Address a theorically still possible non HTTP case

2025-10-31 13:55:25 +01:00 · 2024-11-04 20:53:07 +01:00
parent 09719a322b
commit d8b439e48c
1 changed files with 6 additions and 1 deletions
--- a/testssl.sh
+++ b/testssl.sh
@@ -17200,7 +17200,7 @@ run_renego() {
               # Connection could be closed by the server with 0 return value. We do one more iteration to not close
               # s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
               # See https://github.com/drwetter/testssl.sh/issues/2590
-               # In this case the added iteration is harmfull as it will just spin in backgroup
+               # In this case the added iteration is harmless as it will just spin in backgroup
               for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
                   # 0 means client is renegotiating & doesn't return an error --> vuln!
                   # 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
@@ -17230,11 +17230,16 @@ run_renego() {
          if (tail -5 $TMPFILE| grep -qa '^closed'); then
               tmp_result=1
          fi
+          # timeout reached ?
          if [[ -f $TEMPDIR/was_killed ]]; then
               tmp_result=2
               rm -f $TEMPDIR/was_killed
          fi
          if [[ $SERVICE != HTTP ]]; then
+               # theoric possible case
+               if [[ $loop_reneg -eq 2 ]];
+                    $tmp_result=0
+               fi
               case $tmp_result in
                    0) pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
                       fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"