Hi there,
I'm looking at the class TLSClientHelloExtractor, specifically line [1].
The switch statement takes extensionType, which is a char, but the case
of the switch statements are integers.
So we're essentially comparing (char) a == (int) b. The possible values are:
TLS_EXTENSION_SERVER_NAME=0
TLS_EXTENSION_ALPN = 16
What hex value do I have to send such that (char) x == 0, or (char) x ==
16?
Sending \x10 to trigger 16 (should be its ascii code) didn't help.
Any help? :) Are we essentially converting char to ascii and comparing
the two values?
Essentially, I'm trying to trigger an old CVE, so I don't want to post
the whole code here.
[1]
https://github.com/apache/tomcat/blob/trunk/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java#L145
Cheers,
--
Marek Czernek
JWS/JBCS Associate Quality Engineer, RHCA
