[stunnel-users] Segfault in stunnel

Michal Trojnara Michal.Trojnara at mirt.net
Sun May 3 22:31:43 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Users,

The bug was introduced in the session persistence feature added in
stunnel 5.15.  It may cause random crashes of stunnel configured as a
TLS server (i.e., "client = no", which is the default).
In order to fix it, stunnel should be upgraded to version 5.17.

Fortunately, this bug does not have any substantial security impact.

Mike

On 25.04.2015 11:15, Michal Trojnara wrote:
> Hi Mirek,
> 
> Please collect the stack backtrace as explained here: 
> http://linux.bytesex.org/gdb.html
> 
> Make sure to send the backtrace directly to me only, as your
> problem may have severe security implications.  I will work with
> you to solve it, and then I will provide a solution to the mailing
> list subscribers.
> 
> I may also need your custom stunnel 5.15 binary and the generated
> core files, so please save them.
> 
> Best regards, Mike
> 
> On 25.04.2015 00:10, Miroslaw Pietrzyk wrote:
>> Hi, I have a problem with one of the stunnel installation 
>> (debian7). After some time of operation automatically turns
>> itself off with the message: (...) Apr 24 21:03:45 routerpri
>> kernel: [177332.400502] stunnel[34426]: segfault at 0 ip
>> 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in
>> stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri
>> kernel: [178402.360532] stunnel[34795]: segfault at 0 ip
>> 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in 
>> stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri
>> kernel: [178517.215345] stunnel[34908]: segfault at 0 ip
>> 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in
>> stunnel[7f150c59e000+24000] (...)
> 
> 
>> stunnel 5.15 on x86_64-unknown-linux-gnu platform
>> Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
> 
>> stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1
>>  socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log
>>  syslog = yes client = no fips = no verify = 0 CAfile = 
>> /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
> 
>> [service_1] accept = 192.168.1.10:1000 connect =
>> 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key =
>> /etc/stunnel/cert1_key.pem ciphers =
>> HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
> 
>> When I use the lower level of encryption for example SSLv3, 
>> problem occurs after a longer period of normal operation. I will 
>> only add that the problem has also appeared on the previous
>> version 4.54, which I was updating to the newest. Do you have any
>> idea what could be causing the problem.
> 
>> Regards Mirek
> 
> 
>> _______________________________________________ stunnel-users 
>> mailing list stunnel-users at stunnel.org 
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 
> _______________________________________________ stunnel-users
> mailing list stunnel-users at stunnel.org 
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJVRoWvAAoJEC78f/DUFuAUlw0P/3Jk337oPWDvDxPg7BxDmwoI
hXobXz8FrCuANh3vvzYY8eCIYl+IBcPouZrZi5mMvkTyDh13+J2ZE+Sn5XMXOJXI
95+3Is4EWWjsYOwmk/VaFH8vL8D5okZv+8XCas1M5jaut5SJWr8as5JgEO5JuvrJ
fW/xZRNgFDQjL6QG5SAn3FC4/KAZqYWOBG21DUGUTG6T9kwzypnXTQWwi53ZeN7M
+1TGEZUGn4cFoBwhHw1g3lQOfE4LjP/bkWmuAIZHKN4V3gWRaoYgUtAOmS5QkjUP
+2NZIbUaiQVimWymAJ7nS6nURbF80TcQ7+HksgAc7aeCrvWaUDYb3pfjl2MGW7uo
nRNh/atxh+wxHa+Z1Xaato3yqd2hZeLsLjJ8FRArywsVPbNANcdcc2nfYhqXEpFu
tOs53Yb5XPcTeaB/eClliq5z0zq7sBobKljK41s2aBz3BGZFYa2nFSUYB+SF/fDv
/fkmvRFCeZnKPhLUo0kms0Q3H1Oz3aLUHzVDW5muqhgLRgfMgn6z42izCf42WVXF
SoUz+P0eIHuCJurUB7LDJeLYh7gTPnE3dZhIaq4pZSlIcjw8F28V2yFchzO+Gw5X
CDMIiuuJqCCgdv1u8Oef7Z5o8xHLkmYOs+c+qvx3Qw27H/Gqzoq7xLSle1FeEpei
Q5q73Q4LgxqBQg1B/KMl
=l/k8
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list