Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests.

2024-11-16 13:35:39 +01:00 · 2024-02-17 13:44:06 -05:00 · 2024-02-17 13:44:06 -05:00 · 699739d42a
commit 699739d42a
parent a958fd1fec
2 changed files with 3 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -185,6 +185,7 @@ For convenience, a web front-end on top of the command-line tool is available at
 - Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys.  Additionally, they are now flagged as potentially back-doored, just as standard host keys are.
 - The built-in man page (`-m`, `--manual`) is now available on Docker, PyPI, and Snap builds, in addition to the Windows build.
 - Snap builds are now architecture-independent.
+ - Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests.

 ### v3.1.0 (2023-12-20)
 - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
--- a/src/ssh_audit/gextest.py
+++ b/src/ssh_audit/gextest.py
@ -21,6 +21,7 @@
   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
   THE SOFTWARE.
 """
+import struct
 import traceback

 # pylint: disable=unused-import
@ -65,7 +66,7 @@ class GEXTest:
            # Parse the server's KEX.
            _, payload = s.read_packet(2)
            SSH2_Kex.parse(out, payload)
-        except KexDHException:
+        except (KexDHException, struct.error):
            out.v("Failed to parse server's kex.  Stack trace:\n%s" % str(traceback.format_exc()), write_now=True)
            return False