Package: stunnel4 Version: 3:5.06-2 Severity: important Tags: upstream Dear Maintainer,
Problem: -------- A client application is connecting to a Stunnel instance via TLS. The Stunnel decrypts a request and forwards it to a server. The server sends a large reply (approximately 128 kB of text). The Stunnel encrypts the reply and sends it back to the client application. The application sometimes receives all data, sometimes it gets truncated data. Client, Stunnel and server run on the same machine. How to reproduce ? ------------------ 1. Create a text file "128kb.txt", 128 kB long. 2. Create a script "cat_file.sh" with a single line: ----------------------------------------- cat /home/andris/stunnel_test/128kb.txt ----------------------------------------- 3. Create a "stunnel_client.conf" file: ----------------------------------------- pid = /home/andris/stunnel_test/stunnel_client.pid debug = 7 output = /home/andris/stunnel_test/stunnel_client.log [test-service] client = yes accept = 10001 connect = 10002 ----------------------------------------- 4. Create a "stunnel_server.conf" file: ----------------------------------------- pid = /home/andris/stunnel_test/stunnel_server.pid debug = 7 output = /home/andris/stunnel_test/stunnel_server.log cert = /home/andris/stunnel_test/server.pem [test-service] client = no accept = 10002 exec = /home/andris/stunnel_test/cat_file.sh ----------------------------------------- 5. Start both Stunnel instances: $ stunnel stunnel_client.conf $ stunnel stunnel_server.conf 6. Observe stunnel_server.log: $ tail -f stunnel_server.log | grep 'Connection closed' 7. Telnet into "client" Stunnel instance (repeat multiple times): $ telnet localhost 10001 8. Tail/grep from "stunnel_server.log" shows unpredictable data truncation: 2014.11.27 23:11:56 LOG5[25472]: Connection closed: 127658 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:05 LOG5[25808]: Connection closed: 131072 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:08 LOG5[25813]: Connection closed: 127658 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:09 LOG5[25818]: Connection closed: 131072 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:10 LOG5[25823]: Connection closed: 62122 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:11 LOG5[25828]: Connection closed: 94890 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:12 LOG5[25833]: Connection closed: 131072 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:13 LOG5[25838]: Connection closed: 127658 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.11.28 00:03:14 LOG5[25843]: Connection closed: 111274 byte(s) sent to SSL, 0 byte(s) sent to socket I observed this on both 32-bit and 64-bit "Debian testing" with Stunnel 3:5.06-2. Stunnel 4.56 (compiled from source) works fine. -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=lv_LV.UTF-8, LC_CTYPE=lv_LV.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages stunnel4 depends on: ii adduser 3.113+nmu3 ii libc6 2.19-13 ii libssl1.0.0 1.0.1j-1 ii libsystemd0 215-6 ii libwrap0 7.6.q-25 ii multiarch-support 2.19-13 ii netbase 5.3 ii openssl 1.0.1j-1 ii perl 5.20.1-3 ii perl-modules 5.20.1-3 stunnel4 recommends no packages. Versions of packages stunnel4 suggests: pn logcheck-database <none> -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
