Add handling of dead ldap sessions

rapid7 · May 15, 2024 · 14deefb · 14deefb
1 parent bc9a25a
commit 14deefb
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 1 deletion.
diff --git a/lib/msf/core/optional_session/ldap.rb b/lib/msf/core/optional_session/ldap.rb
@@ -49,7 +49,10 @@ def ldap_connect(opts = {}, &block)
           session.client.base = opts[:base]
         end
         return yield session.client if session
+
         ldap_open(get_connect_opts.merge(opts), &block)
+      rescue ::StandardError => e
+        handle_error(e)
       end
 
       # Create a new LDAP connection using Rex::Proto::LDAP::Client.new and yield the
@@ -64,7 +67,27 @@ def ldap_new(opts = {})
           session.client.base = opts[:base]
         end
         return yield session.client if session
+
         super
+      rescue ::StandardError => e
+        handle_error(e)
+      end
+
+      private
+
+      def handle_error(e)
+        case e
+        when ::Net::LDAP::ResponseMissingOrInvalidError
+          elog("LDAP Client response missing or invalid: #{e.class}", error: e)
+          if session
+            print_error("Killing session #{session.sid} due to missing or invalid response from the server.")
+            session.kill
+          end
+        else
+          elog("LDAP Client: #{e.class}", error: e)
+          # Re-raise other exceptions so they can be handled elsewhere
+          raise e
+        end
       end
     end
   end

diff --git a/lib/rex/post/ldap/ui/console.rb b/lib/rex/post/ldap/ui/console.rb
@@ -90,7 +90,7 @@ def run_command(dispatcher, method, arguments)
             log_error('Operation timed out.')
           rescue Rex::InvalidDestination => e
             log_error(e.message)
-          rescue ::Errno::EPIPE, ::OpenSSL::SSL::SSLError, ::IOError
+          rescue ::Errno::EPIPE, ::OpenSSL::SSL::SSLError, ::IOError, Net::LDAP::ResponseMissingOrInvalidError
             session.kill
           rescue ::StandardError => e
             log_error("Error running command #{method}: #{e.class} #{e}")

diff --git a/lib/rex/post/ldap/ui/console/command_dispatcher/client.rb b/lib/rex/post/ldap/ui/console/command_dispatcher/client.rb
@@ -80,6 +80,8 @@ def cmd_query(*args)
                   raise ArgumentError, "Invalid output format: #{val}, must be one of #{OUTPUT_FORMATS}"
                 end
               end
+            rescue StandardError => e
+              handle_error(e)
             end
 
             perform_ldap_query_streaming(client, filter, attributes, base_dn, schema_dn, scope: scope) do |result, attribute_properties|

diff --git a/lib/rex/proto/ldap.rb b/lib/rex/proto/ldap.rb
@@ -107,6 +107,9 @@ def read_ber(syntax = nil)
         end
         # SASL buffer length
         length_bytes = read(4)
+        # The implementation in net-ldap returns nil if it doesn't read any data
+        return nil unless length_bytes
+
         length = length_bytes.unpack('N')[0]
 
         # Now read the actual data