On 04/10/18 15:32, Marek Czernek wrote: > Hi there, > > I'm looking at the class TLSClientHelloExtractor, specifically line [1]. > The switch statement takes extensionType, which is a char, but the case > of the switch statements are integers. > > So we're essentially comparing (char) a == (int) b. The possible values > are: > > TLS_EXTENSION_SERVER_NAME=0 > TLS_EXTENSION_ALPN = 16 > > What hex value do I have to send such that (char) x == 0, or (char) x == > 16? > > Sending \x10 to trigger 16 (should be its ascii code) didn't help. > > Any help? :) Are we essentially converting char to ascii and comparing > the two values? > > Essentially, I'm trying to trigger an old CVE, so I don't want to post > the whole code here.
Run wireshark on a normal ALPN handshake and see? My guess is 0x10 but if that isn't working... Mark > > [1] > https://github.com/apache/tomcat/blob/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java#L145 > > > Cheers, --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
