[stunnel-users] Segfault in stunnel
Michal Trojnara
Michal.Trojnara at mirt.net
Sun May 3 22:31:43 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
The bug was introduced in the session persistence feature added in
stunnel 5.15. It may cause random crashes of stunnel configured as a
TLS server (i.e., "client = no", which is the default).
In order to fix it, stunnel should be upgraded to version 5.17.
Fortunately, this bug does not have any substantial security impact.
Mike
On 25.04.2015 11:15, Michal Trojnara wrote:
> Hi Mirek,
>
> Please collect the stack backtrace as explained here:
> http://linux.bytesex.org/gdb.html
>
> Make sure to send the backtrace directly to me only, as your
> problem may have severe security implications. I will work with
> you to solve it, and then I will provide a solution to the mailing
> list subscribers.
>
> I may also need your custom stunnel 5.15 binary and the generated
> core files, so please save them.
>
> Best regards, Mike
>
> On 25.04.2015 00:10, Miroslaw Pietrzyk wrote:
>> Hi, I have a problem with one of the stunnel installation
>> (debian7). After some time of operation automatically turns
>> itself off with the message: (...) Apr 24 21:03:45 routerpri
>> kernel: [177332.400502] stunnel[34426]: segfault at 0 ip
>> 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in
>> stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri
>> kernel: [178402.360532] stunnel[34795]: segfault at 0 ip
>> 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in
>> stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri
>> kernel: [178517.215345] stunnel[34908]: segfault at 0 ip
>> 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in
>> stunnel[7f150c59e000+24000] (...)
>
>
>> stunnel 5.15 on x86_64-unknown-linux-gnu platform
>> Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
>
>> stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log
>> syslog = yes client = no fips = no verify = 0 CAfile =
>> /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
>
>> [service_1] accept = 192.168.1.10:1000 connect =
>> 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key =
>> /etc/stunnel/cert1_key.pem ciphers =
>> HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
>
>> When I use the lower level of encryption for example SSLv3,
>> problem occurs after a longer period of normal operation. I will
>> only add that the problem has also appeared on the previous
>> version 4.54, which I was updating to the newest. Do you have any
>> idea what could be causing the problem.
>
>> Regards Mirek
>
>
>> _______________________________________________ stunnel-users
>> mailing list stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
> _______________________________________________ stunnel-users
> mailing list stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJVRoWvAAoJEC78f/DUFuAUlw0P/3Jk337oPWDvDxPg7BxDmwoI
hXobXz8FrCuANh3vvzYY8eCIYl+IBcPouZrZi5mMvkTyDh13+J2ZE+Sn5XMXOJXI
95+3Is4EWWjsYOwmk/VaFH8vL8D5okZv+8XCas1M5jaut5SJWr8as5JgEO5JuvrJ
fW/xZRNgFDQjL6QG5SAn3FC4/KAZqYWOBG21DUGUTG6T9kwzypnXTQWwi53ZeN7M
+1TGEZUGn4cFoBwhHw1g3lQOfE4LjP/bkWmuAIZHKN4V3gWRaoYgUtAOmS5QkjUP
+2NZIbUaiQVimWymAJ7nS6nURbF80TcQ7+HksgAc7aeCrvWaUDYb3pfjl2MGW7uo
nRNh/atxh+wxHa+Z1Xaato3yqd2hZeLsLjJ8FRArywsVPbNANcdcc2nfYhqXEpFu
tOs53Yb5XPcTeaB/eClliq5z0zq7sBobKljK41s2aBz3BGZFYa2nFSUYB+SF/fDv
/fkmvRFCeZnKPhLUo0kms0Q3H1Oz3aLUHzVDW5muqhgLRgfMgn6z42izCf42WVXF
SoUz+P0eIHuCJurUB7LDJeLYh7gTPnE3dZhIaq4pZSlIcjw8F28V2yFchzO+Gw5X
CDMIiuuJqCCgdv1u8Oef7Z5o8xHLkmYOs+c+qvx3Qw27H/Gqzoq7xLSle1FeEpei
Q5q73Q4LgxqBQg1B/KMl
=l/k8
-----END PGP SIGNATURE-----
More information about the stunnel-users
mailing list