Hello,
I am using stunnel 4.52 in client mode with exec and connect. The client program that stunnel execs periodically exits, and is properly re-started by stunnel, as I have "retry = yes" set. However, after a retry, I occasionally get a segfault inside one of the OpenSSL libraries. It does not happen right away, but once it happens, every retry causes the same segfault.
I did some debugging and it seems that what is happening during a retry is that the SSL connection is brought down in client_run(), then is freed via SSL_free(c->ssl). However, it seems that c->ssl is used after this free, for example in connect_local(), which calls SSL_get_peer_certificate(c->ssl). When exec, connect, and retry are all set, client_main() will call connect_local() after client_run() exits.
This patch seems to resolve the issue:
--- client.c.orig 2012-01-11 10:43:33.000000000 -0500 +++ client.c 2012-01-31 18:02:19.155213010 -0500 @@ -162,6 +162,7 @@ if(c->ssl) { /* SSL initialized */ SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); SSL_free(c->ssl); + c->ssl=NULL; ERR_remove_state(0); }
For completeness, here's my stunnel.conf:
client = yes sslVersion = SSLv3 pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 foreground=yes
[experiment] connect = x.x.x.x:443 exec = testprog retry = yes
David
David Shaw wrote:
I am using stunnel 4.52 in client mode with exec and connect. The client program that stunnel execs periodically exits, and is properly re-started by stunnel, as I have "retry = yes" set. However, after a retry, I occasionally get a segfault inside one of the OpenSSL libraries. It does not happen right away, but once it happens, every retry causes the same segfault.
I confirm your observation.
While investigating this issue I noticed that also c->err is uninitialized in connect_local().
Please try: ftp://ftp.stunnel.org/stunnel/beta/stunnel-4.53b3.tar.gz
Mike
On Feb 1, 2012, at 10:35 AM, Michal Trojnara wrote:
David Shaw wrote:
I am using stunnel 4.52 in client mode with exec and connect. The client program that stunnel execs periodically exits, and is properly re-started by stunnel, as I have "retry = yes" set. However, after a retry, I occasionally get a segfault inside one of the OpenSSL libraries. It does not happen right away, but once it happens, every retry causes the same segfault.
I confirm your observation.
While investigating this issue I noticed that also c->err is uninitialized in connect_local().
Please try: ftp://ftp.stunnel.org/stunnel/beta/stunnel-4.53b3.tar.gz
Yes, this issue seems to be resolved. Thanks!
David