Hi, I have a problem with one of the stunnel installation (debian7). After some time of operation automatically turns itself off with the message: (...) Apr 24 21:03:45 routerpri kernel: [177332.400502] stunnel[34426]: segfault at 0 ip 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri kernel: [178402.360532] stunnel[34795]: segfault at 0 ip 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri kernel: [178517.215345] stunnel[34908]: segfault at 0 ip 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in stunnel[7f150c59e000+24000] (...) stunnel 5.15 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1e 11 Feb 2013 stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log syslog = yes client = no fips = no verify = 0 CAfile = /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem [service_1] accept = 192.168.1.10:1000 connect = 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = /etc/stunnel/cert1_key.pem ciphers = HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2 When I use the lower level of encryption for example SSLv3, problem occurs after a longer period of normal operation. I will only add that the problem has also appeared on the previous version 4.54, which I was updating to the newest. Do you have any idea what could be causing the problem. Regards Mirek
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Mirek, Please collect the stack backtrace as explained here: http://linux.bytesex.org/gdb.html Make sure to send the backtrace directly to me only, as your problem may have severe security implications. I will work with you to solve it, and then I will provide a solution to the mailing list subscribers. I may also need your custom stunnel 5.15 binary and the generated core files, so please save them. Best regards, Mike On 25.04.2015 00:10, Miroslaw Pietrzyk wrote:
Hi, I have a problem with one of the stunnel installation (debian7). After some time of operation automatically turns itself off with the message: (...) Apr 24 21:03:45 routerpri kernel: [177332.400502] stunnel[34426]: segfault at 0 ip 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri kernel: [178402.360532] stunnel[34795]: segfault at 0 ip 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri kernel: [178517.215345] stunnel[34908]: segfault at 0 ip 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in stunnel[7f150c59e000+24000] (...)
stunnel 5.15 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log syslog = yes client = no fips = no verify = 0 CAfile = /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
[service_1] accept = 192.168.1.10:1000 connect = 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = /etc/stunnel/cert1_key.pem ciphers = HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
When I use the lower level of encryption for example SSLv3, problem occurs after a longer period of normal operation. I will only add that the problem has also appeared on the previous version 4.54, which I was updating to the newest. Do you have any idea what could be causing the problem.
Regards Mirek
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVO1tNAAoJEC78f/DUFuAU/sUP/16n+JKmixQ0OWtukeZj2mh7 1/istnKXgY4rI/goLFkuEggM1nncMgod/hinp87g58pu6Dq27ynVBnU8++6gfqW0 qlLmoAFn0J+Y1WeeSsmflaLqiq4sLMy67yVnxnGFbotK2vAAHBPG5QIDI/3MCvni PVFWW/RbXv0nM4QKZj7VZ6cfxBOwAlHU726miZTG2+E2d4+4b+TOGisRx17ZVMFU N0JjIDfhugHuPtbWGSXzgNvkCf1cOknit86TUhHqDF9+eYC0zAY2ydmo5cPhCTIJ H+K6UueRkxDnlAwIa2Y0nRUobeOnOlEKYJLDiYopysRCWXRGbk2wVByDfYI+VVdO E/AGakBbemD9vP+vfaJ44xZjd055/HgA7fghOnbJOL28wW2tCsGCIOcPSNEVoS7a KRZGyNt1E8DcR/yNxo8Bt9rF52bYqVoERHPDTGSyVYkDXqUbcYuCaCH3I68o1QaG KU6zg6sMnoIjMcptDof2hX8zJ1DESV6PvitQ+HIMlC6avZnPp7oxgxzHyhKpUZdI bv7oxdhYIporR3VFFE2gbOToqpkV8ErEbkOgUVfaOuHCcudTBh7dCWhIpQq8EFyN N3bSAAlmDXrb+ImMExP3sfZAwjy+fj8s4S1kQPdw+G9ugYEWuznjCwkWz/ioErqK AhbOT6XYyVdfMuqO0fRI =Oz9C -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, The bug was introduced in the session persistence feature added in stunnel 5.15. It may cause random crashes of stunnel configured as a TLS server (i.e., "client = no", which is the default). In order to fix it, stunnel should be upgraded to version 5.17. Fortunately, this bug does not have any substantial security impact. Mike On 25.04.2015 11:15, Michal Trojnara wrote:
Hi Mirek,
Please collect the stack backtrace as explained here: http://linux.bytesex.org/gdb.html
Make sure to send the backtrace directly to me only, as your problem may have severe security implications. I will work with you to solve it, and then I will provide a solution to the mailing list subscribers.
