[stunnel-users] Possible use-after-free in stunnel 4.52
Michal.Trojnara at mirt.net
Wed Feb 1 16:35:27 CET 2012
David Shaw wrote:
> I am using stunnel 4.52 in client mode with exec and connect. The
> client program that stunnel execs periodically exits, and is properly
> re-started by stunnel, as I have "retry = yes" set. However, after a
> retry, I occasionally get a segfault inside one of the OpenSSL
> libraries. It does not happen right away, but once it happens, every
> retry causes the same segfault.
I confirm your observation.
While investigating this issue I noticed that also c->err is
uninitialized in connect_local().
More information about the stunnel-users