NetBSD Problem Report #23245
Received: (qmail 11410 invoked by uid 605); 23 Oct 2003 12:31:09 -0000
Message-Id: <200310231231.h9NCV17G003064@heiligenberg.nt.e-technik.tu-darmstadt.de>
Date: Thu, 23 Oct 2003 14:31:01 +0200 (CEST)
From: Hauke Fath <hf@spg.tu-darmstadt.de>
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: gnats-bugs@gnats.netbsd.org
Cc: Hauke Fath <hf@spg.tu-darmstadt.de>
Subject: security/stunnel does not terminate
X-Send-Pr-Version: 3.95
>Number: 23245
>Category: pkg
>Synopsis: security/stunnel does not terminate properly.
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: hauke
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Oct 23 12:32:00 +0000 2003
>Closed-Date:
>Last-Modified: Mon Oct 19 18:42:35 +0000 2020
>Originator: Hauke Fath <hf@spg.tu-darmstadt.de>
>Release: NetBSD 1.6ZC
>Organization:
--
Hauke Fath /~\ The ASCII Ribbon Campaign
Institut für Nachrichtentechnik \ / No HTML/RTF in email
TU Darmstadt X No Word docs in email
Ruf +49-6151-16-3281 / \ Respect for open standards
>Environment:
System: NetBSD heiligenberg 1.6ZC NetBSD 1.6ZC (HEILIGENBERG) #1: Fri Sep 26 16:51:05 CEST 2003 hf@heiligenberg:/var/obj/netbsd-builds/i386/obj/sys/arch/i386/compile/HEILIGENBERG i386
Architecture: i386
Machine: i386
I see the same thing on a NetBSD/sparc 1.6.1 machine.
[hf@heiligenberg] ~ # stunnel -version
stunnel 4.04 on i386--netbsdelf FORK+LIBWRAP with OpenSSL 0.9.7b 10 Apr 2003
Global options
cert = /etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
debug = 5
key = /etc/stunnel/stunnel.pem
pid = /usr/pkg/var/run/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
session = 300 seconds
verify = none
Service-level options
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTidle = 43200 seconds
[hf@heiligenberg] ~ # cat /etc/uucp/stunnel.conf
# $Id: stunnel.conf,v 1.3 2003/09/08 21:16:52 hauke Exp hf $
#
# stunnel setup for uucp client
debug = mail.info
client = yes
pid =
[uucico]
connect = uucp.XXXXX.YYY:940
exec = /usr/libexec/uucp/uucico
execargs = uucico --nodetach --nouuxqt --debug abnormal -S uucp
>Description:
After updating stunnel 3.xx to version 4, stunnel processes
keep hanging around indefinitely after the uucico job is done,
both in the background and in the foreground (option
'foreground = yes'). With two uucp connects per hour, this
gets annoying quickly.
This did not happen with stunnel 3.xx. Since the stunnel group
mis-designed other things (removing the cli options, for one),
can we have an stunnel3 package?
>How-To-Repeat:
Do an 'stunnel /etc/uucp/stunnel.conf', see the job does not
terminate when in the foreground, and processes keep hanging
around when started as a daemon.
Attach gdb:
(gdb) bt
#0 0x481c454b in select () from /usr/lib/libc.so.12
#1 0x8051032 in sselect (n=4, readfds=0xbfbff344, writefds=0x0,
exceptfds=0x0, timeout=0x0) at sselect.c:85
#2 0x8052bc0 in daemon_loop () at stunnel.c:195
#3 0x80527b9 in main_execute () at stunnel.c:105
#4 0x80526db in main (argc=2, argv=0xbfbff424) at stunnel.c:72
#5 0x804a594 in ___start ()
(gdb) up
#1 0x8051032 in sselect (n=4, readfds=0xbfbff344, writefds=0x0,
exceptfds=0x0, timeout=0x0) at sselect.c:85
85 retval=select(n, readfds, writefds, exceptfds, NULL);
(gdb) info frame
Stack level 1, frame at 0xbfbff2e4:
eip = 0x8051032 in sselect (sselect.c:85); saved eip 0x8052bc0
called by frame at 0xbfbff394, caller of frame at 0xbfbff2e4
source language c.
Arglist at 0xbfbff2e4, args: n=4, readfds=0xbfbff344, writefds=0x0,
exceptfds=0x0, timeout=0x0
Locals at 0xbfbff2e4, Previous frame's sp is 0x0
Saved registers:
ebx at 0xbfbff2cc, ebp at 0xbfbff2e4, eip at 0xbfbff2e8
(gdb)
>Fix:
Set up a cron job that kills the rogue stunnel processes, or
roll back to stunnel 3.
Or, fix stunnel.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->martti
Responsible-Changed-By: wiz
Responsible-Changed-When: Tue Jul 6 10:48:41 UTC 2004
Responsible-Changed-Why:
over to maintainer
State-Changed-From-To: open->feedback
State-Changed-By: reed@netbsd.org
State-Changed-When: Sat, 15 Oct 2005 02:50:02 +0000
State-Changed-Why:
Packaged updated a few times since then. Asked if problem still exists.
From: "Jeremy C. Reed" <reed@reedmedia.net>
To: Hauke Fath <hf@spg.tu-darmstadt.de>
Cc: gnats-bugs@netbsd.org
Subject: Re: pkg/23245
Date: Fri, 14 Oct 2005 19:49:38 -0700 (PDT)
I am looking at old PR 23245.
http://www.NetBSD.org/cgi-bin/query-pr-single.pl?number=23245
I didn't check if this is a problem anymore myself.
I saw your test platform was 1.6ZC and 1.6.1 which is now quite old.
And stunnel has been updated a few times since then.
Does this problem still exist?
Jeremy C. Reed
technical support & remote administration
http://www.pugetsoundtechnology.com/
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: reed@netbsd.org
Cc: martti@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-admin@netbsd.org, reed@netbsd.org,
Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
Subject: Re: pkg/23245
Date: Tue, 18 Oct 2005 00:31:36 +0200
At 2:50 Uhr +0000 15.10.2005, reed@netbsd.org wrote:
>Packaged updated a few times since then. Asked if problem still exists.
I switched to wip/stunnel3 long ago because of the issue, but the stunnel 4
config should still be there. I'll have a look at it.
hauke
--
"It's never straight up and down" (DEVO)
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: reed@netbsd.org
Cc: martti@netbsd.org, gnats-bugs@netbsd.org, gnats-admin@netbsd.org,
Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
Subject: Re: pkg/23245
Date: Sun, 15 Jan 2006 23:06:52 +0100
At 2:50 Uhr +0000 15.10.2005, reed@netbsd.org wrote:
>State-Changed-From-To: open->feedback
>State-Changed-By: reed@netbsd.org
>State-Changed-When: Sat, 15 Oct 2005 02:50:02 +0000
>State-Changed-Why:
>Packaged updated a few times since then. Asked if problem still exists.
Yes, it does.
[hauke@pizza] /etc/uucp # uname -a
NetBSD pizza.causeuse.org 3.0_STABLE NetBSD 3.0_STABLE (PIZZA) #1: Tue Jan
3 22:52:41 CET 2006
hauke@pizza.causeuse.org:/var/obj/netbsd-builds/netbsd-3/sparc/sys/arch/sparc/co
mpile/PIZZA sparc
[hauke@pizza] /etc/uucp # pkg_info | grep stunnel
stunnel-4.07nb2 Universal SSL tunnel
[hauke@pizza] /etc/uucp # /usr/pkg/sbin/stunnel -version
stunnel 4.07 on sparc--netbsdelf FORK+POLL+IPv6+LIBWRAP with OpenSSL 0.9.7d
17 Mar 2004
Global options
cert = /etc/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
debug = 5
key = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
session = 300 seconds
verify = none
Service-level options
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
[hauke@pizza] /etc/uucp # ps ax | grep st\\unnel
27190 ? Is 0:00.03 /usr/pkg/sbin/stunnel /etc/uucp/stunnel.conf
[hauke@pizza] /etc/uucp # gdb /usr/pkg/sbin/stunnel 27190
[...]
