From b5b410187347f588332e5780e8e9fa9bbe329ece Mon Sep 17 00:00:00 2001
From: Spencer McIntyre <zeroSteiner@gmail.com>
Date: Mon, 7 Oct 2024 13:34:14 -0400
Subject: [PATCH] Fix an issue with filesystem enumeration

File.list can return an array with null members. In this case
File.listFiles will fail entirely. This updates uses to use File.list
and to check for and skip null members when they occur.
---
 .../com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java    | 2 +-
 .../metasploit/meterpreter/stdapi/stdapi_fs_search.java    | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java
index 53af35e9f..77a4dec4e 100644
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java
@@ -37,7 +37,7 @@ public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket respons
         }
         String[] entries = path.list();
         for (int i = 0; i < entries.length; i++) {
-            if (entries[i].equals(".") || entries[i].equals("..")) {
+            if (entries[i] == null || entries[i].equals(".") || entries[i].equals("..")) {
                 continue;
             }
             File f = new File(path, entries[i]);
diff --git a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java
index b327bf673..32137e52c 100644
--- a/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java
+++ b/java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_search.java
@@ -72,13 +72,16 @@ public static List findFiles(String path, String mask, boolean recurse, Integer
                 }
             }
             path = pathfile.getCanonicalPath();
-            File[] lst = new File(path).listFiles();
+            String[] lst = new File(path).list();
             List glob = new ArrayList();
             if (lst == null) {
                 return glob;
             }
             for (int i = 0; i < lst.length; i++) {
-                File file = lst[i];
+                if (lst[i] == null) {
+                    continue;
+                }
+                File file = new File(lst[i]);
                 if (recurse && file.isDirectory()
                         // don't follow links to avoid infinite recursion
                         && file.getCanonicalPath().equals(file.getAbsolutePath())) {