You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Marek Czernek <mc...@redhat.com> on 2018/10/04 14:32:58 UTC
TLSClientHelloExtractor explanation
Hi there,
I'm looking at the class TLSClientHelloExtractor, specifically line [1].
The switch statement takes extensionType, which is a char, but the case
of the switch statements are integers.
So we're essentially comparing (char) a == (int) b. The possible values are:
TLS_EXTENSION_SERVER_NAME=0
TLS_EXTENSION_ALPN = 16
What hex value do I have to send such that (char) x == 0, or (char) x ==
16?
Sending \x10 to trigger 16 (should be its ascii code) didn't help.
Any help? :) Are we essentially converting char to ascii and comparing
the two values?
Essentially, I'm trying to trigger an old CVE, so I don't want to post
the whole code here.
[1]
https://github.com/apache/tomcat/blob/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java#L145
Cheers,
--
Marek Czernek
JWS/JBCS Associate Quality Engineer, RHCA
Re: TLSClientHelloExtractor explanation
Posted by Mark Thomas <ma...@apache.org>.
On 04/10/18 15:32, Marek Czernek wrote:
> Hi there,
>
> I'm looking at the class TLSClientHelloExtractor, specifically line [1].
> The switch statement takes extensionType, which is a char, but the case
> of the switch statements are integers.
>
> So we're essentially comparing (char) a == (int) b. The possible values
> are:
>
> TLS_EXTENSION_SERVER_NAME=0
> TLS_EXTENSION_ALPN = 16
>
> What hex value do I have to send such that (char) x == 0, or (char) x ==
> 16?
>
> Sending \x10 to trigger 16 (should be its ascii code) didn't help.
>
> Any help? :) Are we essentially converting char to ascii and comparing
> the two values?
>
> Essentially, I'm trying to trigger an old CVE, so I don't want to post
> the whole code here.
Run wireshark on a normal ALPN handshake and see? My guess is 0x10 but
if that isn't working...
Mark
>
> [1]
> https://github.com/apache/tomcat/blob/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java#L145
>
>
> Cheers,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org