Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Multiple IP fix and simple not vulnerable printing case recover

Browse Source 
- Recover the "not vulnerable" case (no mitigation) printing, cosmetic
  fix.
- With the removing of all s_client invocation other than the main loop
  one, fix the init of the ERRFILE and TMPFILE: no need to append, no
  need to remove, inconditionally zap the content before the loop.
This commit is contained in:
Emmanuel Fusté 2024-11-05 12:59:01 +01:00
parent 7625422976
commit 1aaab67e81
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
testssl.sh
View File

@ -17172,8 +17172,6 @@ run_renego() {
# We will need $ERRFILE for mitigation detection # We will need $ERRFILE for mitigation detection
if [[ $ERRFILE =~ dev.null ]]; then if [[ $ERRFILE =~ dev.null ]]; then
ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
# cleanup previous run if any (multiple IP)
rm -f $ERRFILE
restore_errfile=1 restore_errfile=1
else else
restore_errfile=0 restore_errfile=0
@ -17190,7 +17188,9 @@ run_renego() {
# Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS. # Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS.
# Clear the log to not get the content of previous run before the execution of the new one. # Clear the log to not get the content of previous run before the execution of the new one.
# (Used in the loop tests before s_client invocation)
echo -n > $TMPFILE echo -n > $TMPFILE
echo -n > $ERRFILE
# RENEGOTIATING wait loop watchdog file # RENEGOTIATING wait loop watchdog file
touch $TEMPDIR/allowed_to_loop touch $TEMPDIR/allowed_to_loop
# If we dont wait for the session to be established on slow server, we will try to re-negotiate # If we dont wait for the session to be established on slow server, we will try to re-negotiate
@ -17211,7 +17211,7 @@ run_renego() {
&& [[ $k -lt 120 ]]; \ && [[ $k -lt 120 ]]; \
do sleep $ssl_reneg_wait; ((k++)); if (tail -5 $TMPFILE| grep -qa '^closed'); then break; fi; done; \ do sleep $ssl_reneg_wait; ((k++)); if (tail -5 $TMPFILE| grep -qa '^closed'); then break; fi; done; \
done) | \ done) | \
$OPENSSL_NOTIMEOUT s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE & $OPENSSL_NOTIMEOUT s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE &
pid=$! pid=$!
( sleep $((ssl_reneg_attempts*3+3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null & ( sleep $((ssl_reneg_attempts*3+3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
watcher=$! watcher=$!
@ -17235,6 +17235,9 @@ run_renego() {
tmp_result=2 tmp_result=2
rm -f $TEMPDIR/was_killed rm -f $TEMPDIR/was_killed
fi fi
if [[ $tmp_result -eq 1 ]] && [[ loop_reneg -eq 1 ]]; then
tmp_result=3
fi
if [[ $SERVICE != HTTP ]]; then if [[ $SERVICE != HTTP ]]; then
# theoric possible case # theoric possible case
if [[ $loop_reneg -eq 2 ]]; then if [[ $loop_reneg -eq 2 ]]; then
@ -17244,7 +17247,7 @@ run_renego() {
0) pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat" 0) pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint" fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
;; ;;
1) prln_svrty_good "not vulnerable (OK)" 1|3) prln_svrty_good "not vulnerable (OK)"
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
;; ;;
2) pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out ($((${ssl_reneg_attempts}*3+3))s)" # it hung 2) pr_svrty_good "likely not vulnerable (OK)"; outln ", timed out ($((${ssl_reneg_attempts}*3+3))s)" # it hung
@ -17263,6 +17266,9 @@ run_renego() {
1) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated (disconnect after $loop_reneg/$ssl_reneg_attempts attempts)" 1) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated (disconnect after $loop_reneg/$ssl_reneg_attempts attempts)"
fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
;; ;;
3) prln_svrty_good "not vulnerable (OK)"
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
;;
2) pr_svrty_good "not vulnerable (OK)"; \ 2) pr_svrty_good "not vulnerable (OK)"; \
outln " -- mitigated ($loop_reneg successful reneg within ${ssl_reneg_attempts} in $((${ssl_reneg_attempts}*3+3))s(timeout))" outln " -- mitigated ($loop_reneg successful reneg within ${ssl_reneg_attempts} in $((${ssl_reneg_attempts}*3+3))s(timeout))"
fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"