Bug Report from a metasploit lover SNERT in China

[libo.swust at gmail.com (li bo)]

Just saw your message on [framework] email list. Hope it can be
noticed by others. However, it doesn't matter. We did our contribution
to this group, that is the key point.

Bo

On 25/11/2007, eros <erroix at qq.com> wrote:
> I have found a little bug of metasploit.That  appear in \lib\rex\text.rb
> line 584.
> Attend below codes :
> /////////////////////////////////////////////////////////////////////////////////////////////////////////////////
> def self.pattern_create(length, sets = [ UpperAlpha, LowerAlpha, Numerals ])
> buf = ''
> idx = 0
> offsets = []
>
> sets.length.times { offsets << 0 }
>
> until buf.length >= length
> begin
> buf += converge_sets(sets, 0, offsets, length)
> rescue RuntimeError
> break
> end
> end
>
> buf[0..length] # here will creat a pattern with length+1 characters
> end
> ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
> and when we use pattern_create() method on msfconsole,this bug will return
> us a unexpect result.For example:
> #puts pattern_create(56)
> =>"Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8A9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8"
> #puts pattern_create(56).length   =>57
> and so on...You may have a deep test.
> So it will recover normal after change buf[0..length] to buf[0...length].
> Hope this will make your attention!
> (Southwest University of Science and Technology Net Emergency Response Team)
> SNERT in short


-- 
No pains,no gains.