TLSv1.2 versions of SNIUnderflow probe

WestpointLtd · Aug 27, 2016 · 38c921b · 38c921b
1 parent 671c5c9
commit 38c921b
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 0 deletions.
diff --git a/prober.py b/prober.py
@@ -100,6 +100,8 @@
     SNIOverflow12(),
     SNIOverflow12PFS(),
     SNIUnderflow(),
+    SNIUnderflow12(),
+    SNIUnderflow12PFS(),
     SecureRenegoOverflow(),
     SecureRenegoOverflow12(),
     SecureRenegoOverflow12PFS(),

diff --git a/probes.py b/probes.py
@@ -1033,6 +1033,17 @@ def make_sni_hello(self, name):
 
         return record
 
+
+class SNIUnderflow12(SNIUnderflow, NormalHandshake12):
+    '''As with SNIUnderflow, but in TLSv1.2 hello'''
+    pass
+
+
+class SNIUnderflow12PFS(SNIUnderflow, NormalHandshake12PFS):
+    '''As with SNIUnderflow, but in PFS TLSv1.2 hello'''
+    pass
+
+
 class SecureRenegoOverflow(NormalHandshake):
     '''Send secure renegotiation with data length exceeding stated size'''
 

diff --git a/tests/test_probes.py b/tests/test_probes.py
@@ -1652,6 +1652,56 @@ def test_test(self):
                           b'\x00\x00\x00'])
 
 
+class TestSNIUnderflow12(unittest.TestCase):
+    def test_test(self):
+        probe = SNIUnderflow12()
+        probe.ipaddress = b'example.com'
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.maxDiff = None
+        self.assertEqual(sock.sent_data,
+                         [b'\x16\x03\x01\x00j'
+                          b'\x01\x00\x00f'
+                          b'\x03\x03' +
+                          RANDOM_STR +
+                          b'\x00'
+                          b'\x00&' +
+                          DEFAULT_12_CIPHERS_STR +
+                          b'\x01\x00'
+                          b'\x00\x17'
+                          b'\x00\x00\x00\x13'
+                          b'\x00\x0e'
+                          b'\x00\x00\x0bexample.com'
+                          b'\x00\x00\x00'])
+
+
+class TestSNIUnderflow12PFS(unittest.TestCase):
+    def test_test(self):
+        probe = SNIUnderflow12PFS()
+        probe.ipaddress = b'example.com'
+        sock = MockSock()
+
+        probe.test(sock)
+
+        self.maxDiff = None
+        self.assertEqual(sock.sent_data,
+                         [b"\x16\x03\x01\x00\xa2"
+                          b"\x01\x00\x00\x9e"
+                          b"\x03\x03" +
+                          RANDOM_STR +
+                          b"\x00"
+                          b"\x00^" +
+                          DEFAULT_PFS_CIPHERS_STR +
+                          b'\x01\x00'
+                          b'\x00\x17'
+                          b'\x00\x00\x00\x13'
+                          b'\x00\x0e'
+                          b'\x00\x00\x0bexample.com'
+                          b'\x00\x00\x00'])
+
+
 class TestSecureRenegoOverflow(unittest.TestCase):
     def test_test(self):
         probe = SecureRenegoOverflow()