Skip to content

fix: Modifying a frozen string cause an error in Exploit::Remote::Ftp mixin#21657

Closed
lxcxjxhx wants to merge 3 commits into
rapid7:masterfrom
lxcxjxhx:fix-issue-21597
Closed

fix: Modifying a frozen string cause an error in Exploit::Remote::Ftp mixin#21657
lxcxjxhx wants to merge 3 commits into
rapid7:masterfrom
lxcxjxhx:fix-issue-21597

Conversation

@lxcxjxhx

@lxcxjxhx lxcxjxhx commented Jul 8, 2026

Copy link
Copy Markdown

What does this PR do?

Fixes #21597 - Modifying a frozen string causes an error in Exploit::Remote::Ftp mixin

The problem

When # frozen_string_literal: true is enabled (which is the default in modern Ruby), string literals like "" are frozen and cannot be modified. This causes a FrozenError when the code tries to modify @ftpbuff later in the recv_ftp_resp method.

The fix

Changed line 33 in lib/msf/core/exploit/remote/ftp.rb:

  • Before: @ftpbuff = ""
  • After: @ftpbuff = String.new

String.new creates a mutable string that can be safely modified regardless of the frozen string literal setting.

Testing

  • Verified the fix resolves the FrozenError
  • No functional changes to FTP behavior
  • Compatible with both frozen and non-frozen string literal modes

Checklist

  • Follows the project's coding standards
  • Fixes the reported issue
  • Minimal change with clear intent
  • No breaking changes

Fixes #21597

Modifying a frozen string cause an error in `Exploit::Remote::Ftp` mixin
lxcxjxhx added 2 commits July 8, 2026 11:17
The recv_ftp_resp method mutates @ftpbuff with <<, but initializing it as a literal string " makes it frozen when frozen_string_literal: true is enabled (new policy per AGENTS.md).

Change @ftpbuff = " to @ftpbuff = String.new so the buffer remains mutable regardless of the frozen_string_literal pragma. This allows modules using this mixin to adopt the new pragma without breaking FTP operations.
Fixes rapid7#21597

When # frozen_string_literal: true is enabled, string literals
are frozen and cannot be modified. Using String.new creates a
mutable string that can be safely modified.
@lxcxjxhx

lxcxjxhx commented Jul 8, 2026

Copy link
Copy Markdown
Author

Closing this PR to provide a higher-quality fix.

The current changes don't adequately address issue #21597. I'll be reopening with a more thorough analysis and proper code fix including test coverage.

Will resubmit shortly.

@lxcxjxhx lxcxjxhx closed this Jul 8, 2026
@github-project-automation github-project-automation Bot moved this from Todo to Done in Metasploit Kanban Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

Modifying a frozen string cause an error in Exploit::Remote::Ftp mixin

2 participants