From 1a3c01899fe5bf3af167b93111f3ac814620f4c4 Mon Sep 17 00:00:00 2001 From: manuel Date: Tue, 17 Mar 2020 14:34:00 +0100 Subject: [PATCH 1/2] fix basicauth bug where a newline was added to the user:password string --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index a54b9d7..f156c8b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -19606,7 +19606,7 @@ determine_service() { ua="$UA_SNEAKY" || \ ua="$UA_STD" if [[ -n "$BASICAUTH" ]]; then - basicauth_header="Authorization: Basic $($OPENSSL base64 <<< "$BASICAUTH" 2>/dev/null)\r\n" + basicauth_header="Authorization: Basic $(echo -n "$BASICAUTH" | $OPENSSL base64 2>/dev/null)\r\n" fi GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\n${basicauth_header}Accept-Encoding: identity\r\nAccept: text/*\r\nConnection: Close\r\n\r\n" # returns always 0: From 7fffe53d0a9148ebe47529a5f0e0b3e70decc744 Mon Sep 17 00:00:00 2001 From: manuel Date: Wed, 18 Mar 2020 13:53:58 +0100 Subject: [PATCH 2/2] replace echo with the safe_echo function --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index f156c8b..322d13f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -19606,7 +19606,7 @@ determine_service() { ua="$UA_SNEAKY" || \ ua="$UA_STD" if [[ -n "$BASICAUTH" ]]; then - basicauth_header="Authorization: Basic $(echo -n "$BASICAUTH" | $OPENSSL base64 2>/dev/null)\r\n" + basicauth_header="Authorization: Basic $(safe_echo "$BASICAUTH" | $OPENSSL base64 2>/dev/null)\r\n" fi GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\n${basicauth_header}Accept-Encoding: identity\r\nAccept: text/*\r\nConnection: Close\r\n\r\n" # returns always 0: