You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sslyze hangs/crashes for the CCS injection plugin in some cases. While debugging I found that it's trapped in the following loop in openssl_ccs_injection.py:
whileTrue:
try:
tls_record, len_consumed=TlsRecordParser.parse_bytes(remaining_bytes)
remaining_bytes=remaining_bytes[len_consumed::]
exceptNotEnoughData:
# Try to get more datatry:
raw_ssl_bytes=self._sock.recv(16381)
exceptsocket.error:
# Server closed the connection after receiving the CCS payloadraiseNotVulnerableToCcsInjection()
[...]
It seems that some SSL services just stop sending data (unfortunately I have no sample for you and I don't know why they behave that way), therefore "raw_ssl_bytes = self._sock.recv(16381)" never collects enough data to proceed. Since timeouts don't affect this code, it just keeps looping. I've also found that in same rare cases the parent sslyze process returns, but the children are not terminated, however, I have not been able to reproduce that reliably.
Since other plugins work pretty much the same way, they may also be affected in such a scenario. Maybe you could add some timeout here?
The text was updated successfully, but these errors were encountered:
Sslyze hangs/crashes for the CCS injection plugin in some cases. While debugging I found that it's trapped in the following loop in openssl_ccs_injection.py:
It seems that some SSL services just stop sending data (unfortunately I have no sample for you and I don't know why they behave that way), therefore "raw_ssl_bytes = self._sock.recv(16381)" never collects enough data to proceed. Since timeouts don't affect this code, it just keeps looping. I've also found that in same rare cases the parent sslyze process returns, but the children are not terminated, however, I have not been able to reproduce that reliably.
Since other plugins work pretty much the same way, they may also be affected in such a scenario. Maybe you could add some timeout here?
The text was updated successfully, but these errors were encountered: