Hi, I have a problem with one of the stunnel installation (debian7). After some time of operation automatically turns itself off with the message: (...) Apr 24 21:03:45 routerpri kernel: [177332.400502] stunnel[34426]: segfault at 0 ip 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri kernel: [178402.360532] stunnel[34795]: segfault at 0 ip 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri kernel: [178517.215345] stunnel[34908]: segfault at 0 ip 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in stunnel[7f150c59e000+24000] (...)
stunnel 5.15 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log syslog = yes client = no fips = no verify = 0 CAfile = /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
[service_1] accept = 192.168.1.10:1000 connect = 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = /etc/stunnel/cert1_key.pem ciphers = HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
When I use the lower level of encryption for example SSLv3, problem occurs after a longer period of normal operation. I will only add that the problem has also appeared on the previous version 4.54, which I was updating to the newest. Do you have any idea what could be causing the problem.
Regards Mirek
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Mirek,
Please collect the stack backtrace as explained here: http://linux.bytesex.org/gdb.html
Make sure to send the backtrace directly to me only, as your problem may have severe security implications. I will work with you to solve it, and then I will provide a solution to the mailing list subscribers.
I may also need your custom stunnel 5.15 binary and the generated core files, so please save them.
Best regards, Mike
On 25.04.2015 00:10, Miroslaw Pietrzyk wrote:
Hi, I have a problem with one of the stunnel installation (debian7). After some time of operation automatically turns itself off with the message: (...) Apr 24 21:03:45 routerpri kernel: [177332.400502] stunnel[34426]: segfault at 0 ip 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri kernel: [178402.360532] stunnel[34795]: segfault at 0 ip 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri kernel: [178517.215345] stunnel[34908]: segfault at 0 ip 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in stunnel[7f150c59e000+24000] (...)
stunnel 5.15 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log syslog = yes client = no fips = no verify = 0 CAfile = /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
[service_1] accept = 192.168.1.10:1000 connect = 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = /etc/stunnel/cert1_key.pem ciphers = HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
When I use the lower level of encryption for example SSLv3, problem occurs after a longer period of normal operation. I will only add that the problem has also appeared on the previous version 4.54, which I was updating to the newest. Do you have any idea what could be causing the problem.
Regards Mirek
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Users,
The bug was introduced in the session persistence feature added in stunnel 5.15. It may cause random crashes of stunnel configured as a TLS server (i.e., "client = no", which is the default). In order to fix it, stunnel should be upgraded to version 5.17.
Fortunately, this bug does not have any substantial security impact.
Mike
On 25.04.2015 11:15, Michal Trojnara wrote:
Hi Mirek,
Please collect the stack backtrace as explained here: http://linux.bytesex.org/gdb.html
Make sure to send the backtrace directly to me only, as your problem may have severe security implications. I will work with you to solve it, and then I will provide a solution to the mailing list subscribers.
I may also need your custom stunnel 5.15 binary and the generated core files, so please save them.
Best regards, Mike
On 25.04.2015 00:10, Miroslaw Pietrzyk wrote:
Hi, I have a problem with one of the stunnel installation (debian7). After some time of operation automatically turns itself off with the message: (...) Apr 24 21:03:45 routerpri kernel: [177332.400502] stunnel[34426]: segfault at 0 ip 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri kernel: [178402.360532] stunnel[34795]: segfault at 0 ip 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri kernel: [178517.215345] stunnel[34908]: segfault at 0 ip 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in stunnel[7f150c59e000+24000] (...)
stunnel 5.15 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log syslog = yes client = no fips = no verify = 0 CAfile = /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
[service_1] accept = 192.168.1.10:1000 connect = 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = /etc/stunnel/cert1_key.pem ciphers = HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
When I use the lower level of encryption for example SSLv3, problem occurs after a longer period of normal operation. I will only add that the problem has also appeared on the previous version 4.54, which I was updating to the newest. Do you have any idea what could be causing the problem.
Regards Mirek
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Michal Trojnara -
Miroslaw Pietrzyk