rex-socket 0.1.28 → 0.1.32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 324deceef4e08a04cdfee10fa7fcda792dfee027e2a83792492da6294a2a5b18
-  data.tar.gz: bdb5cdb27e4cf46c90fe0c5ace17347c47fcb257497fba247c18a627afe9b536
+  metadata.gz: e4459a7bb29271ef6914325cf3d6b0b11f94056a55286cc91d1060f0c7f7afbb
+  data.tar.gz: 04a369427c1462a168ceb6f252e7f6a2987f35ef9ec47a582a35976ef7c0340c
 SHA512:
-  metadata.gz: 5b161f04cb05e3e44c6fd0034e4a5fc062d229bc582937a525f44230706a5c3b90c0abbafa71d359453040667034a76a597d93ecb153cf65abec00f4dfc8ef1d
-  data.tar.gz: 8c2238d6a358ef0dbb2cb513ca723d3fd97ea5ce97c64c8e79f7f166764d50a68cb0721e23a3701086d3418e7caac937366f2ab2b0fc887b54e742408cd37312
+  metadata.gz: d848f4b6df65942a810b7f24488f45d859bc6bdd11189afd131235f0c9cab0824c1e66fc95f0edf06ac91cae1f0f9d50d9820177fabcace2bb6824bc9dc108c2
+  data.tar.gz: 8baa414c06a8b13282c74d0d55c5edd7e7dff43c7304d1604f476f78195b0d2514ac72b22679b01387a25f16c4bc382c97b3181d3b9b5fe1aecd1bafb566f3d7

data/lib/rex/socket.rb

@@ -730,7 +730,7 @@ module Socket
   # Wrapper around getsockname that stores the local address and local port values.
   #
   def getlocalname
-    if self.localhost.nil? && self.localport.nil?
+    if [nil, '0.0.0.0', '::'].include?(self.localhost) && [nil, 0].include?(self.localport)
       _, self.localhost, self.localport = getsockname
     end
 

data/lib/rex/socket/parameters.rb

@@ -110,10 +110,7 @@ class Rex::Socket::Parameters
       self.sslctx = hash['SSLContext']
     end
 
-    supported_ssl_versions = ['Auto', 'SSL2', 'SSL23', 'TLS1', 'SSL3', :Auto, :SSLv2, :SSLv3, :SSLv23, :TLSv1]
-    if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
-      self.ssl_version = hash['SSLVersion']
-    end
+    self.ssl_version = hash.fetch('SSLVersion', nil)
 
     supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
     if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
@@ -195,7 +192,15 @@ class Rex::Socket::Parameters
     end
 
     # Whether to force IPv6 addressing
-    self.v6        = hash['IPv6']
+    if hash['IPv6'].nil?
+      # if IPv6 isn't specified and at least one host is an IPv6 address and the
+      # other is either nil, a hostname or an IPv6 address, then use IPv6
+      self.v6 = (Rex::Socket.is_ipv6?(self.localhost) || Rex::Socket.is_ipv6?(self.peerhost)) && \
+        (self.localhost.nil? || !Rex::Socket.is_ipv4?(self.localhost)) && \
+        (self.peerhost.nil? || !Rex::Socket.is_ipv4?(self.peerhost))
+    else
+      self.v6 = hash['IPv6']
+    end
   end
 
   def merge(other)
@@ -297,7 +302,13 @@ class Rex::Socket::Parameters
   # @return [String]
   attr_writer :localhost
   def localhost
-    @localhost || '0.0.0.0'
+    return @localhost if @localhost
+
+    if @v6 || (@peerhost && Rex::Socket.is_ipv6?(@peerhost))
+      '::'
+    else
+      '0.0.0.0'
+    end
   end
 
   # The local port.  Equivalent to the LocalPort parameter hash key.
@@ -383,7 +394,27 @@ class Rex::Socket::Parameters
 
   # What version of SSL to use (Auto, SSL2, SSL3, SSL23, TLS1)
   # @return [String,Symbol]
-  attr_accessor :ssl_version
+  attr_reader :ssl_version
+  def ssl_version=(version)
+    # Let the caller specify a particular SSL/TLS version
+    case version
+    when 'SSL2'
+      version = :SSLv2
+    # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
+    when 'SSL23', 'TLS', 'Auto'
+      version = :SSLv23
+    when 'SSL3'
+      version = :SSLv3
+    when 'TLS1','TLS1.0'
+      version = :TLSv1
+    when 'TLS1.1'
+      version = :TLSv1_1
+    when 'TLS1.2'
+      version = :TLSv1_2
+    end
+
+    @ssl_version = version
+  end
 