(gdb) bt
#0 0x4026275c in poll () from /usr/lib/libc.so.12
#1 0x0001c854 in s_poll_wait (fds=0xefffe208, timeout=-1) at network.c:170
#2 0x000202b4 in daemon_loop () at stunnel.c:187
#3 0x0001fe10 in main_execute () at stunnel.c:106
#4 0x0001fca4 in main (argc=2, argv=0xefffe5d4) at stunnel.c:72
#5 0x0001287c in ___start ()
(gdb)
hauke
--
"It's never straight up and down" (DEVO)
Responsible-Changed-From-To: martti->pkg-manager
Responsible-Changed-By: reed@netbsd.org
Responsible-Changed-When: Sat, 08 Apr 2006 05:58:30 +0000
Responsible-Changed-Why:
Changed because is no longer the maintainer and
said can't test anymore.
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org
Subject: Re: pkg/23245
Date: Sat, 21 Oct 2006 01:32:47 +0200
Things got worse.
I have tried both stunnel 4.15 (the current pkgsrc version) and 4.18, the
latter built with and without pthreads support.
[hauke@pizza] /etc/uucp # stunnel -version
stunnel 4.18 on sparc--netbsdelf with OpenSSL 0.9.7d 17 Mar 2004
Threading:FORK SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/pkg/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
key = /etc/pkg/stunnel/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
With the config file
[hauke@pizza] /etc/uucp # cat stunnel.conf
# $Id: stunnel.conf,v 1.3 2003/09/08 21:16:52 hauke Exp hauke $
#
# stunnel setup for uucp client
debug = mail.debug
foreground = yes
client = yes
pid =
[uucico]
connect = uucp.xxxxx.yyy:940
exec = /usr/libexec/uucp/uucico
execargs = uucico --nodetach --debug abnormal -S uucp
all the builds _loop_, i.e. call uucico again and again after it has
completed the data transfer.
The tunnel is set up correctly, but stunnel mis-manages the local client.
In addition, when "foreground = no" is set in the above configuration,
non-terminating stunnel processes end up hanging in the background as
before.
I can reproduce the problem, and provide a debug log and ktrace if needed.
The pkg update 4.15 -> 4.18 is here:
http://la.causeuse.org/hauke/NetBSD/pkgsrc/pr23245.shar
hauke
--
"It's never straight up and down" (DEVO)
State-Changed-From-To: feedback->open
State-Changed-By: minskim@netbsd.org
State-Changed-When: Thu, 21 Jun 2007 12:36:27 +0000
State-Changed-Why:
Feedback received.
State-Changed-From-To: open->feedback
State-Changed-By: asau@NetBSD.org
State-Changed-When: Mon, 02 Nov 2009 13:57:48 +0000
State-Changed-Why:
Does the problem persist with stunnel-4.27 (current) and supported release?
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org, asau@NetBSD.org
Subject: Re: pkg/23245 (security/stunnel does not terminate properly.)
Date: Sun, 4 Apr 2010 16:00:45 +0200
At 13:57 Uhr +0000 2.11.2009, asau@NetBSD.org wrote:
>Synopsis: security/stunnel does not terminate properly.
>
>Does the problem persist with stunnel-4.27 (current) and supported release?
