mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Cleanup stuff in run_starttls_injection() and more
run_starttls_injection(): * kill background openssl process when not needed anymore * kill background socat process when not needed anymore * close socket add line in help() for STARTTLS injection Furthermore: * for close_socket() calls always add the fd (atm not needed) * in help() rather advertise --BB instead of -BB
This commit is contained in:
parent
32b5219206
commit
5560e17b01
53
testssl.sh
53
testssl.sh
@ -4638,7 +4638,7 @@ client_simulation_sockets() {
|
|||||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||||
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
|
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
|
||||||
elif [[ $ret -eq 1 ]] || [[ $ret -eq 6 ]]; then
|
elif [[ $ret -eq 1 ]] || [[ $ret -eq 6 ]]; then
|
||||||
close_socket
|
close_socket 5
|
||||||
TMPFILE=$SOCK_REPLY_FILE
|
TMPFILE=$SOCK_REPLY_FILE
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd
|
tmpfile_handle ${FUNCNAME[0]}.dd
|
||||||
return $ret
|
return $ret
|
||||||
@ -4720,7 +4720,7 @@ client_simulation_sockets() {
|
|||||||
debugme tmln_out
|
debugme tmln_out
|
||||||
fi
|
fi
|
||||||
|
|
||||||
close_socket
|
close_socket 5
|
||||||
TMPFILE=$SOCK_REPLY_FILE
|
TMPFILE=$SOCK_REPLY_FILE
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd
|
tmpfile_handle ${FUNCNAME[0]}.dd
|
||||||
return $ret
|
return $ret
|
||||||
@ -10690,14 +10690,14 @@ fd_socket() {
|
|||||||
read -t $PROXY_WAIT -r proyxline <&5
|
read -t $PROXY_WAIT -r proyxline <&5
|
||||||
if [[ $? -ge 128 ]]; then
|
if [[ $? -ge 128 ]]; then
|
||||||
pr_warning "Proxy timed out. Unable to CONNECT via proxy. "
|
pr_warning "Proxy timed out. Unable to CONNECT via proxy. "
|
||||||
close_socket
|
close_socket 5
|
||||||
return 6
|
return 6
|
||||||
elif [[ "${proyxline%/*}" == HTTP ]]; then
|
elif [[ "${proyxline%/*}" == HTTP ]]; then
|
||||||
proyxline=${proyxline#* }
|
proyxline=${proyxline#* }
|
||||||
if [[ "${proyxline%% *}" != 200 ]]; then
|
if [[ "${proyxline%% *}" != 200 ]]; then
|
||||||
pr_warning "Unable to CONNECT via proxy. "
|
pr_warning "Unable to CONNECT via proxy. "
|
||||||
[[ "$PORT" != 443 ]] && prln_warning "Check whether your proxy supports port $PORT and the underlying protocol."
|
[[ "$PORT" != 443 ]] && prln_warning "Check whether your proxy supports port $PORT and the underlying protocol."
|
||||||
close_socket
|
close_socket 5
|
||||||
return 6
|
return 6
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -10782,7 +10782,11 @@ fd_socket() {
|
|||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# arg1: socket fd but atm we use 5 anyway, see comment for fd_socket()
|
||||||
|
#
|
||||||
close_socket(){
|
close_socket(){
|
||||||
|
local fd="$1"
|
||||||
|
|
||||||
exec 5<&-
|
exec 5<&-
|
||||||
exec 5>&-
|
exec 5>&-
|
||||||
return 0
|
return 0
|
||||||
@ -14257,7 +14261,7 @@ sslv2_sockets() {
|
|||||||
parse_sslv2_serverhello "$SOCK_REPLY_FILE" "$parse_complete"
|
parse_sslv2_serverhello "$SOCK_REPLY_FILE" "$parse_complete"
|
||||||
ret=$?
|
ret=$?
|
||||||
|
|
||||||
close_socket
|
close_socket 5
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
@ -15009,7 +15013,7 @@ tls_sockets() {
|
|||||||
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
|
||||||
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
|
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
|
||||||
elif [[ $ret -eq 1 ]] || [[ $ret -eq 6 ]]; then
|
elif [[ $ret -eq 1 ]] || [[ $ret -eq 6 ]]; then
|
||||||
close_socket
|
close_socket 5
|
||||||
TMPFILE=$SOCK_REPLY_FILE
|
TMPFILE=$SOCK_REPLY_FILE
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd
|
tmpfile_handle ${FUNCNAME[0]}.dd
|
||||||
return $ret
|
return $ret
|
||||||
@ -15181,7 +15185,7 @@ tls_sockets() {
|
|||||||
debugme echo "stuck on sending: $ret"
|
debugme echo "stuck on sending: $ret"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
"$close_connection" && close_socket
|
"$close_connection" && close_socket 5
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
@ -15387,7 +15391,7 @@ run_heartbleed(){
|
|||||||
fi
|
fi
|
||||||
outln
|
outln
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
||||||
close_socket
|
close_socket 5
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -15577,7 +15581,7 @@ run_ccs_injection(){
|
|||||||
outln
|
outln
|
||||||
|
|
||||||
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
tmpfile_handle ${FUNCNAME[0]}.dd $SOCK_REPLY_FILE
|
||||||
close_socket
|
close_socket 5
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -15784,14 +15788,14 @@ run_ticketbleed() {
|
|||||||
pr_svrty_best "not vulnerable (OK)"
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
send_close_notify "${tls_hello_ascii:18:4}"
|
send_close_notify "${tls_hello_ascii:18:4}"
|
||||||
close_socket
|
close_socket 5
|
||||||
break
|
break
|
||||||
elif [[ -z "${tls_hello_ascii:0:2}" ]]; then
|
elif [[ -z "${tls_hello_ascii:0:2}" ]]; then
|
||||||
pr_svrty_best "not vulnerable (OK)"
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
out ", reply empty"
|
out ", reply empty"
|
||||||
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
send_close_notify "${tls_hello_ascii:18:4}"
|
send_close_notify "${tls_hello_ascii:18:4}"
|
||||||
close_socket
|
close_socket 5
|
||||||
break
|
break
|
||||||
elif [[ "${tls_hello_ascii:0:2}" == 16 ]]; then
|
elif [[ "${tls_hello_ascii:0:2}" == 16 ]]; then
|
||||||
early_exit=false
|
early_exit=false
|
||||||
@ -15819,11 +15823,11 @@ run_ticketbleed() {
|
|||||||
out " around line $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})"
|
out " around line $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})"
|
||||||
fileout "$jsonID" "DEBUG" "test failed, around $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})" "$cve" "$cwe"
|
fileout "$jsonID" "DEBUG" "test failed, around $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})" "$cve" "$cwe"
|
||||||
send_close_notify "${tls_hello_ascii:18:4}"
|
send_close_notify "${tls_hello_ascii:18:4}"
|
||||||
close_socket
|
close_socket 5
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
send_close_notify "${tls_hello_ascii:18:4}"
|
send_close_notify "${tls_hello_ascii:18:4}"
|
||||||
close_socket
|
close_socket 5
|
||||||
done
|
done
|
||||||
|
|
||||||
if ! "$early_exit"; then
|
if ! "$early_exit"; then
|
||||||
@ -17790,7 +17794,8 @@ run_tls_truncation() {
|
|||||||
run_starttls_injection() {
|
run_starttls_injection() {
|
||||||
local uds=""
|
local uds=""
|
||||||
local openssl_bin=""
|
local openssl_bin=""
|
||||||
local -i socat_pid=424242
|
local -i socat_pid
|
||||||
|
local -i openssl_pid
|
||||||
local cve=""
|
local cve=""
|
||||||
local cwe="CWE-74"
|
local cwe="CWE-74"
|
||||||
local hint=""
|
local hint=""
|
||||||
@ -17828,8 +17833,9 @@ run_starttls_injection() {
|
|||||||
fi
|
fi
|
||||||
# normally the interesting fallback we grep later for is in fd2 but we'll catch all here
|
# normally the interesting fallback we grep later for is in fd2 but we'll catch all here
|
||||||
$openssl_bin s_client -unix $uds >$TMPFILE 2>&1 &
|
$openssl_bin s_client -unix $uds >$TMPFILE 2>&1 &
|
||||||
|
openssl_pid=$!