   # What specific SSL Cipher(s) to use, may be a string containing the cipher
   # name or an array of strings containing cipher names e.g.

data/lib/rex/socket/range_walker.rb

@@ -134,7 +134,7 @@ class RangeWalker
   #
   # @return [Hash<Symbol, String>] The next host in the range
   def next_host
-    return false if not valid?
+    return unless valid?
 
     if (@curr_addr > @ranges[@curr_range_index].stop)
       # Then we are at the end of this range. Grab the next one.
@@ -247,7 +247,7 @@ class RangeWalker
   def expand_cidr(arg)
     start,stop = Rex::Socket.cidr_crack(arg)
     if !start or !stop
-      return false
+      return
     end
     range = Range.new
     range.start = Rex::Socket.addr_atoi(start)
@@ -399,7 +399,7 @@ class RangeWalker
     return if !valid_cidr_chars?(arg)
 
     ip_part, mask_part = arg.split("/")
-    return false unless (0..32).include? mask_part.to_i
+    return unless (0..32).include? mask_part.to_i
     if ip_part =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
       return unless Rex::Socket.is_ipv4?(ip_part)
     end

data/lib/rex/socket/ssl.rb

@@ -11,6 +11,9 @@ require 'openssl'
 ###
 module Rex::Socket::Ssl
 
+  # Default to SSLv23 (automatically negotiate)
+  DEFAULT_SSL_VERSION = :SSLv23
+
   module CertProvider
 
     def self.ssl_generate_subject(cn: nil, org: nil, loc: nil, st: nil)
@@ -122,7 +125,14 @@ module Rex::Socket::Ssl
       key, cert, chain = ssl_generate_certificate(cert_vars: {cn: params.ssl_cn})
     end
 
-    ctx = OpenSSL::SSL::SSLContext.new()
+    version = params&.ssl_version || DEFAULT_SSL_VERSION
+    # Raise an error if no selected versions are supported
+    unless Rex::Socket::SslTcp.system_ssl_methods.include? version
+      raise ArgumentError,
+        "This version of Ruby does not support the requested SSL/TLS version #{version}"
+    end
+
+    ctx = OpenSSL::SSL::SSLContext.new(version)
     ctx.key = key
     ctx.cert = cert
     ctx.extra_chain_cert = chain

data/lib/rex/socket/ssl_tcp.rb

@@ -65,35 +65,14 @@ begin
   def initsock(params = nil)
     super
 
-    # Default to SSLv23 (automatically negotiate)
-    version = :SSLv23
-
-    # Let the caller specify a particular SSL/TLS version
-    if params
-      case params.ssl_version
-      when 'SSL2', :SSLv2
-        version = :SSLv2
-      # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
-      when 'SSL23', :SSLv23, 'TLS', 'Auto'
-        version = :SSLv23
-      when 'SSL3', :SSLv3
-        version = :SSLv3
-      when 'TLS1','TLS1.0', :TLSv1
-        version = :TLSv1
-      when 'TLS1.1', :TLSv1_1
-        version = :TLSv1_1
-      when 'TLS1.2', :TLSv1_2
-        version = :TLSv1_2
-      end
-    end
-
+    version = params&.ssl_version || Rex::Socket::Ssl::DEFAULT_SSL_VERSION
     # Raise an error if no selected versions are supported
     unless Rex::Socket::SslTcp.system_ssl_methods.include? version
       raise ArgumentError,
-        "This version of Ruby does not support the requested SSL/TLS version #{params.ssl_version}"
+        "This version of Ruby does not support the requested SSL/TLS version #{version}"
     end
 
-    # Try intializing the socket with this SSL/TLS version
+    # Try initializing the socket with this SSL/TLS version
     # This will throw an exception if it fails
     initsock_with_ssl_version(params, version)
 

data/lib/rex/socket/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Socket
-    VERSION = "0.1.28"
+    VERSION = "0.1.32"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-socket
 version: !ruby/object:Gem::Version
-  version: 0.1.28
+  version: 0.1.32
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-03-25 00:00:00.000000000 Z
+date: 2021-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake