From 5874a722d8cbebae0d71f3377918f8f76322b934 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 19 Aug 2019 20:51:45 +0200
Subject: [PATCH] Binary string washer (0x00 bytes) (probably) after completed
 ClientHello

    This commit proactively tries to address cases where the server side
    adds Null Bytes after or during ClientHello in cases where it should be text only.

    Now VAR2=$(< $VAR1) is being replaced by VAR2=$(cat -v $VAR1) which is normally
    not best practice and also considered a useless use of "cat", see
    https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter.

    Especially with bash 3.2 (Mac OS X) AND when on the server side binary chars it
    was reported to not work ok, see #1292.

    Performance measurements showed no to barely measureable penalty (at max 1s displayed difference
    in 9 tries).
---
 testssl.sh | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 9200f39..3b88e45 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -1262,7 +1262,14 @@ strip_trailing_space() {
 # retrieve cipher from ServerHello (via openssl)
 get_cipher() {
      local cipher=""
-     local server_hello="$(< "$1")"
+     local server_hello="$(cat -v "$1")"
+     # This and two other following instances are not best practice and normally a useless use of "cat", see
+     # https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter
+     # However there seem to be cases where the preferred  $(< "$1")  logic has a problem.
+     # Esepcially with bash 3.2 (Mac OS X) and when on the server side binary chars
+     # are returned, see https://stackoverflow.com/questions/7427262/how-to-read-a-file-into-a-variable-in-shell#22607352
+     # and https://github.com/drwetter/testssl.sh/issues/1292
+     # Performance measurements showed no to barely measureable penalty (1s displayed in 9 tries).
 
      if [[ "$server_hello" =~ Cipher\ *:\ ([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]]; then
           cipher="${BASH_REMATCH##* }"
@@ -1275,7 +1282,7 @@ get_cipher() {
 # retrieve protocol from ServerHello (via openssl)
 get_protocol() {
      local protocol=""
-     local server_hello="$(< "$1")"
+     local server_hello="$(cat -v "$1")"
 
      if [[ "$server_hello" =~ Protocol\ *:\ (SSLv[23]|TLSv1(\.[0-3])?) ]]; then
           protocol="${BASH_REMATCH##* }"
@@ -6938,7 +6945,7 @@ tls_time() {
 # returns 0 if connect was successful, 1 if not
 #
 sclient_connect_successful() {
-     local server_hello="$(<"$2")"
+     local server_hello="$(cat -v "$2")"
      local re='Master-Key: ([^\
 ]*)'