Amends LDAP + STARTTLS / rename sockread_serverhello()

This commit adds parsing the success value of the STARTTLS upgrade in LDAP. Only possible values whould be 0 or one according to RFC 2380. All values not equal to zero will terminate the check. Also, this PR renames sockread_serverhello() to sockread() as the word serverhello is pretty misleading. It just reads from ANY socket. (sorry to confuse people here, that should have gone into a separate PR). Also sockread() and sockread_fast() are better documented.
2025-10-31 13:55:25 +01:00 · 2022-01-27 18:35:40 +01:00
parent 6bd0d9eba0
commit 9ec1ca30ba
1 changed files with 33 additions and 22 deletions
--- a/testssl.sh
+++ b/testssl.sh
@@ -4728,7 +4728,7 @@ client_simulation_sockets() {
     socksend_clienthello "${data}"
     sleep $USLEEP_SND

-     sockread_serverhello 32768
+     sockread 32768
     tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
     tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"

@@ -4758,7 +4758,7 @@ client_simulation_sockets() {

          debugme echo -n "requesting more server hello data... "
          socksend "" $USLEEP_SND
-          sockread_serverhello 32768
+          sockread 32768

          next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
          next_packet="${next_packet%%[!0-9A-F]*}"
@@ -11094,10 +11094,12 @@ starttls_postgres_dialog() {
     return $ret
 }

+
 # RFC 2830
 starttls_ldap_dialog() {
     local debugpad="  > "
     local -i ret=0
+     local result=""
     local starttls_init=",
     x30, x1d, x02, x01,                                                             # LDAP extendedReq
     x01,                                                                            # messageID: 1
@@ -11106,15 +11108,20 @@ starttls_ldap_dialog() {

     debugme echo "=== starting LDAP STARTTLS dialog ==="
     socksend "${starttls_init}"   0    && debugme echo "${debugpad}initiated STARTTLS" &&
-     starttls_just_read            1    "read succeeded"
+     result=$(sockread_fast 256)
+     [[ $DEBUG -ge 6 ]] && safe_echo "$debugpad $result\n"

     # response is typically 30 0c 02 01 01 78 07 0a 01 00 04 00 04 00
-     #                                                  ^^ == success!  That [9] should be checked also!
-
-     ret=$?
+     #                                                  ^^ == success!  [9] is checked below
+     if [[ ${result:18:2} == 00 ]]; then
+          ret=0
+     elif [[ ${result:18:2} == 01 ]]; then
+          ret=1
+     else
+          ret=127
+     fi
     debugme echo "=== finished LDAP STARTTLS dialog with ${ret} ==="
     return $ret
-
 }

 starttls_mysql_dialog() {
@@ -11346,9 +11353,11 @@ socksend() {
 }


-# for SSLv2 to TLS 1.2:
+# Reads from socket. Uses SOCK_REPLY_FILE global to save socket reply
+# Not blocking, polling
 # ARG1: blocksize for reading
-sockread_serverhello() {
+#
+sockread() {
     [[ -z "$2" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
     SOCK_REPLY_FILE=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
     dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null &
@@ -11356,8 +11365,10 @@ sockread_serverhello() {
     return $?
 }

-#trying a faster version
+# Reads from socket. Utilises a pipe. Output is ASCII.
+# Faster as previous, blocks however when socket stream is empty
 # ARG1: blocksize for reading
+#
 sockread_fast() {
     dd bs=$1 count=1 <&5 2>/dev/null | hexdump -v -e '16/1 "%02X"'
 }
@@ -14743,7 +14754,7 @@ sslv2_sockets() {
     debugme echo -n "sending client hello... "
     socksend_clienthello "$client_hello"

-     sockread_serverhello 32768
+     sockread 32768
     if "$parse_complete"; then
          if [[ -s "$SOCK_REPLY_FILE" ]]; then
               server_hello=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -14756,7 +14767,7 @@ sslv2_sockets() {

                    debugme echo -n "requesting more server hello data... "
                    socksend "" $USLEEP_SND
-                    sockread_serverhello 32768
+                    sockread 32768

