Ticketbleed fix: shutting down the connection properly

In cases where the probes for reading memory from the server side were not
successful (=not vulnerable) the TCP connection was not shut down properly --
leading to and undefined state and probably causing problems to a consecutive
check. The server side then assumably from time to time just didn't return
anything which caused a integration test (t/08_isHTML_valid.t) to fail
randomly.

This PR properly terminates the TCP socket connection. Also, as sending the
close notification before closing the socket was duplicated in testssl.sh
that went to a separate function.

See comment in #1375:
https://github.com/drwetter/testssl.sh/pull/1375#issuecomment-554424814
This commit is contained in:
Dirk Wetter 2019-11-16 11:48:22 +01:00
parent fbca5d1b3e
commit 7747128c11

View File

@ -4505,12 +4505,7 @@ client_simulation_sockets() {
save=$?
if [[ $save -eq 0 ]]; then
debugme echo "sending close_notify..."
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
else
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
fi
send_close_notify "$DETECTED_TLS_VERSION"
fi
if [[ $DEBUG -ge 2 ]]; then
@ -10293,6 +10288,16 @@ close_socket(){
return 0
}
send_close_notify() {
local detected_tlsversion="$1"
debugme echo "sending close_notify..."
if [[ $detected_tlsversion == 0300 ]]; then
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
else
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
fi
}
# Format string properly for socket
# ARG1: any commented sequence of two bytes hex, separated by commas. It can contain comments, new lines, tabs and white spaces
@ -13593,14 +13598,8 @@ tls_sockets() {
parse_tls_serverhello "$tls_hello_ascii" "$process_full" "$cipher_list_2send"
save=$?
if "$close_connection" && [[ $save == 0 ]]; then
debugme echo "sending close_notify..."
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
else
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
fi
send_close_notify "$DETECTED_TLS_VERSION"
fi
if [[ $DEBUG -ge 2 ]]; then
@ -14131,17 +14130,21 @@ run_ticketbleed() {
echo "============================="
fi
if [[ "${tls_hello_ascii:0:2}" == "15" ]]; then
if [[ "${tls_hello_ascii:0:2}" == 15 ]]; then
debugme echo -n "TLS Alert ${tls_hello_ascii:10:4} (TLS version: ${tls_hello_ascii:2:4}) -- "
pr_svrty_best "not vulnerable (OK)"
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
send_close_notify "${tls_hello_ascii:18:4}"
close_socket
break
elif [[ -z "${tls_hello_ascii:0:2}" ]]; then
pr_svrty_best "not vulnerable (OK)"
out ", reply empty"
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
send_close_notify "${tls_hello_ascii:18:4}"
close_socket
break
elif [[ "${tls_hello_ascii:0:2}" == "16" ]]; then
elif [[ "${tls_hello_ascii:0:2}" == 16 ]]; then
early_exit=false
debugme echo -n "Handshake (TLS version: ${tls_hello_ascii:2:4}), "
if [[ "${tls_hello_ascii:10:6}" == 020000 ]]; then
@ -14166,14 +14169,11 @@ run_ticketbleed() {
pr_warning "test failed"
out " around line $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})"
fileout "$jsonID" "DEBUG" "test failed, around $LINENO (debug info: ${tls_hello_ascii:0:2}, ${tls_hello_ascii:2:10})" "$cve" "$cwe"
send_close_notify "${tls_hello_ascii:18:4}"
close_socket
break
fi
debugme echo "sending close_notify..."
if [[ ${tls_hello_ascii:18:4} == "0300" ]]; then
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
else
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
fi
send_close_notify "${tls_hello_ascii:18:4}"
close_socket
done