diff --git a/README.md b/README.md index 79ba485b..da815f21 100644 --- a/README.md +++ b/README.md @@ -185,6 +185,7 @@ For convenience, a web front-end on top of the command-line tool is available at - Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are. - The built-in man page (`-m`, `--manual`) is now available on Docker, PyPI, and Snap builds, in addition to the Windows build. - Snap builds are now architecture-independent. + - Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests. ### v3.1.0 (2023-12-20) - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)). diff --git a/src/ssh_audit/gextest.py b/src/ssh_audit/gextest.py index f482839f..3ce86d12 100644 --- a/src/ssh_audit/gextest.py +++ b/src/ssh_audit/gextest.py @@ -21,6 +21,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ +import struct import traceback # pylint: disable=unused-import @@ -65,7 +66,7 @@ def reconnect(out: 'OutputBuffer', s: 'SSH_Socket', kex: 'SSH2_Kex', gex_alg: st # Parse the server's KEX. _, payload = s.read_packet(2) SSH2_Kex.parse(out, payload) - except KexDHException: + except (KexDHException, struct.error): out.v("Failed to parse server's kex. Stack trace:\n%s" % str(traceback.format_exc()), write_now=True) return False