                    [[ ! -s "$SOCK_REPLY_FILE" ]] && break
                    cat "$SOCK_REPLY_FILE" >> "$sock_reply_file2"
@@ -15476,7 +15487,7 @@ resend_if_hello_retry_request() {
     done
     debugme echo -n "sending client hello... "
     socksend_clienthello "$data" $USLEEP_SND
-     sockread_serverhello 32768
+     sockread 32768
     return 2
 }

@@ -15531,7 +15542,7 @@ tls_sockets() {
     # if sending didn't succeed we don't bother
     if [[ $ret -eq 0 ]]; then
          clienthello1="$TLS_CLIENT_HELLO"
-          sockread_serverhello 32768
+          sockread 32768
          "$TLS_DIFFTIME_SET" && TLS_NOW=$(LC_ALL=C date "+%s")

          tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -15571,7 +15582,7 @@ tls_sockets() {

                    debugme echo -n "requesting more server hello data... "
                    socksend "" $USLEEP_SND
-                    sockread_serverhello 32768
+                    sockread 32768

                    next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
                    next_packet="${next_packet%%[!0-9A-F]*}"
@@ -15785,7 +15796,7 @@ receive_app_data() {
               if "$FAST_SOCKET"; then
                    res="$(sockread_fast 32768)"
               else
-                    sockread_serverhello 32768
+                    sockread 32768
                    res="$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")"
               fi
               res="${res%%[!0-9A-F]*}"
@@ -15878,7 +15889,7 @@ run_heartbleed(){

     [[ $DEBUG -ge 4 ]] && tmln_out "\nsending payload with TLS version $tls_hexcode:"
     socksend "$heartbleed_payload" 1
-     sockread_serverhello 16384 $HEARTBLEED_MAX_WAITSOCK
+     sockread 16384 $HEARTBLEED_MAX_WAITSOCK
     if [[ $? -eq 3 ]]; then
          append=", timed out"
          pr_svrty_best "not vulnerable (OK)"; out "$append"
@@ -16015,7 +16026,7 @@ run_ccs_injection(){
     socksend "$client_hello" 1

     debugme echo "reading server hello... "
-     sockread_serverhello 32768
+     sockread 32768
     if [[ $DEBUG -ge 4 ]]; then
          hexdump -C "$SOCK_REPLY_FILE" | head -20
          tmln_out "[...]"
@@ -16024,7 +16035,7 @@ run_ccs_injection(){
     rm "$SOCK_REPLY_FILE"
 # ... and then send the change cipher spec message
     socksend "$ccs_message" 1 || ok_ids
-     sockread_serverhello 4096 $CCS_MAX_WAITSOCK
+     sockread 4096 $CCS_MAX_WAITSOCK
     if [[ $DEBUG -ge 3 ]]; then
          tmln_out "\n1st reply: "
          hexdump -C "$SOCK_REPLY_FILE" | head -20
@@ -16034,7 +16045,7 @@ run_ccs_injection(){
     rm "$SOCK_REPLY_FILE"

     socksend "$ccs_message" 2 || ok_ids
-     sockread_serverhello 4096 $CCS_MAX_WAITSOCK
+     sockread 4096 $CCS_MAX_WAITSOCK
     retval=$?

     tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
@@ -16307,7 +16318,7 @@ run_ticketbleed() {
          if "$FAST_SOCKET"; then
               tls_hello_ascii=$(sockread_fast 32768)
          else
-               sockread_serverhello 32768 $CCS_MAX_WAITSOCK
+               sockread 32768 $CCS_MAX_WAITSOCK
               tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
          fi
          [[ "$DEBUG" -ge 5 ]] && echo "$tls_hello_ascii"
@@ -19185,7 +19196,7 @@ run_robot() {
               fi
               debugme echo "reading server error response..."
               start_time=$(LC_ALL=C date "+%s")
-               sockread_serverhello 32768 $robottimeout
+               sockread 32768 $robottimeout
               subret=$?
               if [[ $subret -eq 0 ]]; then
                    end_time=$(LC_ALL=C date "+%s")