Closed Florian0301 closed 1 year ago
Thanks for the bug report. One question: did you compile nassl yourself or did you install it via pip ?
Thanks for your answer! nassl was previously always installed via pip. Just checked the versions of both sslyze and nassl in my venv. Tried upgrading them, but it always resulted in Error 2:
nassl==4.0.0
sslyze==4.1.0
nassl==4.0.2
sslyze==4.1.0
nassl==4.0.2
sslyze==5.0.2
Cloning nassl and running the following commands results in the Segmentation Fault aswell
pip install --upgrade pip setuptools wheel
pip install -r dev-requirements.txt
invoke build.all
invoke test
@Florian0301 Do you have a server I can test this on (or maybe a Docker image that's ready to go)? Otherwise I will not be able to fix this issue. Thanks!
Hi @nabla-c0d3 sorry for the delayed response, its been a few busy months.
The Segmentation Fault can be recreated on the Red Hat Universal Base Image 8:
docker pull redhat/ubi8
docker run -it redhat/ubi8:latest bash
Commands for copy/paste:
yum install python3.8
yum install git
git clone https://github.com/nabla-c0d3/sslyze.git
cd sslyze/
python3.8 -m venv venv
. venv/bin/activate
pip install --upgrade pip setuptools wheel
pip install -e .
pip install -r dev-requirements.txt
invoke test
Results in the following error output:
(venv) [root@3397be1a2e48 sslyze]# invoke test
============================= test session starts ==============================
platform linux -- Python 3.8.12, pytest-7.1.2, pluggy-1.0.0
rootdir: /sslyze
plugins: cov-3.0.0, Faker-13.15.1
collected 166 items
tests/test_main.py ... [ 1%]
tests/cli_tests/test_console_output.py ......... [ 7%]
tests/cli_tests/test_server_string_parser.py ........ [ 12%]
tests/json_tests/test_json_output.py ..... [ 15%]
tests/plugins_tests/test_compression_plugin.py .s. [ 16%]
tests/plugins_tests/test_early_data_plugin.py ... [ 18%]
tests/plugins_tests/test_elliptic_curves_plugin.py FF [ 19%]
tests/plugins_tests/test_fallback_scsv_plugin.py .Fatal Python error: Segmentation fault
Current thread 0x00007f1106ffd700 (most recent call first):
File "/sslyze/venv/lib64/python3.8/site-packages/nassl/ssl_client.py", line 182 in do_handshake
File "/sslyze/sslyze/connection_helpers/tls_connection.py", line 294 in connect
File "/sslyze/sslyze/plugins/fallback_scsv_plugin.py", line 102 in _test_scsv
File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 57 in run
File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 80 in _worker
File "/usr/lib64/python3.8/threading.py", line 870 in run
File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap
Thread 0x00007f1105ffb700 (most recent call first):
File "/sslyze/tests/openssl_server/__init__.py", line 41 in read_and_log_and_reply
File "/usr/lib64/python3.8/threading.py", line 870 in run
File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap
Thread 0x00007f11067fc700 (most recent call first):
File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 78 in _worker
File "/usr/lib64/python3.8/threading.py", line 870 in run
File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap
Thread 0x00007f11037f6700 (most recent call first):
File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 78 in _worker
File "/usr/lib64/python3.8/threading.py", line 870 in run
File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap
Thread 0x00007f11a77ca100 (most recent call first):
File "/usr/lib64/python3.8/threading.py", line 302 in wait
File "/usr/lib64/python3.8/concurrent/futures/_base.py", line 439 in result
File "/sslyze/sslyze/plugins/plugin_base.py", line 112 in scan_server
File "/sslyze/tests/plugins_tests/test_fallback_scsv_plugin.py", line 41 in test_fallback_bad
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/python.py", line 192 in pytest_pyfunc_call
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/python.py", line 1761 in runtest
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 166 in pytest_runtest_call
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 259 in <lambda>
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 338 in from_call
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 258 in call_runtest_hook
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 219 in call_and_report
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 130 in runtestprotocol
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 111 in pytest_runtest_protocol
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 347 in pytest_runtestloop
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 322 in _main
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 268 in wrap_session
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 315 in pytest_cmdline_main
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/config/__init__.py", line 164 in main
File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/config/__init__.py", line 187 in console_main
File "/sslyze/venv/bin/pytest", line 8 in <module>
Confirmed that nassl 5.1.0 fixes the issue. After setting up SSLyze on redhat/ubi8 (instructions above):
$ pip install nassl==5.1.0
$ pytest tests/ -k scsv
[...]
======== 4 passed, 162 deselected in 2.27s =========
With nassl 5.0.1:
$ pip install nassl==5.0.1
$ pytest tests/ -k scsv
[...]
Segmentation fault
Fixed in v5.2.0.
To Reproduce Steps to reproduce the behavior:
Expected behavior Tests succeed
Python environment
Additional context When trying to scan a local apache webserver using
python -m sslyze [webserver cname]
with SSLyze version 4.1.0, which was previously installed using pip, or with the latest version from git, a segmentation fault happens aswell.gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname]
results in error 2Error
Error 2