Fix for unhandled OpenSSL error

andresriancho · Apr 24, 2019 · eaed39e · eaed39e
1 parent bbc2414
commit eaed39e
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 2 deletions.
diff --git a/w3af/core/data/url/extended_urllib.py b/w3af/core/data/url/extended_urllib.py
@@ -958,6 +958,7 @@ def send(self, req, grep=True):
         except (socket.error,
                 URLTimeoutError,
                 ConnectionPoolException,
+                OpenSSL.SSL.Error,
                 OpenSSL.SSL.SysCallError,
                 OpenSSL.SSL.ZeroReturnError,
                 BadStatusLine), e:
@@ -1077,7 +1078,9 @@ def _handle_send_socket_error(self, req, exception, grep, original_url):
         """
         self._increase_timeout_on_error(req, exception)
 
-        return self._generic_send_error_handler(req, exception, grep,
+        return self._generic_send_error_handler(req,
+                                                exception,
+                                                grep,
                                                 original_url)
 
     def _handle_send_urllib_error(self, req, exception, grep, original_url):
@@ -1086,7 +1089,9 @@ def _handle_send_urllib_error(self, req, exception, grep, original_url):
         also possible when a proxy is configured and not available
         also possible when auth credentials are wrong for the URI
         """
-        return self._generic_send_error_handler(req, exception, grep,
+        return self._generic_send_error_handler(req,
+                                                exception,
+                                                grep,
                                                 original_url)
 
     def _generic_send_error_handler(self, req, exception, grep, original_url):

diff --git a/w3af/core/data/url/handlers/keepalive/handler.py b/w3af/core/data/url/handlers/keepalive/handler.py
@@ -156,6 +156,26 @@ def do_open(self, req):
             self._cm.remove_connection(conn, reason='ZeroReturnError')
             raise
 
+        except OpenSSL.SSL.SysCallError:
+            # We better discard this connection
+            self._cm.remove_connection(conn, reason='socket error')
+            raise
+
+        except OpenSSL.SSL.Error:
+            #
+            # OpenSSL.SSL.Error: [('SSL routines',
+            #                      'ssl3_get_record',
+            #                      'decryption failed or bad record mac')]
+            #
+            # Or something similar.
+            #
+            # Note that OpenSSL.SSL.Error is the base class for all the
+            # OpenSSL exceptions, so we're catching quite a lot of things here
+            # and the except order matters.
+            #
+            self._cm.remove_connection(conn, reason='OpenSSL.SSL.Error')
+            raise
+
         except (socket.error, httplib.HTTPException, OpenSSL.SSL.SysCallError):
             # We better discard this connection
             self._cm.remove_connection(conn, reason='socket error')