Clean up watchdog file logic
This commit is contained in:
Emmanuel Fusté
parent
81167dc908
commit
35496e5c5f
|
|
@ -17107,13 +17107,14 @@ run_renego() {
|
|||
else
|
||||
# Clear the log to not get the content of previous run before the execution of the new one.
|
||||
echo -n > $TMPFILE
|
||||
touch $TEMPDIR/not_killed
|
||||
#RENEGOTIATING wait loop watchdog file
|
||||
touch $TEMPDIR/allowed_to_loop
|
||||
# If we dont wait for the session to be established on slow server, we will try to re-negotiate
|
||||
# too early losing all the attempts before the session establishment as OpenSSL will not buffer them
|
||||
# (only the first will be till the establishement of the session).
|
||||
(j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; j=$(($j+1)); done; \
|
||||
for ((i=0; i < $ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; j=0; \
|
||||
while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/not_killed ]] && [[ $k -lt 180 ]]; \
|
||||
while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] && [[ $k -lt 180 ]]; \
|
||||
do sleep $ssl_reneg_wait; k=$(($k+1)); done; \
|
||||
done) | \
|
||||
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
|
||||
|
|
@ -17125,11 +17126,12 @@ run_renego() {
|
|||
tmp_result=$?
|
||||
pkill -HUP -P $watcher
|
||||
wait $watcher
|
||||
rm -f $TEMPDIR/allowed_to_loop
|
||||
# If we are here, we have done two successful renegotiation (-2) and do the loop
|
||||
loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE )-2))
|
||||
if [[ -f $TEMPDIR/was_killed ]]; then
|
||||
tmp_result=2
|
||||
rm -f $TEMPDIR/not_killed
|
||||
rm -f $TEMPDIR/was_killed
|
||||
fi
|
||||
case $tmp_result in
|
||||
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
|
||||
|
|
|
|||
Loading…
Reference in New Issue