[stunnel-users] illegal instruction crash 5.50 Debian/Stretch
Michal Trojnara
Michal.Trojnara at stunnel.org
Wed Apr 24 21:54:02 CEST 2019
On 24.04.2019 16:06, Florian Lohoff wrote:
> with the stunnel4 in Debian/Stretch i am experiencing pretty regular
> crashes with illegal instruction. Version is 5.50.
> In Bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880659
> you can see the drill down to a Lock beeing unlocked although
> not locked. When i look at the code its some usage of openssl
> primitives. (Unlock happens in openssl code)
> I had a quick look at the changelog and this:
> "Service threads are terminated before OpenSSL cleanup to prevent occasional stunnel crashes at shutdown."
> sounds a bit like the issue i am experiencing.
> Can you confirm this?
Yes, I do confirm this is the issue described in the Debian bug #880659.
It wasn't a simple coding error, but rather a design flaw introduced in
version 3.0 that took 20 years to identify and fix. Before version
5.18, released almost 4 years ago, the shutdown race condition mostly
manifested itself while terminating stunnel under extremely heavy load,
such as stress testing. The probability has increased with the
introduction of periodic DH parameter regeneration in version 5.18. I
didn't test it, but I suspect some changes in the OpenSSL internals may
have also cause the crashes to only surface fairly recently, and not 20
years ago.
The fix itself involves a major redesign of the stunnel threading
subsystem, so I made a beta version and I'd appreciate your help with
testing it:
https://www.stunnel.org/downloads/beta/stunnel-5.54b2.tar.gz
Best regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190424/e466a222/attachment.sig>
More information about the stunnel-users
mailing list