From 04e51db40281a1ba7e4311fea3ceb4c0f1bd8a46 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 4 Mar 2020 10:09:13 -0500 Subject: [PATCH] Fix #1514 This commit is an attempt to fix #1514. The commit is mostly based on a suggestion at https://unix.stackexchange.com/questions/57940/trap-int-term-exit-really-necessary. Even with that change, it seemed that if testssl.sh were in the middle of executing run_cipher_per_proto() when it received a signal, it would not stop until that function had completed. This seems to have something to do with subshells. Changing the while loop in run_cipher_per_proto() seems to have fixed that issue. So, I also made similar changes to the while loops in prettyprint_local(). --- testssl.sh | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/testssl.sh b/testssl.sh index 697e5a3..fe299ef 100755 --- a/testssl.sh +++ b/testssl.sh @@ -113,7 +113,8 @@ fi ########### Traps! Make sure that temporary files are cleaned up after use in ANY case # -trap "cleanup" QUIT EXIT +trap "cleanup" EXIT +trap "sig_cleanup" INT QUIT TERM trap "child_error" USR1 @@ -3142,21 +3143,21 @@ prettyprint_local() { neat_header if [[ -z "$1" ]]; then - actually_supported_osslciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 'ALL' "-V" | while read -r hexcode dash ciph sslvers kx auth enc mac export ; do # -V doesn't work with openssl < 1.0 + while read -r hexcode dash ciph sslvers kx auth enc mac export ; do hexc="$(normalize_ciphercode $hexcode)" outln "$(neat_list "$hexc" "$ciph" "$kx" "$enc" "$export")" - done + done < <(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 'ALL' "-V") # -V doesn't work with openssl < 1.0 else #for arg in $(echo $@ | sed 's/,/ /g'); do for arg in ${*//,/ /}; do - actually_supported_osslciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 'ALL' "-V" | while read -r hexcode dash ciph sslvers kx auth enc mac export ; do # -V doesn't work with openssl < 1.0 + while read -r hexcode dash ciph sslvers kx auth enc mac export ; do hexc="$(normalize_ciphercode $hexcode)" # for numbers we don't do word matching: [[ $arg =~ $re ]] && \ line="$(neat_list "$hexc" "$ciph" "$kx" "$enc" "$export" | grep -ai "$arg")" || \ line="$(neat_list "$hexc" "$ciph" "$kx" "$enc" "$export" | grep -wai "$arg")" [[ -n "$line" ]] && outln "$line" - done + done < <(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 'ALL' "-V") # -V doesn't work with openssl < 1.0 done fi outln @@ -4274,9 +4275,9 @@ run_cipher_per_proto() { fi outln neat_header - echo -e " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3" | while read proto proto_hex proto_text; do + while read proto proto_hex proto_text; do ciphers_by_strength "$proto" "$proto_hex" "$proto_text" "$using_sockets" - done + done <<< "$(tm_out " -ssl2 22 SSLv2\n -ssl3 00 SSLv3\n -tls1 01 TLS 1\n -tls1_1 02 TLS 1.1\n -tls1_2 03 TLS 1.2\n -tls1_3 04 TLS 1.3")" return 0 #FIXME: no error condition } @@ -18674,6 +18675,13 @@ cleanup() { grep -q xtrace <<< "$SHELLOPTS" && ! "$DEBUG_ALLINONE" && exec 2>&42 42>&- } +# see https://unix.stackexchange.com/questions/57940/trap-int-term-exit-really-necessary +sig_cleanup() { + trap '' EXIT + cleanup + exit 0 +} + child_error() { cleanup exit $ERR_CHILD