[stunnel-users] [PATCH] Reject inetd mode with no client specification

Miloslav Trmac mitr at redhat.com
Wed Jun 1 13:27:00 CEST 2005


Hello,
when stunnel is started in inetd mode without specifying connect =
nor exec =, it attempts to execl(NULL) and the child SIGSEGVs.

The attached patch adds a check to reject such configurations.
	Mirek
-------------- next part --------------
--- stunnel-4.10/src/options.c.check	2005-06-01 11:58:24.000000000 +0200
+++ stunnel-4.10/src/options.c	2005-06-01 12:02:25.000000000 +0200
@@ -1141,10 +1141,16 @@
         exit(1);
     }
     fclose(fp);
-    if(!local_options.next && section->option.accept) {
-        log_raw("accept option is not allowed in inetd mode");
-        log_raw("remove accept option or define a [section]");
-        exit(1);
+    if(!local_options.next) {
+        if (section->option.accept) {
+	    log_raw("accept option is not allowed in inetd mode");
+	    log_raw("remove accept option or define a [section]");
+	    exit(1);
+	}
+	if (!section->option.remote && section->execname == NULL) {
+	    log_raw("inetd mode must define a remote host or an executable");
+	    exit(1);
+	}
     }
     if(!options.option.client)
         options.option.cert=1; /* Server always needs a certificate */


More information about the stunnel-users mailing list