[stunnel-users] Bad Magic

MichaƂ Trojnara Michal.Trojnara at stunnel.org
Tue Feb 21 23:23:02 CET 2017 

On 21.02.2017 16:04, Melzer, Jacob wrote:
> 2017.02.21 09:31:25 LOG5[ui]: stunnel 5.40 on powerpc-ibm-aix6.1.0.0
> platform
> 2017.02.21 09:31:25 LOG5[ui]: Compiled/running with OpenSSL 1.0.2j  26
> Sep 2016
[cut]
> INTERNAL ERROR: Bad magic at OpenSSL, line 0

This is the way stunnel detects heap corruption.  Something is very
wrong with your deployment.  This could either be caused by stunnel or
by OpenSSL.  I suspect the latter, as your client works fine.  There is
very little architecture-dependent code in stunnel, so a bug in stunnel
would likely cause it to fail miserably also in the client mode.

> mem.CRYPTO_free() at 0xd97dd8d8
> bn_lib.bn_expand2 at AF37_5() at 0xd97e8da4
> bn_mont.BN_mod_mul_montgomery() at 0xd981e150
> ecp_mont.ec_GFp_mont_field_mul() at 0xd9837a18
> ecp_smpl.ec_GFp_simple_point_get_affine_coordinates() at 0xd9839890
> ec_lib.EC_POINT_get_affine_coordinates_GFp() at 0xd9a81dfc
> ecp_oct.ec_GFp_simple_point2oct() at 0xd9acc0d4
> ec_oct.EC_POINT_point2oct() at 0xd9acb754
> ssl3_send_server_key_exchange() at 0xd99e7c28
> ssl3_accept() at 0xd99e9950
> SSL_accept() at 0xd99c0b98

It may be an issue in big number implementation.  It is hard to be sure,
because your heap was already corrupted before the CRYPTO_free() call.

> Should I be concerned that it looks like it is executing "free_function"
> from within an if statement "if OPENSSL_VERSION_NUMBER<0x1010000L but my
> openssl version is
> 
> 2017.02.21 09:31:35 LOG5[ui]: Compiled/running with OpenSSL 1.0.2j  26
> Sep 2016

Yes, "OPENSSL_VERSION_NUMBER<0x10100000L" means "older than OpenSSL 1.1.0".

> -          I had the same problem with earlier versions of openssl.

What about newer versions (1.1.0e, 1.0.2k)?

A debug build of OpenSSL may also be useful to get a more detailed stack
trace.

Also, make sure you're *not* using the IBM's build of OpenSSL, as it
contains some additional bugs courtesy of IBM.

Best regards,
	Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170221/82b0884d/attachment.sig>

More information about the stunnel-users mailing list