opensourcemirror
/
testssl.sh
mirror of https://github.com/drwetter/testssl.sh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Binary string washer (0x00 bytes) (probably) after completed ClientHello 

This commit proactively tries to address cases where the server side
    adds Null Bytes after or during ClientHello in cases where it should be text only.

    Now VAR2=$(< $VAR1) is being replaced by VAR2=$(cat -v $VAR1) which is normally
    not best practice and also considered a useless use of "cat", see
    https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter.

    Especially with bash 3.2 (Mac OS X) AND when on the server side binary chars it
    was reported to not work ok, see #1292.

    Performance measurements showed no to barely measureable penalty (at max 1s displayed difference
    in 9 tries).
This commit is contained in:
Dirk Wetter 2019-08-19 20:51:45 +02:00
parent 92654b2899
commit 5874a722d8
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@ -1262,7 +1262,14 @@ strip_trailing_space() {
# retrieve cipher from ServerHello (via openssl)
get_cipher() {
local cipher=""
local server_hello="$(< "$1")"
local server_hello="$(cat -v "$1")"
# This and two other following instances are not best practice and normally a useless use of "cat", see
# https://web.archive.org/web/20160711205930/http://porkmail.org/era/unix/award.html#uucaletter
# However there seem to be cases where the preferred $(< "$1") logic has a problem.
# Esepcially with bash 3.2 (Mac OS X) and when on the server side binary chars
# are returned, see https://stackoverflow.com/questions/7427262/how-to-read-a-file-into-a-variable-in-shell#22607352
# and https://github.com/drwetter/testssl.sh/issues/1292
# Performance measurements showed no to barely measureable penalty (1s displayed in 9 tries).
if [[ "$server_hello" =~ Cipher\ *:\ ([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]]; then
cipher="${BASH_REMATCH##* }"
@ -1275,7 +1282,7 @@ get_cipher() {
# retrieve protocol from ServerHello (via openssl)
get_protocol() {
local protocol=""
local server_hello="$(< "$1")"
local server_hello="$(cat -v "$1")"
if [[ "$server_hello" =~ Protocol\ *:\ (SSLv[23]|TLSv1(\.[0-3])?) ]]; then
protocol="${BASH_REMATCH##* }"
@ -6938,7 +6945,7 @@ tls_time() {
# returns 0 if connect was successful, 1 if not
#
sclient_connect_successful() {
local server_hello="$(<"$2")"
local server_hello="$(cat -v "$2")"
local re='Master-Key: ([^\
]*)'