From be073e6134edd1faa1dd8a6e42ec62c430ff1eab Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 28 Oct 2019 10:06:21 -0400 Subject: [PATCH] Fix parse_tls_serverhello() bug This PR fixes a minor bug in parse_tls_serverhello(). In some cases the server's entire response is not retrieved. In these cases, it is possible that the response from the server ends with a portion of a handshake message. The loop at the beginning of parse_tls_serverhello() extracts the various handshake and alert messages from the server's response. If it gets to the end of the response, and what is at the end is not a complete message, it should just ignore that fragment and break out of the loop. At the moment, however, parse_tls_serverhello() just continues in the loop rather than breaking out. This has not been a problem up to now, since $msg_len is usually set to a positive value from a previous iteration of the loop, which causes the loop to end. In the case of the server identified in #1353, however, $msg_len is 0 and so the continue rather than break results in an endless loop. --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 738d7c3..4fa64b8 100755 --- a/testssl.sh +++ b/testssl.sh @@ -11527,7 +11527,7 @@ parse_tls_serverhello() { else # This could just be a result of the server's response being # split across two or more packets. - continue + break fi fi tls_content_type="${tls_hello_ascii:i:2}"