Python Error in DTLSclient after Scapy Upgrade from 2.4.3 to 2.4.4
mateBANANE opened this issue · 5 comments
Hi,
after upgrading from Scapy 2.4.3 to 2.4.4, I am facing an issue while using cotopaxi.active_scanner against an examplary OpenSSL DTLS server.
Details
I created an OpenSSL DTLS server via openssl s_server -dtls -cert server-cert.pem -key server-key.pem -accept 4444.
Then, I run cotopaxi via sudo python3 -m cotopaxi.active_scanner 192.168.1.208 4444.
Output
$ sudo python3 -m cotopaxi.active_scanner 192.168.1.208 4444`
Traceback (most recent call last):
File "/home/mateBANANE/software/cotopaxi/cotopaxi/cotopaxi_tester.py", line 650, in perform_testing
test_function(self.test_params)
File "/home/mateBANANE/software/cotopaxi/cotopaxi/active_scanner.py", line 918, in active_scanning
scanner.scan((test_params.dst_endpoint.ip_addr, test_params.dst_endpoint.port))
File "/home/mateBANANE/software/cotopaxi/cotopaxi/active_scanner.py", line 578, in scan
getattr(self, scan_method)(
File "/home/mateBANANE/software/cotopaxi/cotopaxi/active_scanner.py", line 827, in _scan_scsv
resp = client.recvall(timeout=2)
File "/home/mateBANANE/software/cotopaxi/cotopaxi/dtls_utils.py", line 283, in recvall
resp_packet = DTLS("".join(resp))
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/base_classes.py", line 266, in __call__
i.__init__(*args, **kargs)
File "/home/mateBANANE/software/cotopaxi/cotopaxi/dtls_utils.py", line 111, in __init__
SSL.__init__(self, *args, **kwargs)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy_ssl_tls/ssl_tls.py", line 1333, in __init__
Packet.__init__(self, *args, **fields)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/packet.py", line 158, in __init__
self.dissect(_pkt)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/packet.py", line 875, in dissect
s = self.do_dissect(s)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy_ssl_tls/ssl_tls.py", line 1360, in do_dissect
payload_len = record(raw_bytes[pos:pos + record_header_len]).length
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/base_classes.py", line 266, in __call__
i.__init__(*args, **kargs)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/packet.py", line 158, in __init__
self.dissect(_pkt)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/packet.py", line 875, in dissect
s = self.do_dissect(s)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/packet.py", line 839, in do_dissect
s, fval = f.getfield(self, s)
File "/home/mateBANANE/software/cotopaxi/venv/lib/python3.8/site-packages/scapy/fields.py", line 163, in getfield
return s[self.sz:], self.m2i(pkt, self.struct.unpack(s[:self.sz])[0])
TypeError: a bytes-like object is required, not 'str'
Problem
In dtls_util.py:277, you convert a bytes object to str via Scapy's plain_str() function. This does not seem to be necessary anymore, but I am not sure. I have removed this conversion and everything is running fine so far.
Hi,
Thank you very much, I could verify that the issue is fixed now.
Hi @mateBANANE!
Thank you for reporting and confirming fix!
This one was quite easy to fix, however such issues can pop up again because scapy_ssl-tls is not maintained and support for py3 is experimental ;-)
You are welcome!
Sadly, I know and encountered scapy_ssl-tls issues before.
Currently, I investigate another issue with DTLS. I will open an issue if it is subject to Cotopaxi. In short, I do not receive any messages after Cotopaxi's answer to "Hello Verify".
Hi @mateBANANE !
Please take into consideration that openssl DTLS server is not a full multi-thread server, it gets stucked after receiving first DTLS messages and do not start state-machine from the beginning.
While active_scanner starts multiple sessions from initial state.
I would recommend using matrixssl or other library example server.
Hi @jakub-botwicz,
Thank you very much! That is a huge point I missed out. I have tested the active_scanner against matrixssl's example server and compiled libcoap's example server against tinyDTLS and GnuTLS and it all works like a charm.
Furthermore, libcoap's example server compiled against OpenSSL does not work, too.
Thank you again, I was wondering for two days. :P