[stunnel-users] seg fault stunnel 4-14 on SLES10

Jon Howse jonny at stbrn.ac.uk
Fri Sep 22 10:30:37 CEST 2006


Hi, I am getting a seg fault with stunnel on an installation of SLES10.
This is the first SLES10 server I have set up after having set up many
SLES9 servers (approx twelve) which all communicate through stunnel to a
central syslog server. The version of stunnel we are using on SLES9 is:
stunnel-4.05-20.1. The other machines are a mix of 32bit and 64bit
Xeons. The seg fault seems to happen when syslog starts to talk through
stunnel.

The program is a binary rpm install for 64bit SLES10 and is being run in
standalone mode as a client connecting to a stunnel/syslog server
running SLES9.


OS:-
SLES10 x86_64

Packages:-
Stunnel 4-14-14.2
Syslog-ng-1.6.8-20.4
Openssl-0.9.8a-18.4


uname -a: Linux server 2.6.16.21-0.15-smp #1 SMP Tue Jul 25 15:28:49 UTC
2006 x86_64 x86_64 x86_64 GNU/Linux

libc version: libc.so.6 => /lib64/libc.so.6 (0x00002ae068cf2000)

openssl version: OpenSSL 0.9.8a 11 Oct 2005


stunnel.conf:-
# Copyright by Michal Trojnara 2002-2004
# --with changes for SuSE package

# client = yes | no
# client mode (remote service uses SSL)
# default: no (server mode)

client = yes

#
# chroot + user (comment out to disable)
#
chroot = /var/lib/stunnel/
setuid = stunnel
setgid = nogroup
# note about the chroot feature and the "exec" keyword to start other
# services...
# while the init script /etc/init.d/stunnel will copy the binaries and
libraries
# into the chroot jail, more files might be needed in the jail
(configuration files etc.)

pid = /var/run/stunnel.pid

#
# debugging
#

debug = 7
output = /var/log/stunnel.log


#
# Some performance tunings
#
# disable Nagle algorithm (a.k.a. tinygram prevention, see man 7 tcp)

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
# compression = rle

# Workaround for Eudora bug

#options = DONT_INSERT_EMPTY_FRAGMENTS

# Authentication stuff
# verify = 2
# Don't forget to c_rehash CApath; CApath is located inside chroot jail:
# CApath = /certs
# It's often easier to use CAfile: 
# CAfile = /etc/stunnel/certs.pem
# Don't forget to c_rehash CRLpath; CRLpath is located inside chroot
jail:

# CRLpath = /crls
# Alternatively you can use CRLfile:
# CRLfile = /etc/stunnel/crls.pem

CAfile = /etc/openldap/rootcert.pem
cert = /etc/ssl/certs/thorincert.pem
key = /etc/ssl/certs/thorinkey.pem
verify = 2

[5140]

        accept = 127.0.0.1:514
        connect = xxx.xxx.xxx.xxx:5140




/var/log/messages:-
kernel: Kernel logging (proc) stopped.
Sep 21 13:51:00 thorin kernel: Kernel log daemon terminating.
Sep 21 13:51:01 thorin syslog-ng[3146]: syslog-ng version 1.6.8 going
down
Sep 21 13:51:01 thorin syslog-ng[3769]: syslog-ng version 1.6.8 starting
Sep 21 13:51:01 thorin syslog-ng[3769]: Changing permissions on special
file /dev/tty10
Sep 21 13:51:01 thorin syslog-ng[3769]: Connection broken to
AF_INET(127.0.0.1:514), reopening in 60 seconds
Sep 21 13:51:06 thorin kernel: klogd 1.4.1, log source = /proc/kmsg
started.
Sep 21 13:51:06 thorin kernel: stunnel[3739]: segfault at
000000005569a9f0 rip 000055555555b793 rsp 00005555556b2f60 error 4

var/log/stunnel.log:-
stunnel 4.14 on x86_64-suse-linux-gnu UCONTEXT+POLL+IPv4+LIBWRAP with
OpenSSL 0.9.8a 11 Oct 2005
2006.09.21 13:48:25 LOG7[3396:1]: RAND_status claims sufficient entropy
for the PRNG
2006.09.21 13:48:25 LOG6[3396:1]: PRNG seeded successfully
2006.09.21 13:48:25 LOG7[3396:1]:
Certificate: /etc/ssl/certs/thorincert.pem
2006.09.21 13:48:25 LOG7[3396:1]: Key file: /etc/ssl/certs/thorinkey.pem
2006.09.21 13:48:25 LOG7[3396:1]: Loaded verify certificates
from /etc/openldap/rootcert.pem
2006.09.21 13:48:25 LOG6[3396:1]: file ulimit = 1024 (can be changed
with 'ulimit -n')
2006.09.21 13:48:25 LOG6[3396:1]: poll() used - no FD_SETSIZE limit for
file descriptors
2006.09.21 13:48:25 LOG5[3396:1]: 500 clients allowed
2006.09.21 13:48:25 LOG7[3396:1]: FD 4 in non-blocking mode
2006.09.21 13:48:25 LOG7[3396:1]: FD 5 in non-blocking mode
2006.09.21 13:48:25 LOG7[3396:1]: FD 6 in non-blocking mode
2006.09.21 13:48:25 LOG7[3396:1]: SO_REUSEADDR option set on accept
socket
2006.09.21 13:48:25 LOG7[3396:1]: 5140 bound to 127.0.0.1:514
2006.09.21 13:48:25 LOG7[3397:1]: Created pid file /var/run/stunnel.pid
2006.09.21 13:48:25 LOG7[3397:0]: Waiting -1 second(s) for 2 file
descriptor(s)
2006.09.21 13:49:20 LOG7[3397:0]: CONTEXT 1, FD=4, (IN)->()
2006.09.21 13:49:20 LOG7[3397:0]: CONTEXT 1, FD=6, (IN)->(IN)
2006.09.21 13:49:20 LOG7[3397:1]: 5140 accepted FD=7 from 127.0.0.1:7323
2006.09.21 13:49:20 LOG7[3397:1]: Creating a new context
2006.09.21 13:49:20 LOG7[3397:1]: Context 2 created
2006.09.21 13:49:20 LOG7[3397:2]: Context swap: 1 -> 2

It waits at the last entry until syslog tries to connect.
And that's where the useful logging stops, after that it's a seg fault.

Hope you can point me in the right direction...

Jon Howse



----------------------------------------------------------------------------
St Brendan's Sixth Form College --- STAFF e-mail

Please consider the environment before printing this email.

This e-mail is confidential and intended solely for the use of the individual to whom
it is addressed. Any views or opinions presented are solely those of the author and
do not necessarily represent those of St Brendan's Sixth Form College. If you are not
the intended recipient, be advised that you have received this e-mail in error and
that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly
prohibited. If you have received this e-mail in error please contact the sender.

Please report any abuse of this e-mail service to postmaster at stbrn.ac.uk
----------------------------------------------------------------------------

*** This e-mail has been scanned by Symantec Anti-Virus software. ***





More information about the stunnel-users mailing list