Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add timeout for the client initiated renego loop

Browse Source 
Some site hang/block the connection after some renego reties
Example: https://feedback.amadeus.com

Hand written timeout logic because:
- we want to get the result of the command in case of normal exit
- we want to have working log fd redirection
- we want to known the timeout condition
This commit is contained in:
Emmanuel Fusté
2024-01-11 18:30:44 +01:00
parent d30d8e09f2
commit b793f54c3e
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
testssl.sh
View File

@@ -17074,13 +17074,23 @@ run_renego() {
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
else
(for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep 1; done) | \
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
pid=$!
( sleep $(($ssl_reneg_attempts*3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
watcher=$!
# Trick to get the return value of the openssl command, output redirection and a timeout. Yes, somme target hang/block after some tries.
wait $pid && pkill -HUP -P $watcher
tmp_result=$?
# If we are here, we have done two successful renegotiation (-2) and do the loop
loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE )-2))
# If we got less than 2/3 successful attempts during the loop with 1s pause, we are in presence of exponential backoff.
if [[ $loop_reneg -le $(($ssl_reneg_attempts*2/3)) ]]; then
tmp_result=2
if [[ -f $TEMPDIR/was_killed ]]; then
tmp_result=3
rm -f $TEMPDIR/was_killed
else
# If we got less than 2/3 successful attempts during the loop with 1s pause, we are in presence of exponential backoff.
if [[ $loop_reneg -le $(($ssl_reneg_attempts*2/3)) ]]; then
tmp_result=2
fi
fi
case $tmp_result in
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
@@ -17092,6 +17102,9 @@ run_renego() {
2) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated ($loop_reneg successful reneg within ${ssl_reneg_attempts} in ${ssl_reneg_attempts}s)"
fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
;;
3) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated ($loop_reneg successful reneg within ${ssl_reneg_attempts} in $((${ssl_reneg_attempts}*3))s(timeout))"
fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
;;
*) prln_warning "FIXME (bug): $sec_client_renego ($ssl_reneg_attempts tries)"
fileout "$jsonID" "DEBUG" "FIXME (bug $ssl_reneg_attempts tries) $sec_client_renego" "$cve" "$cwe"
ret=1