[stunnel-users] stunnel segfaulting on connection with 4.10

brianmas at highstream.net brianmas at highstream.net
Wed Jun 15 16:13:32 CEST 2005

having a problem with stunnel sigsegv'ing on a machine
answers to list questions below:

1. https to/from IPs bound on same machine
the contents of my config file:

cert = /usr/local/etc/poundcert.pem
foreground = yes
connect = xx.xx.xx.xx:80
accept = xx.xx.xx.xx:443

foreground option because I was debugging, does it with or without this option.

2. 4.10
3. standalone, /usr/local/sbin/stunnel /usr/local/etc/stunnel.cfg
4. -D and -f aren't flags in version I am using apparently. assume -D 7 is debug
level debug (7)

I'll add the log from a single session, all I am doing is connecting from a
mozilla client and it instantly segfaults:

# /usr/local/sbin/stunnel /usr/local/etc/stunnel.cfg
2005.06.15 10:02:21 LOG5[1245:1]: stunnel 4.10 on i686-pc-linux-gnu
UCONTEXT+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7g 11 Apr 2005
2005.06.15 10:02:21 LOG7[1245:1]: Snagged 64 random bytes from /root/.rnd
2005.06.15 10:02:21 LOG7[1245:1]: Wrote 1024 new random bytes to /root/.rnd
2005.06.15 10:02:21 LOG7[1245:1]: RAND_status claims sufficient entropy for the
2005.06.15 10:02:21 LOG6[1245:1]: PRNG seeded successfully
2005.06.15 10:02:21 LOG7[1245:1]: Certificate: /usr/local/etc/poundcert.pem
2005.06.15 10:02:21 LOG7[1245:1]: Key file: /usr/local/etc/poundcert.pem
2005.06.15 10:02:21 LOG6[1245:1]: file ulimit = 1024 (can be changed with
'ulimit -n')
2005.06.15 10:02:21 LOG6[1245:1]: poll() used - no FD_SETSIZE limit for file
2005.06.15 10:02:21 LOG5[1245:1]: 500 clients allowed
2005.06.15 10:02:21 LOG7[1245:1]: FD 3 in non-blocking mode
2005.06.15 10:02:21 LOG7[1245:1]: FD 4 in non-blocking mode
2005.06.15 10:02:21 LOG7[1245:1]: FD 5 in non-blocking mode
2005.06.15 10:02:21 LOG7[1245:1]: SO_REUSEADDR option set on accept socket
2005.06.15 10:02:21 LOG7[1245:1]: poundssl bound to xx.xx.xx.xx:443
2005.06.15 10:02:21 LOG7[1245:1]: Created pid file
2005.06.15 10:02:21 LOG7[1245:0]: Waiting -1 second(s) for 2 file descriptor(s)
2005.06.15 10:02:39 LOG7[1245:0]: CONTEXT 1, FD=3, (IN)->()
2005.06.15 10:02:39 LOG7[1245:0]: CONTEXT 1, FD=5, (IN)->(IN)
2005.06.15 10:02:39 LOG7[1245:1]: poundssl accepted FD=6 from xx.xx.xx.xx:3939
2005.06.15 10:02:39 LOG7[1245:1]: Creating a new context
2005.06.15 10:02:39 LOG7[1245:1]: Context 2 created
Segmentation fault

5. /usr/local/sbin/stunnel  -version
stunnel 4.10 on i686-pc-linux-gnu UCONTEXT+POLL+IPv4+LIBWRAP with OpenSSL 0.9.7g
11 Apr 2005

Global options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:+RC4:@STRENGTH
debug           = 5
key             = /usr/local/etc/stunnel/stunnel.pem
pid             = /usr/local/var/run/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
session         = 300 seconds
verify          = none

Service-level options
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds

6. uname -a
Linux hsc14 2.4.27 #1 SMP Fri Feb 11 09:13:33 EST 2005 i686 i686 i386 GNU/Linux

7. # /lib/libc.so.6
GNU C Library stable release version 2.3.2, by Roland McGrath et al.
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Compiled by GNU CC version 3.2.2 20030222 (Red Hat Linux 3.2.2-5).
Compiled on a Linux 2.4.20 system on 2003-02-27.
Available extensions:
        GNU libio by Per Bothner
        crypt add-on version 2.1 by Michael Glad and others
        linuxthreads-0.10 by Xavier Leroy
        libthread_db work sponsored by Alpha Processor Inc
        NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
Thread-local storage support included.

8.]# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.2.2/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
Thread model: posix
gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)

9. ok maybe this is a problem?

# ]# openssl version
OpenSSL 0.9.7a Feb 19 2003
[root at hsc14 etc]# grep "OpenSSL 0.9.7a" /usr/local/sbin/stunnel
[root at hsc14 etc]# grep "OpenSSL 0.9.7g" /usr/local/sbin/stunnel
Binary file /usr/local/sbin/stunnel matches

which -a openssl only shows one binary and it's that old one.

additionally here is the output of gdb:

[root at hsc14 etc]# gdb  /usr/local/sbin/stunnel
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(gdb) set arg /usr/local/etc/stunnel.cfg
(gdb) run
Starting program: /usr/local/sbin/stunnel /usr/local/etc/stunnel.cfg
[New Thread 16384 (LWP 20866)]
2005.06.15 09:44:11 LOG5[20866:1]: stunnel 4.10 on i686-pc-linux-gnu UCONTEXT+PO
LL+IPv4+LIBWRAP with OpenSSL 0.9.7g 11 Apr 2005
2005.06.15 09:44:11 LOG5[20866:1]: 500 clients allowed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 20866)]
0x40026f0c in __pthread_internal_tsd_get () from /lib/libpthread.so.0
(gdb) bt
#0  0x40026f0c in __pthread_internal_tsd_get () from /lib/libpthread.so.0
#1  0x40105edd in malloc () from /lib/libc.so.6
#2  0x400f59e3 in __fopen_internal () from /lib/libc.so.6
#3  0x400f5aae in fopen@@GLIBC_2.1 () from /lib/libc.so.6
#4  0x4008c28b in hosts_access () from /usr/lib/libwrap.so.0
#5  0x4008c207 in hosts_access () from /usr/lib/libwrap.so.0
#6  0x0804b9d9 in auth_libwrap (c=0x4009225c) at client.c:706
#7  0x0804a535 in init_local (c=0x811d638) at client.c:196
#8  0x0804a3b1 in do_client (c=0x811d638) at client.c:143
#9  0x0804a338 in client (arg=0x811d638) at client.c:120
#10 0x400d84b4 in __makecontext () from /lib/libc.so.6

any help is much appreciated. let me know if you need any more information.

Thank you,

More information about the stunnel-users mailing list