|
||||||
sleep 1
|
sleep 1
|
||||||
kill $socat_pid
|
|
||||||
[[ "$DEBUG" -ge 4 ]] && cat $TMPFILE
|
[[ "$DEBUG" -ge 4 ]] && cat $TMPFILE
|
||||||
if grep -Eqa '^250-|^503 ' $TMPFILE; then
|
if grep -Eqa '^250-|^503 ' $TMPFILE; then
|
||||||
out "likely "
|
out "likely "
|
||||||
@ -17839,8 +17845,12 @@ run_starttls_injection() {
|
|||||||
prln_svrty_good "not vulnerable (OK)"
|
prln_svrty_good "not vulnerable (OK)"
|
||||||
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
fi
|
fi
|
||||||
tmpfile_handle ${FUNCNAME[0]}.txt
|
|
||||||
|
|
||||||
|
kill $socat_pid
|
||||||
|
kill $openssl_pid
|
||||||
|
close_socket 5
|
||||||
|
|
||||||
|
tmpfile_handle ${FUNCNAME[0]}.txt
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -18346,7 +18356,7 @@ run_robot() {
|
|||||||
else
|
else
|
||||||
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
|
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
|
||||||
fi
|
fi
|
||||||
close_socket
|
close_socket 5
|
||||||
prln_fixme "Conversion of public key failed around line $((LINENO - 9))"
|
prln_fixme "Conversion of public key failed around line $((LINENO - 9))"
|
||||||
fileout "$jsonID" "WARN" "Conversion of public key failed around line $((LINENO - 10)) "
|
fileout "$jsonID" "WARN" "Conversion of public key failed around line $((LINENO - 10)) "
|
||||||
return 1
|
return 1
|
||||||
@ -18400,7 +18410,7 @@ run_robot() {
|
|||||||
fi
|
fi
|
||||||
debugme echo -e "\nresponse[$testnum] = ${response[testnum]}"
|
debugme echo -e "\nresponse[$testnum] = ${response[testnum]}"
|
||||||
[[ $DEBUG -ge 3 ]] && [[ $subret -eq 0 ]] && parse_tls_serverhello "${response[testnum]}"
|
[[ $DEBUG -ge 3 ]] && [[ $subret -eq 0 ]] && parse_tls_serverhello "${response[testnum]}"
|
||||||
close_socket
|
close_socket 5
|
||||||
|
|
||||||
# Don't continue testing if it has already been determined that
|
# Don't continue testing if it has already been determined that
|
||||||
# tests need to be rerun with a longer timeout.
|
# tests need to be rerun with a longer timeout.
|
||||||
@ -18921,7 +18931,8 @@ single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
|
|||||||
-H, --heartbleed tests for Heartbleed vulnerability
|
-H, --heartbleed tests for Heartbleed vulnerability
|
||||||
-I, --ccs, --ccs-injection tests for CCS injection vulnerability
|
-I, --ccs, --ccs-injection tests for CCS injection vulnerability
|
||||||
-T, --ticketbleed tests for Ticketbleed vulnerability in BigIP loadbalancers
|
-T, --ticketbleed tests for Ticketbleed vulnerability in BigIP loadbalancers
|
||||||
-BB, --robot tests for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability
|
--BB, --robot tests for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability
|
||||||
|
--SI, --starttls-injection tests for STARTTLS injection issues
|
||||||
-R, --renegotiation tests for renegotiation vulnerabilities
|
-R, --renegotiation tests for renegotiation vulnerabilities
|
||||||
-C, --compression, --crime tests for CRIME vulnerability (TLS compression issue)
|
-C, --compression, --crime tests for CRIME vulnerability (TLS compression issue)
|
||||||
-B, --breach tests for BREACH vulnerability (HTTP compression issue)
|
-B, --breach tests for BREACH vulnerability (HTTP compression issue)
|
||||||
@ -20240,7 +20251,7 @@ determine_service() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
close_socket
|
close_socket 5
|
||||||
|
|
||||||
outln
|
outln
|
||||||
if [[ -z "$1" ]]; then
|
if [[ -z "$1" ]]; then
|
||||||
@ -21545,7 +21556,7 @@ parse_cmd_line() {
|
|||||||
do_ticketbleed=true
|
do_ticketbleed=true
|
||||||
let "VULN_COUNT++"
|
let "VULN_COUNT++"
|
||||||
;;
|
;;
|
||||||
-BB|--robot)
|
-BB|--BB|--robot)
|
||||||
do_robot=true
|
do_robot=true
|
||||||
;;
|
;;
|
||||||
-R|--renegotiation)
|
-R|--renegotiation)
|
||||||
|
Loading…
Reference in New Issue
Block a user