Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix #1100: scenarios with -6 and --ip=<ipv6address>

Browse Source 
This PR fixes checks where those two cmdline options were supplied
but errorneously also the IPv4 address was tested.

It also lables supplied IPv6 addresses as AAAA records
instead of A records.

Still, determine_ip_addresses() has space for improvements.

Some comparisons fixed strings popped up during debugging were polished
to avoid internal quoting

[[ $VAR == "teststr" ]]

will be otherwise expanded to

[[ $VAR == \t\e\s\t\s\t\r ]]
This commit is contained in:
Dirk 2018-08-15 01:50:10 +02:00
parent 94828aed03
commit 89f7814f81
1 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
testssl.sh
View File

@ -16022,8 +16022,8 @@ determine_ip_addresses() {
if [[ -n "$CMDLINE_IP" ]]; then if [[ -n "$CMDLINE_IP" ]]; then
# command line has supplied an IP address or "one" # command line has supplied an IP address or "one"
if [[ "$CMDLINE_IP" == "one" ]]; then if [[ "$CMDLINE_IP" == one ]]; then
# use first IPv4 address # use first IPv4 or IPv6 address
CMDLINE_IP="$(head -1 <<< "$ip4")" CMDLINE_IP="$(head -1 <<< "$ip4")"
[[ -z "$CMDLINE_IP" ]] && CMDLINE_IP="$(head -1 <<< "$ip6")" [[ -z "$CMDLINE_IP" ]] && CMDLINE_IP="$(head -1 <<< "$ip6")"
fi fi
@ -16054,16 +16054,25 @@ determine_ip_addresses() {
fi fi
fi fi
if [[ -z "$ip4" ]]; then # IPv6 only address # IPv6 only address
if [[ -z "$ip4" ]]; then
if "$HAS_IPv6"; then if "$HAS_IPv6"; then
IPADDRs=$(newline_to_spaces "$ip6") IPADDRs=$(newline_to_spaces "$ip6")
IP46ADDRs="$IPADDRs" # IP46ADDRs are the ones to display, IPADDRs the ones to test IP46ADDRs="$IPADDRs" # IP46ADDRs are the ones to display, IPADDRs the ones to test
fi fi
else else
if "$HAS_IPv6" && [[ -n "$ip6" ]]; then if "$HAS_IPv6" && [[ -n "$ip6" ]]; then
IPADDRs=$(newline_to_spaces "$ip4 $ip6") if is_ipv6addr "$CMDLINE_IP"; then
IPADDRs=$(newline_to_spaces "$ip6")
else
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
fi
else else
IPADDRs=$(newline_to_spaces "$ip4") if is_ipv4addr "$CMDLINE_IP"; then
IPADDRs=$(newline_to_spaces "$ip4")
else
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
fi
fi fi
fi fi
if [[ -z "$IPADDRs" ]]; then if [[ -z "$IPADDRs" ]]; then
@ -16378,8 +16387,14 @@ display_rdns_etc() {
fi fi
if "$LOCAL_A"; then if "$LOCAL_A"; then
outln " A record via $CORRECT_SPACES /etc/hosts " outln " A record via $CORRECT_SPACES /etc/hosts "
elif "$LOCAL_AAAA"; then
outln " AAAA record via $CORRECT_SPACES /etc/hosts "
elif [[ -n "$CMDLINE_IP" ]]; then elif [[ -n "$CMDLINE_IP" ]]; then
outln " A record via $CORRECT_SPACES supplied IP \"$CMDLINE_IP\"" if is_ipv6addr $"$CMDLINE_IP"; then
outln " AAAA record via $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
else
outln " A record via $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
fi
fi fi
if [[ "$rDNS" =~ instructed ]]; then if [[ "$rDNS" =~ instructed ]]; then
out "$(printf " %-23s %s" "rDNS ($nodeip):")" out "$(printf " %-23s %s" "rDNS ($nodeip):")"
@ -16963,7 +16978,7 @@ query_globals() {
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_grease do_robot do_renego \ do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_grease do_robot do_renego \
do_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \ do_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do
[[ "${!gbl}" == "true" ]] && let true_nr++ [[ "${!gbl}" == true ]] && let true_nr++
done done
return $true_nr return $true_nr
} }
@ -17055,7 +17070,7 @@ parse_cmd_line() {
--ip|--ip=*) --ip|--ip=*)
CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")" CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift [[ $? -eq 0 ]] && shift
if [[ $CMDLINE_IP == "proxy" ]]; then if [[ "$CMDLINE_IP" == proxy ]]; then
DNS_VIA_PROXY=true DNS_VIA_PROXY=true
unset CMDLINE_IP unset CMDLINE_IP
fi fi
@ -17468,7 +17483,7 @@ parse_cmd_line() {
[[ -n "$2" ]] && fatal "URI comes last" $ERR_CMDLINE [[ -n "$2" ]] && fatal "URI comes last" $ERR_CMDLINE
fi fi
[[ $CMDLINE_IP == one ]] && [[ "$NODNS" == none ]] && fatal "\"--ip=one\" and \"--nodns=none\" don't work together" $ERR_CMDLINE [[ $CMDLINE_IP == one ]] && [[ "$NODNS" == none ]] && fatal "\"--ip=one\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
"$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE "$do_mx_all_ips" && [[ "$NODNS" == none ]] && fatal "\"--mx\" and \"--nodns=none\" don't work together" $ERR_CMDLINE
ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }" ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES//,/ }"
for fname in $ADDITIONAL_CA_FILES; do for fname in $ADDITIONAL_CA_FILES; do
@ -17642,7 +17657,7 @@ lets_roll() {
parse_cmd_line "$@" parse_cmd_line "$@"
# html_header() needs to be called early! Otherwise if html_out() is called before html_header() and the # html_header() needs to be called early! Otherwise if html_out() is called before html_header() and the
# command line contains --htmlfile <htmlfile> or --html, it'll make problems with html output, see #692. # command line contains --htmlfile <htmlfile> or --html, it'll make problems with html output, see #692.
# json_header and csv_header can be called later but for context reasons we'll leave it here # json_header and csv_header could be called later but for context reasons we'll leave it here
html_header html_header
json_header json_header
csv_header csv_header