From e60cce9e1eed4c13bfddceb7cc23644f4cfcb7ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Ribeiro?= Date: Thu, 10 Oct 2019 04:54:47 +0100 Subject: [PATCH] Add quotes around CONNECT_TIMEOUT I don't want to add any unnecessary vulnerabilities... --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index df2bf97..d8075d0 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10173,7 +10173,7 @@ fd_socket() { break fi done - elif ! timeout $CONNECT_TIMEOUT bash -c "exec 3<>/dev/tcp/$nodeip/$PORT" || \ + elif ! timeout "$CONNECT_TIMEOUT" bash -c "exec 3<>/dev/tcp/$nodeip/$PORT" || \ ! exec 5<>/dev/tcp/$nodeip/$PORT; then # 2>/dev/null would remove an error message, but disables debugging ((NR_SOCKET_FAIL++)) connectivity_problem $NR_SOCKET_FAIL $MAX_SOCKET_FAIL "TCP connect problem" "repeated TCP connect problems, giving up"