[stunnel-users] Possible use-after-free in stunnel 4.52
David Shaw
dshaw at jabberwocky.com
Wed Feb 1 19:59:37 CET 2012
On Feb 1, 2012, at 10:35 AM, Michal Trojnara wrote:
> David Shaw wrote:
>> I am using stunnel 4.52 in client mode with exec and connect. The
>> client program that stunnel execs periodically exits, and is properly
>> re-started by stunnel, as I have "retry = yes" set. However, after a
>> retry, I occasionally get a segfault inside one of the OpenSSL
>> libraries. It does not happen right away, but once it happens, every
>> retry causes the same segfault.
>
> I confirm your observation.
>
> While investigating this issue I noticed that also c->err is uninitialized in connect_local().
>
> Please try:
> ftp://ftp.stunnel.org/stunnel/beta/stunnel-4.53b3.tar.gz
Yes, this issue seems to be resolved. Thanks!
David
More information about the stunnel-users
mailing list