Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uncaught TypeError while handling "Network is unreachable" exception (OS Error 101) leads to crash #672

Open
msecrfe opened this issue Nov 2, 2024 · 2 comments
Open

Uncaught TypeError while handling "Network is unreachable" exception (OS Error 101) leads to crash #672

msecrfe opened this issue Nov 2, 2024 · 2 comments

Comments

@msecrfe
Copy link

msecrfe commented Nov 2, 2024

Describe the bug
When network connectivity changes during an ongoing scan with SSLyze and the network briefly becomes unavailable (e.g. because you plug in and plug out the Ethernet cable, or because the WiFi is shortly disconnected, or because a virtual machine network interface is detached and reattached), the following chain of exceptions happens:

  1. nassl._nassl.WantReadError (nassl/ssl_client.py", line 193, in do_handshake)
  2. OSError: [Errno 101] Network is unreachable (sslyze/connection_helpers/tls_connection.py", line 298, in connect self.ssl_client.do_handshake())
  3. TypeError: argument of type 'int' is not iterable (sslyze/connection_helpers/tls_connection.py", line 318, in connect if "Nassl SSL handshake failed" in e.args[0])

The root cause seems to be that, as the Exceptions/Errors are passed from steps 1 and 2 to 3, the exception handling in step 3 assumes that e.args[0] is a str. In the case of the above two exceptions, however, it is an int.

To Reproduce
Steps to reproduce the behavior:

  1. Install SSLyze 6.0 using pip
  2. Run a scan on many targets, such that SSLyze will run for a while
  3. Disconnect and reconnect the network connection/interface over which the SSLyze scan is running

Expected behavior
Error handling should not assume that e.args[0] is iterable (specifically a string). A type check should be implemented before checking for substring memership with in in e.args[0]

Python environment (please complete the following information):

  • OS: Kali
  • Python version: 3.12
  • SSLyze: 6.0.0

Additional context
Trace:

Exception in thread Thread-16623:
Traceback (most recent call last):
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/nassl/ssl_client.py", line 193, in do_handshake
    self._ssl.do_handshake()
nassl._nassl.WantReadError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/sslyze/connection_helpers/tls_connection.py", line 298, in connect
    self.ssl_client.do_handshake()
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/nassl/ssl_client.py", line 201, in do_handshake
    self._flush_ssl_engine()
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/nassl/ssl_client.py", line 288, in _flush_ssl_engine
    self._sock.send(encrypted_data)
OSError: [Errno 101] Network is unreachable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.12/threading.py", line 1075, in _bootstrap_inner
    self.run()
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/sslyze/scanner/_mass_connectivity_tester.py", line 120, in run
    tls_probing_result = check_connectivity_to_server(
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/sslyze/server_connectivity.py", line 74, in check_connectivity_to_server
    tls_detection_result = _detect_support_for_tls_1_3(
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/sslyze/server_connectivity.py", line 244, in _detect_support_for_tls_1_3
    ssl_connection.connect(should_retry_connection=False)
  File "/home/<snip>/.cache/pypoetry/virtualenvs/<snip>-py3.12/lib/python3.12/site-packages/sslyze/connection_helpers/tls_connection.py", line 318, in connect
    if "Nassl SSL handshake failed" in e.args[0]:
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: argument of type 'int' is not iterable
msecrfe added a commit to msecrfe/sslyze that referenced this issue Nov 2, 2024
@msecrfe
nabla-c0d3#672-fix-type-issue-while-handling-network-exception
73a4ff6
@msecrfe msecrfe mentioned this issue Nov 2, 2024
Open
@msecrfe
Copy link
Author

msecrfe commented Nov 2, 2024

I just commited one suggested fix with a pull request. There is a different one that might be more resilient because it makes fewer assumptions about e.args:

-            if "Nassl SSL handshake failed" in e.args[0]:
+            if "Nassl SSL handshake failed" in str(e.args):

That way you can perform the string comparison on the stringified array and it is ensured that a) the match happens no matter which index the error message is at, and b) you do not need to check for types.

msecrfe added a commit to msecrfe/sslyze that referenced this issue Nov 2, 2024
@msecrfe
nabla-c0d3#672-fix-type-issue-while-handling-network-exception-option-2
1222566
@msecrfe msecrfe mentioned this issue Nov 2, 2024
Open
@msecrfe
Copy link
Author

msecrfe commented Nov 2, 2024

Submitted the second option as a PR as well. Choose whichever you think is more suitable and/or resilient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@msecrfe