Red Hat Linux: Segmentation Fault when trying to scan local apache server

[Florian0301]

To Reproduce Steps to reproduce the behavior:

1. Install latest SSLyze version using git clone
2. Create and activate python3.9 venv
3. Follow the steps: https://github.com/nabla-c0d3/sslyze/tree/5.0.0#development-environment
4. See error

Expected behavior Tests succeed

Python environment

• OS: RHEL 8.5
• Python version: 3.9.6
• OpenSSL 1.1.1k FIPS 25 Mar 2021
• update-crypto-policies --show: LEGACY

Additional context When trying to scan a local apache webserver using python -m sslyze [webserver cname] with SSLyze version 4.1.0, which was previously installed using pip, or with the latest version from git, a segmentation fault happens aswell. gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname] results in error 2

Error

# invoke test
============================= test session starts ==============================
platform linux -- Python 3.9.6, pytest-6.2.5, py-1.11.0, pluggy-1.0.0
rootdir: /opt/testsslyze/sslyze
plugins: Faker-13.0.0, cov-3.0.0
collected 163 items

tests/test_main.py .                                                     [  0%]
tests/cli_tests/test_console_output.py .........                         [  6%]
tests/cli_tests/test_server_string_parser.py ........                    [ 11%]
tests/json_tests/test_json_output.py .....                               [ 14%]
tests/plugins_tests/test_compression_plugin.py Fs.                       [ 15%]
tests/plugins_tests/test_early_data_plugin.py ...                        [ 17%]
tests/plugins_tests/test_elliptic_curves_plugin.py FF                    [ 19%]
tests/plugins_tests/test_fallback_scsv_plugin.py FFFF                    [ 21%]
tests/plugins_tests/test_heartbleed_plugin.py FF...                      [ 24%]
tests/plugins_tests/test_http_headers_plugin.py FFF........              [ 31%]
tests/plugins_tests/test_openssl_ccs_injection_plugin.py FF...           [ 34%]
tests/plugins_tests/test_robot_plugin.py Fs.                             [ 36%]
tests/plugins_tests/test_scan_commands.py .                              [ 36%]
tests/plugins_tests/test_session_renegotiation_plugin.py F..F            [ 39%]
tests/plugins_tests/test_session_resumption_plugin.py FF..               [ 41%]
tests/plugins_tests/certificate_info/test_certificate_algorithms.py ..FF [ 44%]
F                                                                        [ 44%]
tests/plugins_tests/certificate_info/test_certificate_info_plugin.py FFF [ 46%]
FFFsFFFFFF.                                                              [ 53%]
tests/plugins_tests/certificate_info/test_certificate_utils.py ......    [ 57%]
tests/plugins_tests/certificate_info/test_cli_connector.py F             [ 57%]
tests/plugins_tests/certificate_info/test_json.py F                      [ 58%]
tests/plugins_tests/certificate_info/test_symantec.py ...                [ 60%]
tests/plugins_tests/certificate_info/test_trust_store_repository.py .F   [ 61%]
tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py .        [ 61%]
tests/plugins_tests/openssl_cipher_suites/test_cli_connector.py F        [ 62%]
tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py F [ 63%]
FFFFFFFFFFFFFatal Python error: Segmentation fault

Current thread 0x00007f4d107e0700 (most recent call first):
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/nassl/ssl_client.py", line 319 in get_ephemeral_key
  File "/opt/testsslyze/sslyze/sslyze/plugins/openssl_cipher_suites/_test_cipher_suite.py", line 56 in connect_with_cipher_suite
  File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 52 in run
  File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 77 in _worker
  File "/usr/lib64/python3.9/threading.py", line 910 in run
  File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
  File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap

Thread 0x00007f4d117e2700 (most recent call first):
  File "/opt/testsslyze/sslyze/tests/openssl_server/__init__.py", line 44 in read_and_log_and_reply
  File "/usr/lib64/python3.9/threading.py", line 910 in run
  File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
  File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap

Thread 0x00007f4d71b66100 (most recent call first):
  File "/usr/lib64/python3.9/threading.py", line 312 in wait
  File "/usr/lib64/python3.9/concurrent/futures/_base.py", line 440 in result
  File "/opt/testsslyze/sslyze/sslyze/plugins/plugin_base.py", line 115 in scan_server
  File "/opt/testsslyze/sslyze/tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py", line 321 in test_sslv3_enabled
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 183 in pytest_pyfunc_call
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 1641 in runtest
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 162 in pytest_runtest_call
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 255 in <lambda>
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 311 in from_call
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 254 in call_runtest_hook
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 215 in call_and_report
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 126 in runtestprotocol
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 109 in pytest_runtest_protocol
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 348 in pytest_runtestloop
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 323 in _main
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 269 in wrap_session
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 316 in pytest_cmdline_main
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 162 in main
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 185 in console_main
  File "/opt/testsslyze/venv/bin/pytest", line 8 in <module>

Error 2

# gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname]
...
[Thread 0x7fffcf7fe700 (LWP 366897) exited]
   [webserver cname]:443   => 10.225.76.137   WARNING: Server requested optional client authentication

Thread 15 "python" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffefc80700 (LWP 366902)]
nassl_SSL_get_dh_info (self=<optimized out>) at nassl/_nassl/nassl_SSL.c:861
861     nassl/_nassl/nassl_SSL.c: No such file or directory.

