From 3b8b6516a7697d8b6d4cd87e253daa369fcdbf2a Mon Sep 17 00:00:00 2001
From: dmiller
Date: Mon, 14 May 2018 16:11:02 +0000
Subject: [PATCH] Fix infinite loop in tls-alpn when server is forcing a
Hello community,
here is the log from the commit of package nmap for openSUSE:Factory checked in at 2019-07-31 14:28:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nmap (Old)
and /work/SRC/openSUSE:Factory/.nmap.new.4126 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nmap"
Wed Jul 31 14:28:12 2019 rev:61 rq:719810 version:7.70
Changes:
--------
--- /work/SRC/openSUSE:Factory/nmap/nmap.changes 2019-05-03 22:48:10.820010783 +0200
+++ /work/SRC/openSUSE:Factory/.nmap.new.4126/nmap.changes 2019-07-31 14:28:14.002154145 +0200
@@ -1,0 +2,6 @@
+Tue Jul 30 10:28:34 UTC 2019 - Kristyna Streitova
+
+- add nmap-7.70-fix_infinite_loop.patch to fix infinite loop in
+ tls-alpn when server is forcing a protocol [bsc#1143277]
+
+-------------------------------------------------------------------
New:
----
nmap-7.70-fix_infinite_loop.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nmap.spec ++++++
--- /var/tmp/diff_new_pack.fOZDBW/_old 2019-07-31 14:28:15.138152050 +0200
+++ /var/tmp/diff_new_pack.fOZDBW/_new 2019-07-31 14:28:15.142152044 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -41,6 +41,7 @@
Patch3: su-to-zenmap.patch
Patch4: nmap-ncat-skip-network-tests.patch
Patch5: nmap-7.70-CVE-2018-15173_pcre_limits.patch
+Patch6: nmap-7.70-fix_infinite_loop.patch
BuildRequires: dos2unix
BuildRequires: fdupes
BuildRequires: gcc-c++
@@ -123,6 +124,7 @@
%endif
%patch4 -p1
%patch5 -p1
+%patch6 -p1
# use system provided libraries
rm -rf libpcap libpcre macosx mswin32
++++++ nmap-7.70-fix_infinite_loop.patch ++++++
protocol.
---
scripts/tls-alpn.nse | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/scripts/tls-alpn.nse b/scripts/tls-alpn.nse
index 307e1572c3..3f6387a2f5 100644
--- a/scripts/tls-alpn.nse
+++ b/scripts/tls-alpn.nse
@@ -112,13 +112,13 @@ local check_alpn = function(response)
if record.type == "handshake" and record.body[1].type == "server_hello" then
if record.body[1].extensions == nil then
- stdnse.debug1("Server does not support TLS ALPN extension.")
+ stdnse.debug1("Server did not return TLS ALPN extension.")
return nil
end
local results = {}
local alpndata = record.body[1].extensions[ALPN_NAME]
if alpndata == nil then
- stdnse.debug1("Server does not support TLS ALPN extension.")
+ stdnse.debug1("Server did not return TLS ALPN extension.")
return nil
end
-- Parse data
@@ -185,26 +185,26 @@ action = function(host, port)
local result = check_alpn(response)
if not result then
stdnse.debug1("None of %d protocols chosen", #alpn_protos)
- break
+ goto ALPN_DONE
end
for i, p in ipairs(result) do
if i > 1 then
stdnse.verbose1("Server violates RFC: sent additional protocol %s", p)
- end
- chosen[#chosen+1] = p
- if not find_and_remove(alpn_protos, p) then
- stdnse.debug1("Chosen ALPN protocol %s was not offered", p)
- if stdnse.contains(chosen, p) then
- stdnse.debug1("Server is forcing %s", p)
- break
+ else
+ chosen[#chosen+1] = p
+ if not find_and_remove(alpn_protos, p) then
+ stdnse.debug1("Chosen ALPN protocol %s was not offered", p)
+ -- Server is forcing this protocol, no need to continue offering.
+ goto ALPN_DONE
end
end
end
else
stdnse.debug1("Client hello failed with %d protocols", #alpn_protos)
- break
+ goto ALPN_DONE
end
end
+ ::ALPN_DONE::
if next(chosen) then
return chosen
end