PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix a couple off-by-one errors in parsing multiple TLS records

Browse Source 
Reported by Kent Fritz: http://seclists.org/nmap-dev/2014/q4/104
This commit is contained in:
dmiller
2014-10-26 16:22:21 +00:00
parent c4ad3ff4d6
commit a1d984a66b
2 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/ssl-enum-ciphers.nse
View File

@@ -189,16 +189,16 @@ local function try_params(host, port, t)
-- Read response. -- Read response.
local buffer = "" local buffer = ""
local i, record = nil local i = 1
while true do while true do
local status status, buffer, err = tls.record_buffer(sock, buffer, i)
status, buffer, err = tls.record_buffer(sock, buffer, 1)
if not status then if not status then
ctx_log(1, t.protocol, "Couldn't read a TLS record: %s", err) ctx_log(1, t.protocol, "Couldn't read a TLS record: %s", err)
return nil return nil
end end
-- Parse response. -- Parse response.
i, record = tls.record_read(buffer, 1) local record
i, record = tls.record_read(buffer, i)
if record and record.type == "alert" and record.body[1].level == "warning" then if record and record.type == "alert" and record.body[1].level == "warning" then
ctx_log(1, t.protocol, "Ignoring warning: %s", record.body[1].description) ctx_log(1, t.protocol, "Ignoring warning: %s", record.body[1].description)
-- Try again. -- Try again.
@@ -206,7 +206,6 @@ local function try_params(host, port, t)
sock:close() sock:close()
return record return record
end end
buffer = buffer:sub(i+1)
end end
end end

9
scripts/ssl-poodle.nse
View File

@@ -112,16 +112,16 @@ local function try_params(host, port, t)
-- Read response. -- Read response.
local buffer = "" local buffer = ""
local i, record = nil local i = 1
while true do while true do
local status status, buffer, err = tls.record_buffer(sock, buffer, i)
status, buffer, err = tls.record_buffer(sock, buffer, 1)
if not status then if not status then
ctx_log(1, t.protocol, "Couldn't read a TLS record: %s", err) ctx_log(1, t.protocol, "Couldn't read a TLS record: %s", err)
return nil return nil
end end
-- Parse response. -- Parse response.
i, record = tls.record_read(buffer, 1) local record
i, record = tls.record_read(buffer, i)
if record and record.type == "alert" and record.body[1].level == "warning" then if record and record.type == "alert" and record.body[1].level == "warning" then
ctx_log(1, t.protocol, "Ignoring warning: %s", record.body[1].description) ctx_log(1, t.protocol, "Ignoring warning: %s", record.body[1].description)
-- Try again. -- Try again.
@@ -129,7 +129,6 @@ local function try_params(host, port, t)
sock:close() sock:close()
return record return record
end end
buffer = buffer:sub(i+1)
end end
end end