Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 05:45:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

- trying to address #640 . Better a bit pessimistic here...

Browse Source
This commit is contained in:
Dirk
2017-02-20 09:44:52 +01:00
parent c284185c56
commit bfbaba4ea7
1 changed files with 21 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
testssl.sh
View File

@@ -9350,9 +9350,6 @@ run_ccs_injection(){
if [[ $DEBUG -ge 3 ]]; then if [[ $DEBUG -ge 3 ]]; then
outln "\n1st reply: " outln "\n1st reply: "
hexdump -C "$SOCK_REPLY_FILE" | head -20 hexdump -C "$SOCK_REPLY_FILE" | head -20
# ok: 15 | 0301 | 02 | 02 | 0a
# ALERT | TLS 1.0 | Length=2 | Unexpected Message (0a)
# or just timed out
outln outln
out "sending payload #2 with TLS version $tls_hexcode: " out "sending payload #2 with TLS version $tls_hexcode: "
fi fi
@@ -9372,29 +9369,38 @@ run_ccs_injection(){
outln outln
fi fi
# not ok: 15 | 0301 | 02 | 02 | 15 # in general, see https://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol
# https://tools.ietf.org/html/rfc5246#section-7.2
#
# not ok fo CCSI: 15 | 0301 | 00 02 | 02 15
# ALERT | TLS 1.0 | Length=2 | Decryption failed (21) # ALERT | TLS 1.0 | Length=2 | Decryption failed (21)
# #
# ok: 0a or nothing: ==> RST # ok: nothing: ==> RST
#
# 0A: Unexpected message
# 28: Handshake failure
if [[ -z "${tls_hello_ascii:0:12}" ]]; then if [[ -z "${tls_hello_ascii:0:12}" ]]; then
# empty reply # empty reply
pr_done_best "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
if [[ $retval -eq 3 ]]; then if [[ $retval -eq 3 ]]; then
### what?
fileout "ccs" "OK" "CCS: not vulnerable (timed out)" "$cve" "$cwe" fileout "ccs" "OK" "CCS: not vulnerable (timed out)" "$cve" "$cwe"
else else
fileout "ccs" "OK" "CCS: not vulnerable" "$cve" "$cwe" fileout "ccs" "OK" "CCS: not vulnerable" "$cve" "$cwe"
fi fi
ret=0 ret=0
elif [[ "$byte6" == "15" ]] && [[ "${tls_hello_ascii:0:4}" == "1503" ]]; then elif [[ "$byte6" == "15" ]] && [[ "${tls_hello_ascii:0:4}" == "1503" ]]; then
# decyption failed received
pr_svrty_critical "VULNERABLE (NOT ok)" pr_svrty_critical "VULNERABLE (NOT ok)"
if [[ $retval -eq 3 ]]; then
fileout "ccs" "CRITICAL" "CCS: VULNERABLE (timed out)" "$cve" "$cwe" "$hint"
else
fileout "ccs" "CRITICAL" "CCS: VULNERABLE" "$cve" "$cwe" "$hint" fileout "ccs" "CRITICAL" "CCS: VULNERABLE" "$cve" "$cwe" "$hint"
fi
ret=1 ret=1
elif [[ "${tls_hello_ascii:0:4}" == "1503" ]]; then
if [[ "$byte6" == "0A" ]] || [[ "$byte6" == "28" ]]; then
# Unexpected message / Handshake failure received
pr_warning "likely "
out "not vulnerable (OK)"
out " - alert description type: $byte6"
fileout "ccs" "WARN" "CCS: probably not vulnerable but received 0x${byte6} instead of 0x15" "$cve" "$cwe" "$hint"
fi
elif [[ "$byte6" == [0-9a-f][0-9a-f] ]] && [[ "${tls_hello_ascii:2:2}" != "03" ]]; then elif [[ "$byte6" == [0-9a-f][0-9a-f] ]] && [[ "${tls_hello_ascii:2:2}" != "03" ]]; then
pr_warning "test failed" pr_warning "test failed"
out ", probably read buffer too small (${tls_hello_ascii:0:14})" out ", probably read buffer too small (${tls_hello_ascii:0:14})"
@@ -9402,8 +9408,8 @@ run_ccs_injection(){
ret=7 ret=7
else else
pr_warning "test failed " pr_warning "test failed "
out "around line $LINENO (debug info: ${tls_hello_ascii:0:14})" out "around line $LINENO (debug info: ${tls_hello_ascii:0:12},$byte6)"
fileout "ccs" "WARN" "CCS: test failed, around line $LINENO, debug info (${tls_hello_ascii:0:14})" "$cve" "$cwe" "$hint" fileout "ccs" "WARN" "CCS: test failed, around line $LINENO, debug info (${tls_hello_ascii:0:12},$byte6)" "$cve" "$cwe" "$hint"
ret=7 ret=7
fi fi
outln outln