SSLv3
-      when 'TLS1','TLS1.0', :TLSv1
-        version = :TLSv1
-      when 'TLS1.1', :TLSv1_1
-        version = :TLSv1_1
-      when 'TLS1.2', :TLSv1_2
-        version = :TLSv1_2
-      end
-    end
-
+    version = params&.ssl_version || Rex::Socket::Ssl::DEFAULT_SSL_VERSION
     # Raise an error if no selected versions are supported
     unless Rex::Socket::SslTcp.system_ssl_methods.include? version
       raise ArgumentError,
-        "This version of Ruby does not support the requested SSL/TLS version #{params.ssl_version}"
+        "This version of Ruby does not support the requested SSL/TLS version #{version}"
     end
 
-    # Try intializing the socket with this SSL/TLS version
+    # Try initializing the socket with this SSL/TLS version
     # This will throw an exception if it fails
     initsock_with_ssl_version(params, version)
 

data/lib/rex/socket/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Socket
-    VERSION = "0.1.27"
+    VERSION = "0.1.31"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-socket
 version: !ruby/object:Gem::Version
-  version: 0.1.27
+  version: 0.1.31
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-03-24 00:00:00.000000000 Z
+date: 2021-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake