[stunnel-users] Possible use-after-free in stunnel 4.52

[Michal Trojnara]

David Shaw wrote:
> I am using stunnel 4.52 in client mode with exec and connect.  The
> client program that stunnel execs periodically exits, and is properly
> re-started by stunnel, as I have "retry = yes" set.  However, after a
> retry, I occasionally get a segfault inside one of the OpenSSL
> libraries.  It does not happen right away, but once it happens, every
> retry causes the same segfault.

I confirm your observation.

While investigating this issue I noticed that also c->err is 
uninitialized in connect_local().

Please try:
ftp://ftp.stunnel.org/stunnel/beta/stunnel-4.53b3.tar.gz

Mike