[stunnel-users] [PATCH] Address already in use (98) when binding to localhost

Christian Kujau lists at nerdbynature.de
Tue Feb 6 11:00:19 CET 2018


Hi,

I reported the following to the Fedora bugtracker[0], but only then
realized that this happens with the upstream version too. In short:
since stunnel 5.44 I am no longer able to have stunnel bind to
localhost, when "localhost" is literally mentioned in the configuration
file:

$ cat stunnel.test [test]
client          = yes
protocol        = smtp
accept          = localhost:12345
connect         = localhost:2025


$ stunnel-5.44 stunnel.test [...]
[ ] Binding service [test]
[ ] Listening file descriptor created (FD=6)
[ ] Option SO_REUSEADDR set on accept socket
[ ] Service [test] (FD=6) bound to 127.0.0.1:12345
[ ] Listening file descriptor created (FD=7)
[ ] Option SO_REUSEADDR set on accept socket
[!] bind: Address already in use (98)
[!] Error binding service [test] to 127.0.0.1:12345
[ ] Unbinding service [test]
[ ] Service [test] closed (FD=6)
[ ] Service [test] closed


When using "127.0.0.1" or "::1" instead of "localhost" in the
configuration file, stunnel-5.44 works. However, then one can only
connect to either the IPv4 _or_ the IPv6 address, depending on what's
configured. With stunnel-5.43 and "accept=localhost:12345" both IPv4 and
IPv6 was available.

I suspect that this is related to the following change log entry for 5.44:

 > Default accept address restored to INADDR_ANY.
I have attached a patch to revert that (?) change and also included a
test script that fails on my system when the patch is not applied.

I see "Version 5.45" already mention in the changelog on the website,
but now download yet?

Thanks,
Christian.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=1542361
-- 
BOFH excuse #424:

operation failed because: there is no message for this error (#1014)

-------------- next part --------------
--- /dev/null	2018-02-05 14:57:29.436074709 -0800
+++ tests/recipes/019_localhost	2018-02-06 00:45:59.964728931 -0800
@@ -0,0 +1,32 @@
+#!/bin/sh
+. $(dirname $0)/../test_library
+
+start() {
+  ../../src/stunnel -fd 0 <<EOT
+  debug = debug
+  syslog = no
+  pid = ${result_path}/stunnel.pid
+  output = ${result_path}/stunnel.log
+
+  [https client]
+  client = yes
+  accept = localhost:${http1}
+  connect = localhost:${https}
+
+  [https server]
+  accept = localhost:${https}
+  connect = localhost:${http2}
+  cert = ${script_path}/certs/stunnel.pem
+EOT
+}
+
+check_ports "019_localhost"
+if grep -q "IPv6" "results.log" && PATH="${PATH}:/sbin:/usr/sbin" ifconfig | grep -q "inet6" && [ -n "$(command -v ncat)" ] # nc does not support IPv6
+  then
+    start 2> "error.log"
+    test_log_for "019_localhost" "success" "$1" 2>> "stderr.log"
+    exit $?
+  else
+    exit_logs "019_localhost" "skipped"
+    exit 125
+  fi
-------------- next part --------------
--- src/options.c.orig	2017-11-14 23:06:12.000000000 -0800
+++ src/options.c	2018-02-06 00:01:58.892498016 -0800
@@ -1151,7 +1151,7 @@ NOEXPORT char *parse_service_option(CMD
     /* accept */
     switch(cmd) {
     case CMD_BEGIN:
-        addrlist_clear(&section->local_addr, 1);
+        addrlist_clear(&section->local_addr, 0);
         break;
     case CMD_EXEC:
         if(strcasecmp(opt, "accept"))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180206/902e9a2e/attachment.sig>


More information about the stunnel-users mailing list