-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi Guys,
This Friday I intend to release stunnel 5.29.
The planned list of changes:
* New features - New WIN32 icons. - Performance improvement: rwlocks used for locking with pthreads.
* Bugfixes - Compilation fix for *BSD. - Fixed configuration file reload for relative stunnel.conf path on Unix. - Fixed ignoring CRLfile unless CAfile was also specified (thx to Strukov Petr).
Feel free to try stunnel 5.29b3, so I can fix any discovered issues before the final release: https://www.stunnel.org/downloads.html
Best regards, Mike
Mich, I found a regression in 5.29.If I run stunnel.exe or tstunnel.exe with no arguments, having a configuration file stunnel.conf in the current directory, the program segfaults. This works fine on 5.28 or previous versions. I uploaded a dump file to http://www.osronline.com/page.cfm?name=Analyze and the report pointed to a call to strncpy. Then, I ran a diff between 5.28 and 5.29 sources and this sent me to file options.c, function options_cmdline. I found that in the call strncpy(configuration_file, name, PATH_MAX-1), name was null. The problem is that variable name initialized at the begining of the function is garbled at the end. The following patch fixed the issue for me:
--- options.c.old Tue Dec 22 18:09:39 2015 +++ options.c Mon Jan 04 23:14:29 2016 @@ -272,8 +272,11 @@ } else #endif { - name=arg1; - type=CONF_FILE; + if (arg1) + { + name=arg1; + type=CONF_FILE; + } }
#ifdef HAVE_REALPATH
Regards, Jose A. Diaz
On Monday, January 4, 2016 4:11 PM, Michal Trojnara Michal.Trojnara@mirt.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi Guys,
This Friday I intend to release stunnel 5.29.
The planned list of changes:
* New features - New WIN32 icons. - Performance improvement: rwlocks used for locking with pthreads.
* Bugfixes - Compilation fix for *BSD. - Fixed configuration file reload for relative stunnel.conf path on Unix. - Fixed ignoring CRLfile unless CAfile was also specified (thx to Strukov Petr).
Feel free to try stunnel 5.29b3, so I can fix any discovered issues before the final release: https://www.stunnel.org/downloads.html
Best regards, Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05.01.2016 05:46, Jose Alf. wrote:
The following patch fixed the issue for me:
--- options.c.old Tue Dec 22 18:09:39 2015 +++ options.c Mon Jan 04 23:14:29 2016 @@ -272,8 +272,11 @@ } else #endif { - name=arg1; - type=CONF_FILE; + if (arg1) + { + name=arg1; + type=CONF_FILE; + } }
#ifdef HAVE_REALPATH
Thank you for reporting this issue. I made a really dumb mistake.
My patch (restoring the intended control flow) is:
- --- a/src/options.c +++ b/src/options.c @@ -227,6 +227,9 @@ int options_cmdline(char *arg1, char *arg2) { char *name; CONF_TYPE type;
+#ifdef USE_WIN32 + (void)arg2; /* squash the unused parameter warning */ +#endif if(!arg1) { name= #ifdef CONFDIR @@ -258,9 +261,7 @@ int options_cmdline(char *arg1, char *arg2) { log_flush(LOG_MODE_INFO); return 2; } else - -#ifdef USE_WIN32 - - (void)arg2; /* squash the unused parameter warning */ - -#else +#ifndef USE_WIN32 if(!strcasecmp(arg1, "-fd")) { if(!arg2) { s_log(LOG_ERR, "No file descriptor specified");
I have uploaded stunnel-5.29b4 to https://www.stunnel.org/downloads.html
Best regards, Mike
Mich, Yes. My quick tests show that beta 4 works as intended. Any suggestions to measure performance improvements against 5.28? Regards,Jose
On Tuesday, January 5, 2016 4:48 AM, Michal Trojnara Michal.Trojnara@mirt.net wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05.01.2016 05:46, Jose Alf. wrote:
The following patch fixed the issue for me:
--- options.c.old Tue Dec 22 18:09:39 2015 +++ options.c Mon Jan 04 23:14:29 2016 @@ -272,8 +272,11 @@ } else #endif { - name=arg1; - type=CONF_FILE; + if (arg1) + { + name=arg1; + type=CONF_FILE; + } }
#ifdef HAVE_REALPATH
Thank you for reporting this issue. I made a really dumb mistake.
My patch (restoring the intended control flow) is:
- --- a/src/options.c +++ b/src/options.c @@ -227,6 +227,9 @@ int options_cmdline(char *arg1, char *arg2) { char *name; CONF_TYPE type;
+#ifdef USE_WIN32 + (void)arg2; /* squash the unused parameter warning */ +#endif if(!arg1) { name= #ifdef CONFDIR @@ -258,9 +261,7 @@ int options_cmdline(char *arg1, char *arg2) { log_flush(LOG_MODE_INFO); return 2; } else - -#ifdef USE_WIN32 - - (void)arg2; /* squash the unused parameter warning */ - -#else +#ifndef USE_WIN32 if(!strcasecmp(arg1, "-fd")) { if(!arg2) { s_log(LOG_ERR, "No file descriptor specified");
I have uploaded stunnel-5.29b4 to https://www.stunnel.org/downloads.html
Best regards, Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 05.01.2016 12:40, Jose Alf. wrote:
Yes. My quick tests show that beta 4 works as intended.
Thank you.
Any suggestions to measure performance improvements against 5.28?
The change allows for multiple readers to simultaneously enter some areas of code (in both OpenSSL and stunnel itself) that previously were protected with simple critical sections. The change is supposed to reduce latency when concurrent connections are used. Measuring the actual improvement may be tricky.
The change was only implemented for pthreads. On Windows, rwlocks are only available on Vista and higher. I'd need a better reason for breaking compatibility with Windows 2000/XP. 8-)
Best regards, Mike
-
Jose Alf. -
Michal Trojnara