Bug Report from a metasploit lover SNERT in China

[erroix at qq.com (eros)]

 I have found a little bug of metasploit.That  appear in \lib\rex\text.rb line 584.
Attend below codes :
///////////////////////////////////////////////////////////////////////////////////////////////////////////////// 
def self.pattern_create(length, sets = [ UpperAlpha, LowerAlpha, Numerals ])
buf = ''
idx = 0
offsets = []

sets.length.times { offsets << 0 }

until buf.length >= length
begin 
buf += converge_sets(sets, 0, offsets, length)
rescue RuntimeError
break
end
end

buf[0..length] # here will creat a pattern with length+1 characters 
end
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
and when we use pattern_create() method on msfconsole,this bug will return us a unexpect result.For example:
#puts pattern_create(56) =>"Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8A9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8"
#puts pattern_create(56).length   =>57
and so on...You may have a deep test. 
So it will recover normal after change buf[0..length] to buf[0...length].
Hope this will make your attention!
 (Southwest University of Science and Technology Net Emergency Response Team)
 SNERT in short

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071125/a1ad1cd1/attachment.htm>