[nabla-c0d3]

Thanks for the bug report. One question: did you compile nassl yourself or did you install it via pip ?

[Florian0301]

Thanks for your answer! nassl was previously always installed via pip. Just checked the versions of both sslyze and nassl in my venv. Tried upgrading them, but it always resulted in Error 2:

nassl==4.0.0
sslyze==4.1.0

nassl==4.0.2
sslyze==4.1.0

nassl==4.0.2
sslyze==5.0.2

Cloning nassl and running the following commands results in the Segmentation Fault aswell

pip install --upgrade pip setuptools wheel
pip install -r dev-requirements.txt

invoke build.all
invoke test

[nabla-c0d3]

@Florian0301 Do you have a server I can test this on (or maybe a Docker image that's ready to go)? Otherwise I will not be able to fix this issue. Thanks!

[Florian0301]

Hi @nabla-c0d3 sorry for the delayed response, its been a few busy months.

The Segmentation Fault can be recreated on the Red Hat Universal Base Image 8:

docker pull redhat/ubi8
docker run -it redhat/ubi8:latest bash

Commands for copy/paste:

yum install python3.8
yum install git
git clone https://github.com/nabla-c0d3/sslyze.git
cd sslyze/
python3.8 -m venv venv
. venv/bin/activate
pip install --upgrade pip setuptools wheel
pip install -e .
pip install -r dev-requirements.txt
invoke test

Results in the following error output:

(venv) [root@3397be1a2e48 sslyze]# invoke test
============================= test session starts ==============================
platform linux -- Python 3.8.12, pytest-7.1.2, pluggy-1.0.0
rootdir: /sslyze
plugins: cov-3.0.0, Faker-13.15.1
collected 166 items

tests/test_main.py ...                                                   [  1%]
tests/cli_tests/test_console_output.py .........                         [  7%]
tests/cli_tests/test_server_string_parser.py ........                    [ 12%]
tests/json_tests/test_json_output.py .....                               [ 15%]
tests/plugins_tests/test_compression_plugin.py .s.                       [ 16%]
tests/plugins_tests/test_early_data_plugin.py ...                        [ 18%]
tests/plugins_tests/test_elliptic_curves_plugin.py FF                    [ 19%]
tests/plugins_tests/test_fallback_scsv_plugin.py .Fatal Python error: Segmentation fault

Current thread 0x00007f1106ffd700 (most recent call first):
  File "/sslyze/venv/lib64/python3.8/site-packages/nassl/ssl_client.py", line 182 in do_handshake
  File "/sslyze/sslyze/connection_helpers/tls_connection.py", line 294 in connect
  File "/sslyze/sslyze/plugins/fallback_scsv_plugin.py", line 102 in _test_scsv
  File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 57 in run
  File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 80 in _worker
  File "/usr/lib64/python3.8/threading.py", line 870 in run
  File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
  File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap

Thread 0x00007f1105ffb700 (most recent call first):
  File "/sslyze/tests/openssl_server/__init__.py", line 41 in read_and_log_and_reply
  File "/usr/lib64/python3.8/threading.py", line 870 in run
  File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
  File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap

Thread 0x00007f11067fc700 (most recent call first):
  File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 78 in _worker
  File "/usr/lib64/python3.8/threading.py", line 870 in run
  File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
  File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap

Thread 0x00007f11037f6700 (most recent call first):
  File "/usr/lib64/python3.8/concurrent/futures/thread.py", line 78 in _worker
  File "/usr/lib64/python3.8/threading.py", line 870 in run
  File "/usr/lib64/python3.8/threading.py", line 932 in _bootstrap_inner
  File "/usr/lib64/python3.8/threading.py", line 890 in _bootstrap

Thread 0x00007f11a77ca100 (most recent call first):
  File "/usr/lib64/python3.8/threading.py", line 302 in wait
  File "/usr/lib64/python3.8/concurrent/futures/_base.py", line 439 in result
  File "/sslyze/sslyze/plugins/plugin_base.py", line 112 in scan_server
  File "/sslyze/tests/plugins_tests/test_fallback_scsv_plugin.py", line 41 in test_fallback_bad
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/python.py", line 192 in pytest_pyfunc_call
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/python.py", line 1761 in runtest
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 166 in pytest_runtest_call
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 259 in <lambda>
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 338 in from_call
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 258 in call_runtest_hook
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 219 in call_and_report
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 130 in runtestprotocol
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/runner.py", line 111 in pytest_runtest_protocol
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 347 in pytest_runtestloop
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 322 in _main
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 268 in wrap_session
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/main.py", line 315 in pytest_cmdline_main
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/sslyze/venv/lib64/python3.8/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/config/__init__.py", line 164 in main
  File "/sslyze/venv/lib64/python3.8/site-packages/_pytest/config/__init__.py", line 187 in console_main
  File "/sslyze/venv/bin/pytest", line 8 in <module>

[nabla-c0d3]

Confirmed that nassl 5.1.0 fixes the issue. After setting up SSLyze on redhat/ubi8 (instructions above):

$ pip install nassl==5.1.0
$ pytest tests/ -k scsv
[...]
======== 4 passed, 162 deselected in 2.27s =========

With nassl 5.0.1:

$ pip install nassl==5.0.1
$ pytest tests/ -k scsv
[...]
Segmentation fault

[nabla-c0d3]

Fixed in v5.2.0.