Fix pass by reference bug on the module side for windows error exploit #18406

bwatters-r7 · 2023-09-27T14:48:43Z

This fixes a bug found by @cdelafuente-r7 where we're using a pass-by-reference for strings from the mkdir method to the cleanup methods. This means that if we alter the string used to create the directory later in the module, the cleanup method tries to delete whatever is in the string at the end of the module, rather than what was in it when we called mkdir. To fix it in this module, I just added a local method called clone_mkdir where we clone the string before passing it into mkdir.

We're working on a fix that will negate the need for this here: #18403

cdelafuente-r7 · 2023-09-27T15:16:05Z

Thanks @bwatters-r7 for this fix! It looks good to me. I retested the module and verified the directories were properly cleaned up. Thanks!

Fix pass by reference bug on the module side

a4c6b11

bwatters-r7 marked this pull request as ready for review September 27, 2023 15:05

cdelafuente-r7 approved these changes Sep 27, 2023

View reviewed changes

cdelafuente-r7 added the bug label Sep 27, 2023

cdelafuente-r7 self-assigned this Sep 27, 2023

cdelafuente-r7 merged commit bc8179e into rapid7:master Sep 27, 2023

cdelafuente-r7 added the rn-no-release-notes no release notes label Sep 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix pass by reference bug on the module side for windows error exploit #18406

Fix pass by reference bug on the module side for windows error exploit #18406

bwatters-r7 commented Sep 27, 2023

cdelafuente-r7 commented Sep 27, 2023

Fix pass by reference bug on the module side for windows error exploit #18406

Fix pass by reference bug on the module side for windows error exploit #18406

Conversation

bwatters-r7 commented Sep 27, 2023

cdelafuente-r7 commented Sep 27, 2023