From 9447c8c866300a639b69e1457ca99531e72b97ff Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Thu, 27 Jan 2022 18:35:40 +0100 Subject: [PATCH] Amends LDAP + STARTTLS / rename sockread_serverhello() This commit adds parsing the success value of the STARTTLS upgrade in LDAP. Only possible values whould be 0 or one according to RFC 2380. All values not equal to zero will terminate the check. Also, this PR renames sockread_serverhello() to sockread() as the word serverhello is pretty misleading. It just reads from ANY socket. (sorry to confuse people here, that should have gone into a separate PR). Also sockread() and sockread_fast() are better documented. --- testssl.sh | 55 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/testssl.sh b/testssl.sh index 74a640c..3f4cb69 100755 --- a/testssl.sh +++ b/testssl.sh @@ -4728,7 +4728,7 @@ client_simulation_sockets() { socksend_clienthello "${data}" sleep $USLEEP_SND - sockread_serverhello 32768 + sockread 32768 tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}" @@ -4758,7 +4758,7 @@ client_simulation_sockets() { debugme echo -n "requesting more server hello data... " socksend "" $USLEEP_SND - sockread_serverhello 32768 + sockread 32768 next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") next_packet="${next_packet%%[!0-9A-F]*}" @@ -11094,10 +11094,12 @@ starttls_postgres_dialog() { return $ret } + # RFC 2830 starttls_ldap_dialog() { local debugpad=" > " local -i ret=0 + local result="" local starttls_init=", x30, x1d, x02, x01, # LDAP extendedReq x01, # messageID: 1 @@ -11106,15 +11108,20 @@ starttls_ldap_dialog() { debugme echo "=== starting LDAP STARTTLS dialog ===" socksend "${starttls_init}" 0 && debugme echo "${debugpad}initiated STARTTLS" && - starttls_just_read 1 "read succeeded" + result=$(sockread_fast 256) + [[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $result\n" # response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00 - # ^^ == success! That [9] should be checked also! - - ret=$? + # ^^ == success! [9] is checked below + if [[ ${result:18:2} == 00 ]]; then + ret=0 + elif [[ ${result:18:2} == 01 ]]; then + ret=1 + else + ret=127 + fi debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ===" return $ret - } starttls_mysql_dialog() { @@ -11346,9 +11353,11 @@ socksend() { } -# for SSLv2 to TLS 1.2: +# Reads from socket. Uses SOCK_REPLY_FILE global to save socket reply +# Not blocking, polling # ARG1: blocksize for reading -sockread_serverhello() { +# +sockread() { [[ -z "$2" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2 SOCK_REPLY_FILE=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7 dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null & @@ -11356,8 +11365,10 @@ sockread_serverhello() { return $? } -#trying a faster version +# Reads from socket. Utilises a pipe. Output is ASCII. +# Faster as previous, blocks however when socket stream is empty # ARG1: blocksize for reading +# sockread_fast() { dd bs=$1 count=1 <&5 2>/dev/null | hexdump -v -e '16/1 "%02X"' } @@ -14743,7 +14754,7 @@ sslv2_sockets() { debugme echo -n "sending client hello... " socksend_clienthello "$client_hello" - sockread_serverhello 32768 + sockread 32768 if "$parse_complete"; then if [[ -s "$SOCK_REPLY_FILE" ]]; then server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") @@ -14756,7 +14767,7 @@ sslv2_sockets() { debugme echo -n "requesting more server hello data... " socksend "" $USLEEP_SND - sockread_serverhello 32768 + sockread 32768 [[ ! -s "$SOCK_REPLY_FILE" ]] && break cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2" @@ -15476,7 +15487,7 @@ resend_if_hello_retry_request() { done debugme echo -n "sending client hello... " socksend_clienthello "$data" $USLEEP_SND - sockread_serverhello 32768 + sockread 32768 return 2 } @@ -15531,7 +15542,7 @@ tls_sockets() { # if sending didn't succeed we don't bother if [[ $ret -eq 0 ]]; then clienthello1="$TLS_CLIENT_HELLO" - sockread_serverhello 32768 + sockread 32768 "$TLS_DIFFTIME_SET" && TLS_NOW=$(LC_ALL=C date "+%s") tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") @@ -15571,7 +15582,7 @@ tls_sockets() { debugme echo -n "requesting more server hello data... " socksend "" $USLEEP_SND - sockread_serverhello 32768 + sockread 32768 next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") next_packet="${next_packet%%[!0-9A-F]*}" @@ -15785,7 +15796,7 @@ receive_app_data() { if "$FAST_SOCKET"; then res="$(sockread_fast 32768)" else - sockread_serverhello 32768 + sockread 32768 res="$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")" fi res="${res%%[!0-9A-F]*}" @@ -15878,7 +15889,7 @@ run_heartbleed(){ [[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:" socksend "$heartbleed_payload" 1 - sockread_serverhello 16384 $HEARTBLEED_MAX_WAITSOCK + sockread 16384 $HEARTBLEED_MAX_WAITSOCK if [[ $? -eq 3 ]]; then append=", timed out" pr_svrty_best "not vulnerable (OK)"; out "$append" @@ -16015,7 +16026,7 @@ run_ccs_injection(){ socksend "$client_hello" 1 debugme echo "reading server hello... " - sockread_serverhello 32768 + sockread 32768 if [[ $DEBUG -ge 4 ]]; then hexdump -C "$SOCK_REPLY_FILE" | head -20 tmln_out "[...]" @@ -16024,7 +16035,7 @@ run_ccs_injection(){ rm "$SOCK_REPLY_FILE" # ... and then send the change cipher spec message socksend "$ccs_message" 1 || ok_ids - sockread_serverhello 4096 $CCS_MAX_WAITSOCK + sockread 4096 $CCS_MAX_WAITSOCK if [[ $DEBUG -ge 3 ]]; then tmln_out "\n1st reply: " hexdump -C "$SOCK_REPLY_FILE" | head -20 @@ -16034,7 +16045,7 @@ run_ccs_injection(){ rm "$SOCK_REPLY_FILE" socksend "$ccs_message" 2 || ok_ids - sockread_serverhello 4096 $CCS_MAX_WAITSOCK + sockread 4096 $CCS_MAX_WAITSOCK retval=$? tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") @@ -16307,7 +16318,7 @@ run_ticketbleed() { if "$FAST_SOCKET"; then tls_hello_ascii=$(sockread_fast 32768) else - sockread_serverhello 32768 $CCS_MAX_WAITSOCK + sockread 32768 $CCS_MAX_WAITSOCK tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") fi [[ "$DEBUG" -ge 5 ]] && echo "$tls_hello_ascii" @@ -19185,7 +19196,7 @@ run_robot() { fi debugme echo "reading server error response..." start_time=$(LC_ALL=C date "+%s") - sockread_serverhello 32768 $robottimeout + sockread 32768 $robottimeout subret=$? if [[ $subret -eq 0 ]]; then end_time=$(LC_ALL=C date "+%s")