ctonerich / skipfish

Automatically exported from code.google.com/p/skipfish
Apache License 2.0
0 stars 0 forks source link

can not work with some https sites #70

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
i found skipfish-1.41b not all the https sites can be scanned , e.g.
https://shipit.ubuntu.com
https://secure.logmein.com/ 

environment:
Linux version 2.6.18-164.11.1.el5  (gcc version 4.1.2 Redhat)

Original issue reported on code.google.com by bsn0w...@gmail.com on 21 Jun 2010 at 1:20

GoogleCodeExporter commented 9 years ago
What's the symptom, specifically?

Original comment by lcam...@gmail.com on 21 Jun 2010 at 4:55

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
the first https response will not be finished for its last POLLIN event is 
droppped ,while scanning those sites,so the scan task will end after the 
timeout.

Original comment by bsn0w...@gmail.com on 22 Jun 2010 at 3:21

GoogleCodeExporter commented 9 years ago
Sorry for the delay. This proved to be a bit tricky, but should be fixed in 
1.48 beta.

Original comment by lcam...@gmail.com on 5 Jul 2010 at 10:46

GoogleCodeExporter commented 9 years ago
I have fixed this bug myself ,a little different with in 1.48beta.

     if (((p[i].revents & POLLIN) && !c->SSL_wr_w_rd) ||
          ((p[i].revents & POLLOUT) && c->SSL_rd_w_wr)) {

READ_AGAIN:
        if (c->q) {
          s32 read_res;
          u8 p_ret;

          c->read_buf = ck_realloc(c->read_buf, c->read_len + READ_CHUNK + 1);

          if (c->proto == PROTO_HTTPS) {
            s32 ssl_err;

            c->SSL_rd_w_wr = 0;

            read_res = SSL_read(c->srv_ssl, c->read_buf + c->read_len,
                                READ_CHUNK);

            if (!read_res) goto network_error;

            if (read_res < 0) {
              ssl_err = SSL_get_error(c->srv_ssl, read_res);
              if (ssl_err == SSL_ERROR_WANT_WRITE) c->SSL_rd_w_wr = 1;
              else if (ssl_err != SSL_ERROR_WANT_READ) goto network_error;
              read_res = 0;
            }

          } else {
            read_res = read(c->fd, c->read_buf + c->read_len, READ_CHUNK);
            if (read_res <= 0) goto network_error;
          }

          bytes_recv += read_res;

          c->read_len += read_res;
          c->read_buf = ck_realloc(c->read_buf, c->read_len + 1);

          c->read_buf[c->read_len] = 0; /* NUL-terminate for sanity. */

        /* the read buf has something left,so we read it again.
        */
        if(read_res == READ_CHUNK) goto READ_AGAIN;

          /* We force final parse_response() if response length exceeded
             size_limit by more than 4 kB. The assumption here is that
             it is less expensive to redo the connection than it is
             to continue receiving an unknown amount of extra data. */

          p_ret = parse_response(c->q->req, c->q->res, c->read_buf, c->read_len,
            (c->read_len > (size_limit + READ_CHUNK)) ? 0 : 1);

Original comment by bsn0w...@gmail.com on 7 Jul 2010 at 5:16