- FIX garbled output for servers with a TLS reply on SSLv2 socket call

This commit is contained in:
Dirk 2015-03-13 12:20:19 +01:00
parent 1ca03e3ed9
commit dc05ff9b13

View File

@ -1446,7 +1446,7 @@ sockread_serverhello() {
[[ "x$2" = "x" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2 [[ "x$2" = "x" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
ret=0 ret=0
SOCK_REPLY_FILE=`mktemp /tmp/ddreply.XXXXXX` || exit 7 SOCK_REPLY_FILE=`mktemp $TEMPDIR/ddreply.XXXXXX` || exit 7
dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null & dd bs=$1 of=$SOCK_REPLY_FILE count=1 <&5 2>/dev/null &
pid=$! pid=$!
@ -1487,19 +1487,20 @@ display_sslv2serverhello() {
v2_hello_ascii=`hexdump -v -e '16/1 "%02X"' $1` v2_hello_ascii=`hexdump -v -e '16/1 "%02X"' $1`
[[ "$DEBUG" -ge 4 ]] && echo $v2_hello_ascii # one line without any blanks [[ "$DEBUG" -ge 4 ]] && echo $v2_hello_ascii # one line without any blanks
[[ -z $v2_hello_ascii ]] && return 0 # no server hello received if [[ -z $v2_hello_ascii ]] ; then
ret=0 # no server hello received
debugme echo "server hello empty"
else
# now scrape two bytes out of the reply per byte # now scrape two bytes out of the reply per byte
v2_hello_initbyte="${v2_hello_ascii:0:1}" # normally this belongs to the next, should be 8! v2_hello_initbyte="${v2_hello_ascii:0:1}" # normally this belongs to the next, should be 8!
v2_hello_length="${v2_hello_ascii:1:3}" # + 0x8000 see above v2_hello_length="${v2_hello_ascii:1:3}" # + 0x8000 see above
v2_hello_handshake="${v2_hello_ascii:4:2}" v2_hello_handshake="${v2_hello_ascii:4:2}"
v2_hello_cert_length="${v2_hello_ascii:14:4}" v2_hello_cert_length="${v2_hello_ascii:14:4}"
v2_hello_cipherspec_length="${v2_hello_ascii:18:4}" v2_hello_cipherspec_length="${v2_hello_ascii:18:4}"
V2_HELLO_CIPHERSPEC_LENGTH=`printf "%d\n" "0x$v2_hello_cipherspec_length"`
if [[ $v2_hello_initbyte != "8" ]] || [[ $v2_hello_handshake != "04" ]]; then if [[ $v2_hello_initbyte != "8" ]] || [[ $v2_hello_handshake != "04" ]]; then
[[ $DEBUG -ge 2 ]] && echo "$v2_hello_initbyte / $v2_hello_handshake" [[ $DEBUG -ge 2 ]] && echo "$v2_hello_initbyte / $v2_hello_handshake"
return 1 ret=1
fi fi
if [[ $DEBUG -ge 3 ]]; then if [[ $DEBUG -ge 3 ]]; then
@ -1507,7 +1508,11 @@ display_sslv2serverhello() {
echo "SSLv2 certificate length: 0x$v2_hello_cert_length" echo "SSLv2 certificate length: 0x$v2_hello_cert_length"
echo "SSLv2 cipher spec length: 0x$v2_hello_cipherspec_length" echo "SSLv2 cipher spec length: 0x$v2_hello_cipherspec_length"
fi fi
return 0
V2_HELLO_CIPHERSPEC_LENGTH=`printf "%d\n" "0x$v2_hello_cipherspec_length" 2>/dev/null`
[ $? -ne 0 ] && ret=7
fi
return $ret
} }
@ -1634,7 +1639,12 @@ sslv2_sockets() {
fi fi
display_sslv2serverhello "$SOCK_REPLY_FILE" display_sslv2serverhello "$SOCK_REPLY_FILE"
if [ $? -eq 7 ]; then
# strange reply
pr_litemagenta "strange v2 reply "
outln " (rerun with DEBUG=2)"
[[ $DEBUG -ge 2 ]] && hexdump -C $SOCK_REPLY_FILE | head -1
else
# see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL # see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL
lines=`cat "$SOCK_REPLY_FILE" 2>/dev/null | hexdump -C | wc -l` lines=`cat "$SOCK_REPLY_FILE" 2>/dev/null | hexdump -C | wc -l`
[[ "$DEBUG" -ge 2 ]] && out " ($lines lines) " [[ "$DEBUG" -ge 2 ]] && out " ($lines lines) "
@ -1651,6 +1661,7 @@ sslv2_sockets() {
pr_greenln "not offered (OK)" pr_greenln "not offered (OK)"
ret=0 ret=0
fi fi
fi
pr_off pr_off
close_socket close_socket
@ -2978,6 +2989,6 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.201 2015/03/09 07:07:40 dirkw Exp $ # $Id: testssl.sh,v 1.203 2015/03/13 11:20:18 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5