Sorry for the late reply. I just checked with stunnel 4.32 (easy pkg
update, just adjust checksum)
# uname -mrs
NetBSD 4.0_STABLE sparc
# stunnel -version
stunnel 4.32 on sparc--netbsdelf with OpenSSL 0.9.8e 23 Feb 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = daemon.notice
pid = /var/run/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/pkg/stunnel/stunnel.pem
ciphers = ALL:!ADH:+RC4:@STRENGTH
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
#
and things are worse than ever. Using the following stunnel config file
# $Id: stunnel.conf,v 1.4 2006/12/08 23:11:39 hauke Exp hauke $
#
# stunnel setup for uucp client
syslog = no
debug = mail.debug
output = /var/log/stunnel.log
foreground = no
client = yes
pid =
[uucico]
connect = uucp.rninet.net:940
exec = /usr/pkg/sbin/uucico
execargs = uucico --nodetach --debug abnormal -S uucp
pty = yes
with "foreground = yes" set, uucico is executed, then stunnel hangs there,
not terminating. With "foreground = no", the log has
2010.04.04 15:40:39 LOG5[9468:4018143232]: Reading configuration from file
/etc/pkg/uucp/stunnel.conf
2010.04.04 15:40:39 LOG7[9468:4018143232]: Snagged 64 random bytes from
/dev/urandom
2010.04.04 15:40:39 LOG7[9468:4018143232]: RAND_status claims sufficient
entropy for the PRNG
2010.04.04 15:40:39 LOG7[9468:4018143232]: PRNG seeded successfully
2010.04.04 15:40:39 LOG7[9468:4018143232]: SSL context initialized for
service uucico
2010.04.04 15:40:39 LOG5[9468:4018143232]: Configuration successful
2010.04.04 15:40:39 LOG5[9468:4018143232]: No limit detected for the number
of clients
2010.04.04 15:40:39 LOG7[9468:4018143232]: FD=8 in non-blocking mode
2010.04.04 15:40:39 LOG7[9468:4018143232]: FD=9 in non-blocking mode
2010.04.04 15:40:39 LOG7[8731:4018143232]: No pid file being created
2010.04.04 15:40:39 LOG5[8731:4018143232]: stunnel 4.32 on sparc--netbsdelf
with OpenSSL 0.9.8e 23 Feb 2007
2010.04.04 15:40:39 LOG5[8731:4018143232]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP
-- stunnel just hangs there, uucico is not executed.
I'll take the issue to the stunnel-users list, and see what comes of it. As
usual, wip/stunnel3 just works.
hauke
--
"It's never straight up and down" (DEVO)
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: gnats-bugs@NetBSD.org
Cc: pkg-manager@NetBSD.org, gnats-admin@NetBSD.org
Subject: Re: pkg/23245 (security/stunnel does not terminate properly.)
Date: Sun, 4 Apr 2010 17:12:05 +0200
At 14:20 Uhr +0000 4.4.2010, Hauke Fath wrote:
> At 13:57 Uhr +0000 2.11.2009, asau@NetBSD.org wrote:
> >Synopsis: security/stunnel does not terminate properly.
> >
> >Does the problem persist with stunnel-4.27 (current) and supported release?
>
> Sorry for the late reply. I just checked with stunnel 4.32
Building stunnel with
# See <http://mail-index.netbsd.org/pkgsrc-users/2008/06/03/msg007314.html>
# pthreads have issues on sparc
PKG_OPTIONS.stunnel += -threads
makes the "foreground = no" case work "as before", i.e. the stunnel process
runs uucico successfully, but then stays around forever after uucico has
terminated.
hauke
--
"It's never straight up and down" (DEVO)
State-Changed-From-To: feedback->open
State-Changed-By: hauke@NetBSD.org
State-Changed-When: Sun, 04 Apr 2010 15:54:10 +0000
State-Changed-Why:
I provided feedback. The problems with the package still exist
on current releases.
State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Sun, 28 May 2017 03:12:53 +0000
State-Changed-Why:
Requesting a re-test after PR kern/47569 (SOCK_NONBLOCK doesn't work)
From: coypu@sdf.org
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: pkg/23245: security/stunnel does not terminate properly.
Date: Sun, 28 May 2017 03:17:02 +0000
Sorry for the excess feedback requests with no changes.
PR 47569 seems very relevant for this and is fixed.
not having non-block is also relevant-sounding.
Thanks for your understanding
Responsible-Changed-From-To: pkg-manager->hauke
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Mon, 19 Oct 2020 18:42:35 +0000
Responsible-Changed-Why:
Hauke is now a developer.
State-Changed-From-To: feedback->open
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Mon, 19 Oct 2020 18:42:35 +0000
State-Changed-Why:
feedback timeout
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.