Bug 21653

Summary: stunnel segfaults during curl tests
Product: Mageia Reporter: Pascal Terjan <pterjan>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: guillomovitch, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: stunnel CVE:
Status comment:

Description Pascal Terjan 2017-09-01 20:08:10 CEST 
This is currently preventing us from having a curl using new openssl in Cauldron. It segfaults during test 323 and breaks following SSL tests

For some reason debuginfo are broken

Reading symbols from /usr/bin/stunnel.bin...Reading symbols from /usr/bin/stunnel.bin...(no debugging symbols found)...done.
(no debugging symbols found)...done.
(gdb) Starting program: /usr/bin/stunnel /home/pterjan/co/curl/BUILD/curl-7.55.1/tests/https_stunnel.conf
Missing separate debuginfos, use: debuginfo-install glibc-2.22-25.mga6.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7ffff66a1700 (LWP 25652)]
[New Thread 0x7ffff7fe5700 (LWP 25668)]
[Thread 0x7ffff7fe5700 (LWP 25668) exited]
[New Thread 0x7ffff7fe5700 (LWP 25703)]

Thread 4 "stunnel.bin" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fe5700 (LWP 25703)]
0x00007ffff7888b8d in OPENSSL_sk_value () from /lib64/libcrypto.so.1.1
(gdb) #0  0x00007ffff7888b8d in OPENSSL_sk_value () from /lib64/libcrypto.so.1.1
No symbol table info available.
#1  0x00007ffff7824d29 in CRYPTO_free_ex_data () from /lib64/libcrypto.so.1.1
No symbol table info available.
#2  0x00007ffff7ba25c4 in SSL_SESSION_free () from /lib64/libssl.so.1.1
No symbol table info available.
#3  0x00007ffff7b9dda2 in SSL_free () from /lib64/libssl.so.1.1
No symbol table info available.
#4  0x000055555555f6a9 in client_run ()
No symbol table info available.
#5  0x00005555555615ea in client_main ()
No symbol table info available.
#6  0x0000555555561610 in client_thread ()
No symbol table info available.
#7  0x00007ffff709566d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#8  0x00007ffff6dd0e4d in clone () from /lib64/libc.so.6
No symbol table info available.
Comment 1 Pascal Terjan 2017-09-01 20:18:07 CEST 
Ah I got something better:

Running as client:

/usr/bin/valgrind --tool=memcheck --quiet --leak-check=yes --suppressions=./valgrind.supp --num-callers=16 --log-file=log/valgrind323 ../src/curl --output log/curl323.out  --include --trace-ascii log/trace323 --trace-time --insecure --tlsauthtype SRP --tlsuser jsmith --tlspassword badpass https://127.0.0.1:8991/want/323 >log/stdout323 2>log/stderr323

Causes:
[New Thread 0x7ffff7fe5700 (LWP 26130)]
2017.09.01 19:16:52 LOG5[2]: Service [curltest] accepted connection from 127.0.0.1:59904
2017.09.01 19:16:52 LOG3[2]: SSL_accept: 1417A0C1: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
2017.09.01 19:16:52 LOG5[2]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

Thread 5 "stunnel" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fe5700 (LWP 26130)]
0x00007ffff78891b6 in CRYPTO_atomic_add () from /lib64/libcrypto.so.1.1
(gdb) bt full
#0  0x00007ffff78891b6 in CRYPTO_atomic_add () from /lib64/libcrypto.so.1.1
No symbol table info available.
#1  0x00007ffff774d94d in asn1_do_lock () from /lib64/libcrypto.so.1.1
No symbol table info available.
#2  0x00007ffff774a7e0 in asn1_item_embed_free () from /lib64/libcrypto.so.1.1
No symbol table info available.
#3  0x00007ffff774a975 in ASN1_item_free () from /lib64/libcrypto.so.1.1
No symbol table info available.
#4  0x00007ffff7ba25ec in SSL_SESSION_free () from /lib64/libssl.so.1.1
No symbol table info available.
#5  0x00007ffff7b9dda2 in SSL_free () from /lib64/libssl.so.1.1
No symbol table info available.
#6  0x000055555555f6a9 in client_run (c=c@entry=0x5555558004d0) at client.c:194
        err = <optimized out>
        rst = <optimized out>
        num_clients_copy = <optimized out>
#7  0x00005555555615ea in client_main (c=c@entry=0x5555558004d0) at client.c:138
No locals.
#8  0x0000555555561610 in client_thread (arg=0x5555558004d0) at client.c:97
        c = 0x5555558004d0
#9  0x00007ffff709566d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#10 0x00007ffff6dd0e4d in clone () from /lib64/libc.so.6
No symbol table info available.
Comment 2 Pascal Terjan 2017-09-01 20:24:41 CEST 
stunnel 5.41 has:
Fixed crashes with the OpenSSL 1.1.0 branch.

I'll try with 5.42.
Comment 3 Marja Van Waes 2017-09-02 08:56:26 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing guillomovitch who committed most often to it.

CC: (none) => guillomovitch, marja11
Assignee: bugsquad => pkg-bugs

Comment 4 Pascal Terjan 2017-09-02 09:24:49 CEST 
I have failed to build 5.42, autoconf doesn't seem to like something
Comment 5 Pascal Terjan 2017-09-03 15:52:19 CEST 
I hacked stunnel 5.42 into building, and it no longer crashes during curl tests
Comment 6 Pascal Terjan 2017-09-03 15:52:34 CEST 
Closing

Resolution: (none) => FIXED
Status: NEW => RESOLVED