Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix run_heartbleed()

Browse Source 
When the server's response to the ClientHello message (i.e., the ServerHello, Certificate, ServerHelloDone) is split across more than one packet, the current call to tls_sockets() in run_heartbleed() only retrieves the first packet. As a result, sometimes when run_heartbleed() believes that it is reading the response to the Heartbleed payload it is actually reading the continuation of the response to the ClientHello message.

This PR fixes the problem by indicating in the call to tls_sockets() that the ephemeral key is needed. This causes tls_sockets() to continue requesting additional packets until it receives the ServerHelloDone.
This commit is contained in:
David Cooper 2017-11-17 16:15:37 -05:00 committed by GitHub
parent 98f4f28017
commit 9db0a8f78c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@ -10157,7 +10157,7 @@ run_heartbleed(){
debugme echo "using protocol $tls_hexcode"
heartbleed_payload=", x18, $tls_hexcode, x00, x03, x01, x40, x00"
tls_sockets "${tls_hexcode:6:2}" "" "" "" "" "false"
tls_sockets "${tls_hexcode:6:2}" "" "ephemeralkey" "" "" "false"
[[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:"
socksend "$heartbleed_payload" 1