Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix client simulation bug

Browse Source 
This PR fixes a bug in modify_clienthello() that occurs when client simulation is being performed, the ClientHello contain an SNI extension, and $SNI is empty. In the case, modify_clienthello() should just skip over the SNI extension and not include one in the modified ClientHello. However, the code currently only skips over the 2-byte extension type. The result being that the remainder of the extension is included in the modified ClientHello. This PR fixes the problem by ensuring the $offset is advanced whether or not $SNI is empty.
This commit is contained in:
David Cooper
2019-10-23 11:03:52 -04:00
committed by GitHub
parent 3c18262389
commit 73edf6fa8e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@@ -4303,7 +4303,7 @@ modify_clienthello() {
offset+=4 offset+=4
for (( 1; offset < tls_handshake_ascii_len; 1 )); do for (( 1; offset < tls_handshake_ascii_len; 1 )); do
extension_type="${tls_handshake_ascii:$offset:4}" extension_type="${tls_handshake_ascii:$offset:4}"
offset+=+4 offset+=4
len_extension=2*$(hex2dec "${tls_handshake_ascii:$offset:4}") len_extension=2*$(hex2dec "${tls_handshake_ascii:$offset:4}")
if [[ "$extension_type" == 0000 ]] && [[ -z "$new_key_share" ]]; then if [[ "$extension_type" == 0000 ]] && [[ -z "$new_key_share" ]]; then
@@ -4320,8 +4320,8 @@ modify_clienthello() {
len_sni_listlen=$(printf "%02x\n" $((len_servername+3))) len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
len_sni_ext=$(printf "%02x\n" $((len_servername+5))) len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
tls_extensions+="000000${len_sni_ext}00${len_sni_listlen}0000${len_servername_hex}${servername_hexstr}" tls_extensions+="000000${len_sni_ext}00${len_sni_listlen}0000${len_servername_hex}${servername_hexstr}"
offset+=$len_extension+4
fi fi
offset+=$len_extension+4
elif [[ "$extension_type" != 00$KEY_SHARE_EXTN_NR ]] || [[ -z "$new_key_share" ]]; then elif [[ "$extension_type" != 00$KEY_SHARE_EXTN_NR ]] || [[ -z "$new_key_share" ]]; then
# If this is in response to a HelloRetryRequest, then do # If this is in response to a HelloRetryRequest, then do
# not copy over the old key_share extension, but # not copy over the old key_share extension, but