From d8b439e48c24b60855a92cb9dae5ea5455cccd74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20Fust=C3=A9?= <efuste@boardofcyber.io>
Date: Mon, 4 Nov 2024 20:53:07 +0100
Subject: [PATCH] Address a theorically still possible non HTTP case

---
 testssl.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 1391175..6fc1069 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -17200,7 +17200,7 @@ run_renego() {
                # Connection could be closed by the server with 0 return value. We do one more iteration to not close
                # s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
                # See https://github.com/drwetter/testssl.sh/issues/2590
-               # In this case the added iteration is harmfull as it will just spin in backgroup
+               # In this case the added iteration is harmless as it will just spin in backgroup
                for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \
                    # 0 means client is renegotiating & doesn't return an error --> vuln!
                    # 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
@@ -17230,11 +17230,16 @@ run_renego() {
           if (tail -5 $TMPFILE| grep -qa '^closed'); then
                tmp_result=1
           fi
+          # timeout reached ?
           if [[ -f $TEMPDIR/was_killed ]]; then
                tmp_result=2
                rm -f $TEMPDIR/was_killed
           fi
           if [[ $SERVICE != HTTP ]]; then
+               # theoric possible case
+               if [[ $loop_reneg -eq 2 ]];
+                    $tmp_result=0
+               fi
                case $tmp_result in
                     0) pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
                        fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"