From 5a771bcf396d33bc55ded0cf946971a851ecf12a Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 1 Dec 2016 18:11:09 +0100 Subject: [PortScan] Handle openssl output when connecting to non-SSL port properly --- .../org/openslx/taskmanager/tasks/PortScan.java | 24 ++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'src/main/java/org/openslx/taskmanager') diff --git a/src/main/java/org/openslx/taskmanager/tasks/PortScan.java b/src/main/java/org/openslx/taskmanager/tasks/PortScan.java index edc9e36..ee0e8b5 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/PortScan.java +++ b/src/main/java/org/openslx/taskmanager/tasks/PortScan.java @@ -24,6 +24,7 @@ import com.google.gson.annotations.Expose; public class PortScan extends AbstractTask { + @Expose private String host; @Expose @@ -78,7 +79,11 @@ public class PortScan extends AbstractTask @Override public Object call() throws Exception { - results.add( testPort( port ) ); + try { + results.add( testPort( port ) ); + } catch ( Exception e ) { + status.addMessage( "Exception occured when checking port " + port + ": " + e.toString() ); + } return null; } } ); @@ -119,7 +124,7 @@ public class PortScan extends AbstractTask if ( open ) { String str = this.host.replaceAll( "[^a-zA-Z0-9\\.\\-_]", "" ) + ":" + port; // Is open, see if it is running SSL - Exec.syncAt( 4, new Exec.ExecCallback() { + int exitCode = Exec.syncAt( 4, new Exec.ExecCallback() { private boolean inCert = false; @Override @@ -146,10 +151,9 @@ public class PortScan extends AbstractTask Matcher m; if ( verifyResult.get() == -1 && null != ( m = verifyPattern.matcher( line ) ) && m.find() ) { try { - verifyResult.set( Integer.parseInt( m.group( 1 ) ) ); + verifyResult.compareAndSet( -1, Integer.parseInt( m.group( 1 ) ) ); } catch ( Exception e ) { } - messages.append( "\nVerify result: " + verifyResult.get() ); } } @@ -160,9 +164,13 @@ public class PortScan extends AbstractTask } }, "/", "/bin/sh", "-c", - "openssl s_client -CAfile '" + certFile + "' -showcerts -connect " + str + " /dev/null; " - + "openssl s_client -connect " + str + " /dev/null " - + " | openssl x509 -noout -enddate -fingerprint -sha1 2>&1" ); + "openssl s_client -CAfile '" + certFile + "' -showcerts -connect " + str + " /dev/null; RET=$? ;" + + " openssl s_client -connect " + str + " /dev/null " + + " | openssl x509 -noout -enddate -fingerprint -sha1 2>&1 ; exit $(( RET + $? ))" ); + if ( exitCode != 0 && ( fingerprint.get() == null || fingerprint.get().isEmpty() ) ) { + verifyResult.set( -2 ); + } + messages.append( "\nVerify result: " + verifyResult.get() ); } status.addMessage( messages.toString() ); return new Result( port, open, fingerprint.get(), notAfter.get(), verifyResult.get(), certList.toString() ); @@ -177,7 +185,7 @@ public class PortScan extends AbstractTask @SuppressWarnings( "unused" ) protected List ports = null; - private void addMessage( String str ) + private synchronized void addMessage( String str ) { if ( messages == null ) { messages = str; -- cgit v1.2.3-55-g7522