[stunnel-users] Segfault after connecting

MichaƂ Trojnara Michal.Trojnara at stunnel.org
Fri Feb 24 07:47:04 CET 2017


On 23.02.2017 23:33, Andrew Culver wrote:
> Tried 5.41b3 and it's no longer segfaulting. I'll keep an eye out for
> 5.41 stable. Here's the debug log if it should help Peter with his
> workaround:

I think the proper course of action would be to check whether this
change of OpenSSL's behavior was intentional, and submit a bug report
(or propose a fix) if it wasn't.  Implementing a workaround in stunnel
may potentially cause a memory leak.

Peter: Please let me know if you need my help.

The workaround proposed by Peter (with my small improvement) is:

diff --git a/src/ctx.c b/src/ctx.c
index 9f12ded..c4ef866 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -911,7 +911,10 @@ NOEXPORT void sess_remove_cb(SSL_CTX *ctx,
SSL_SESSION *sess) {
     opt=SSL_CTX_get_ex_data(ctx, index_opt);
     if(opt->option.sessiond)
         cache_remove(ctx, sess);
+#if OPENSSL_VERSION_NUMBER<0x10100000L
+    /* OpenSSL before 1.1.0 does not free the session automatically */
     SSL_SESSION_free(sess);
+#endif
 }

Best regards,
	Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170224/c7ee058d/attachment.sig>


More information about the stunnel-users mailing list