I may also need your custom stunnel 5.15 binary and the generated core files, so please save them.
Best regards, Mike
On 25.04.2015 00:10, Miroslaw Pietrzyk wrote:
Hi, I have a problem with one of the stunnel installation (debian7). After some time of operation automatically turns itself off with the message: (...) Apr 24 21:03:45 routerpri kernel: [177332.400502] stunnel[34426]: segfault at 0 ip 00007f1f99ca9e20 sp 00007f1f99c16c68 error 4 in stunnel[7f1f99c94000+24000] (...) Apr 24 21:21:36 routerpri kernel: [178402.360532] stunnel[34795]: segfault at 0 ip 00007f84d6b8be20 sp 00007f84d6b49c68 error 4 in stunnel[7f84d6b76000+24000] (...) Apr 24 21:23:31 routerpri kernel: [178517.215345] stunnel[34908]: segfault at 0 ip 00007f150c5b3e20 sp 00007f150c58cc68 error 4 in stunnel[7f150c59e000+24000] (...)
stunnel 5.15 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
stunnel.conf: pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log syslog = yes client = no fips = no verify = 0 CAfile = /etc/stunnel/SubCA2.crt CRLfile = /etc/stunnel/SubCA2_CRL.pem
[service_1] accept = 192.168.1.10:1000 connect = 192.168.1.10:1234 cert = /etc/stunnel/cert1.crt key = /etc/stunnel/cert1_key.pem ciphers = HIGH:!SSLv2:!ADH:!Exp:!aNULL:!eNULL:!NULL sslVersion = TLSv1.2
When I use the lower level of encryption for example SSLv3, problem occurs after a longer period of normal operation. I will only add that the problem has also appeared on the previous version 4.54, which I was updating to the newest. Do you have any idea what could be causing the problem.
Regards Mirek
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVRoWvAAoJEC78f/DUFuAUlw0P/3Jk337oPWDvDxPg7BxDmwoI hXobXz8FrCuANh3vvzYY8eCIYl+IBcPouZrZi5mMvkTyDh13+J2ZE+Sn5XMXOJXI 95+3Is4EWWjsYOwmk/VaFH8vL8D5okZv+8XCas1M5jaut5SJWr8as5JgEO5JuvrJ fW/xZRNgFDQjL6QG5SAn3FC4/KAZqYWOBG21DUGUTG6T9kwzypnXTQWwi53ZeN7M +1TGEZUGn4cFoBwhHw1g3lQOfE4LjP/bkWmuAIZHKN4V3gWRaoYgUtAOmS5QkjUP +2NZIbUaiQVimWymAJ7nS6nURbF80TcQ7+HksgAc7aeCrvWaUDYb3pfjl2MGW7uo nRNh/atxh+wxHa+Z1Xaato3yqd2hZeLsLjJ8FRArywsVPbNANcdcc2nfYhqXEpFu tOs53Yb5XPcTeaB/eClliq5z0zq7sBobKljK41s2aBz3BGZFYa2nFSUYB+SF/fDv /fkmvRFCeZnKPhLUo0kms0Q3H1Oz3aLUHzVDW5muqhgLRgfMgn6z42izCf42WVXF SoUz+P0eIHuCJurUB7LDJeLYh7gTPnE3dZhIaq4pZSlIcjw8F28V2yFchzO+Gw5X CDMIiuuJqCCgdv1u8Oef7Z5o8xHLkmYOs+c+qvx3Qw27H/Gqzoq7xLSle1FeEpei Q5q73Q4LgxqBQg1B/KMl =l/k8 -----END PGP SIGNATURE-----
participants (2)
-
Michal Trojnara -
Miroslaw Pietrzyk