Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix for empty/malformed socket replies

Browse Source 
During protocol check if a sever answered unexpected with
closing the conenction or another malformed reply the
output was not ok as DETECTED_TLS_VERSION was empty.

This fixes it by filling the variable with a string in ``parse_tls_serverhello()``
and then check in higher level (``run_protocols()``) the content.

Also it seems that I forgot in the commit from yesterday one ``&&`` to
commit in ``run_breach()``
This commit is contained in:
Dirk 2017-09-01 16:13:32 +02:00
parent ee8c5e51a1
commit 50287ef2c4
1 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
testssl.sh
View File

@ -3926,7 +3926,7 @@ run_protocols() {
add_tls_offered "ssl2" add_tls_offered "ssl2"
;; ;;
7) fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support" 7) fileout "sslv2" "INFO" "SSLv2 is not tested due to lack of local support"
;; # no local support ;; # no local support
esac esac
fi fi
@ -3951,8 +3951,13 @@ run_protocols() {
prln_svrty_critical "server responded with higher version number ($detected_version_string) than requested by client (NOT ok)" prln_svrty_critical "server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
fileout "sslv3" "CRITICAL" "SSLv3: server responded with higher version number ($detected_version_string) than requested by client" fileout "sslv3" "CRITICAL" "SSLv3: server responded with higher version number ($detected_version_string) than requested by client"
else else
prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)" if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
fileout "sslv3" "CRITICAL" "SSLv3: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}" prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
fileout "sslv3" "CRITICAL" "SSLv3: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
else
prln_svrty_medium "strange, server ${DETECTED_TLS_VERSION}"
fileout "sslv3" "MEDIUM" "SSLv3: strange, server ${DETECTED_TLS_VERSION}"
fi
fi fi
;; ;;
5) pr_svrty_high "$supported_no_ciph2" 5) pr_svrty_high "$supported_no_ciph2"
@ -3962,7 +3967,7 @@ run_protocols() {
;; ;;
7) prln_warning "SSLv3 seems locally not supported" 7) prln_warning "SSLv3 seems locally not supported"
fileout "sslv3" "WARN" "SSLv3 is not tested due to lack of local support" fileout "sslv3" "WARN" "SSLv3 is not tested due to lack of local support"
;; # no local support ;; # no local support
esac esac
pr_bold " TLS 1 "; pr_bold " TLS 1 ";
@ -3997,8 +4002,13 @@ run_protocols() {
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client"
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with higher version number ($detected_version_string) than requested by client" fileout "tls1" "CRITICAL" "TLSv1.0: server responded with higher version number ($detected_version_string) than requested by client"
else else
prln_svrty_critical " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}" if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}" prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
fileout "tls1" "CRITICAL" "TLSv1.0: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
else
prln_svrty_medium " -- strange, server ${DETECTED_TLS_VERSION}"
fileout "tls1" "MEDIUM" "TLSv1.0: server ${DETECTED_TLS_VERSION}"
fi
fi fi
;; ;;
5) outln "$supported_no_ciph1" # protocol ok, but no cipher 5) outln "$supported_no_ciph1" # protocol ok, but no cipher
@ -4045,8 +4055,13 @@ run_protocols() {
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)" prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
fileout "tls1_1" "CRITICAL" "TLSv1.1 is not offered, server responded with higher version number ($detected_version_string) than requested by client" fileout "tls1_1" "CRITICAL" "TLSv1.1 is not offered, server responded with higher version number ($detected_version_string) than requested by client"
else else
prln_svrty_critical " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)" if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
fileout "tls1_1" "CRITICAL" "TLSv1.1: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}" prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
fileout "tls1_1" "CRITICAL" "TLSv1.1: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
else
prln_svrty_medium " -- strange, server ${DETECTED_TLS_VERSION}"
fileout "tls1_1" "MEDIUM" "TLSv1.1: server ${DETECTED_TLS_VERSION}"
fi
fi fi
;; ;;
5) outln "$supported_no_ciph1" 5) outln "$supported_no_ciph1"
@ -4104,8 +4119,13 @@ run_protocols() {
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client"
fileout "tls1_2" "CRITICAL" "TLSv1.2 is not offered, server responded with higher version number ($detected_version_string) than requested by client" fileout "tls1_2" "CRITICAL" "TLSv1.2 is not offered, server responded with higher version number ($detected_version_string) than requested by client"
else else
prln_svrty_critical " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}" if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
fileout "tls1_2" "CRITICAL" "TLSv1.2: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}" prln_svrty_critical "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
fileout "tls1_2" "CRITICAL" "TLSv1.2: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
else
prln_svrty_medium " -- strange, server ${DETECTED_TLS_VERSION}"
fileout "tls1_2" "MEDIUM" "TLSv1.2: server ${DETECTED_TLS_VERSION}"
fi
fi fi
;; ;;
5) outln "$supported_no_ciph1" 5) outln "$supported_no_ciph1"
@ -8089,13 +8109,16 @@ parse_tls_serverhello() {
if [[ $tls_serverhello_ascii_len -eq 0 ]]; then if [[ $tls_serverhello_ascii_len -eq 0 ]]; then
debugme echo "server hello empty, TCP connection closed" debugme echo "server hello empty, TCP connection closed"
DETECTED_TLS_VERSION="closed TCP connection "
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return 1 # no server hello received return 1 # no server hello received
elif [[ $tls_serverhello_ascii_len -lt 76 ]]; then elif [[ $tls_serverhello_ascii_len -lt 76 ]]; then
DETECTED_TLS_VERSION="reply malformed"
debugme echo "Malformed response" debugme echo "Malformed response"
return 1 return 1
elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then elif [[ "${tls_handshake_ascii:0:2}" != "02" ]]; then
# the ServerHello MUST be the first handshake message # the ServerHello MUST be the first handshake message
DETECTED_TLS_VERSION="reply contained no ServerHello"
debugme tmln_warning "The first handshake protocol message is not a ServerHello." debugme tmln_warning "The first handshake protocol message is not a ServerHello."
return 1 return 1
fi fi
@ -9903,7 +9926,7 @@ run_breach() {
local cwe="CWE-310" local cwe="CWE-310"
local hint="" local hint=""
[[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH" return 7 [[ $SERVICE != "HTTP" ]] && ! "$CLIENT_AUTH" && return 7
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for BREACH (HTTP compression) vulnerability " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for BREACH (HTTP compression) vulnerability " && outln
pr_bold " BREACH"; out " ($cve) " pr_bold " BREACH"; out " ($cve) "