Bug 284801 - stunnel fails to handle smtp protocol.
Summary: stunnel fails to handle smtp protocol.
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: stunnel
Version: 5.0
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
: ---
Assignee: Miloslav Trmač
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-10 16:32 UTC by John Haxby
Modified: 2013-04-12 19:20 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-09-24 15:11:42 UTC


Attachments (Terms of Use)
A backported patch (1.60 KB, patch)
2007-09-24 12:55 UTC, Miloslav Trmač
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0894 normal SHIPPED_LIVE stunnel bug fix update 2008-09-24 15:11:39 UTC

Description John Haxby 2007-09-10 16:32:10 UTC
Description of problem:

If I configure stunnel for SMTP TLS then it gives the wrong greeting (see below)
and crashes on a subsequent EHLO.

Version-Release number of selected component (if applicable): stunnel-4.15-2


How reproducible: Every time.


Steps to Reproduce:
1. Configure stunnel.  I created /etc/stunnel/stunnel.conf containing this:
-------------------------------------------
cert = /etc/pki/tls/certs/localhost.crt
key = /etc/pki/tls/private/localhost.key

chroot = /var/run/stunnel
setuid = nobody
setgid = nobody
pid = /stunnel.pid

[smtps]
accept = 465
connect = 25
protocol = smtp
--------------------------------------
Don't forget to

mkdir /var/run/stunnel
chgrp nobody:nobody /var/run/stunnel

2. Start stunne: "stunnel /etc/stunnel/stunnel.conf
3. Connect to port 465 and start an SMTP conversation.  You'll see this (I've
put <<< and >>> to indicate who is sending what

# telnet localhost 465
<<< Trying 127.0.0.1...
<<< Connected to localhost.localdomain (127.0.0.1).
<<< Escape character is '^]'.
<<< 220220 beth.example.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 10 Sep 2007
17:18:58 +0100 + stunnel
>>> ehlo localhost
<<< 250-ehlo localhost Welcome
<<< Connection closed by foreign host.

/var/log/secure says this:

Sep 10 17:18:57 beth stunnel: LOG5[28421:3086252944]: smtps connected from
127.0.0.1:3297
Sep 10 16:18:58 beth stunnel: LOG5[28421:3086252944]: Negotiations for smtp
(server side) started

On x86_64 I also get this:
Sep 10 17:12:00 aleph kernel: stunnel[25408]: segfault at 0000555555564f5f rip
000055555555feb7 rsp 000000004000f8b0 error 7


You can see what the actual protocol exchange should be if you telnet to port 25
and send the "ehlo localhost".  In this case, the greeting starts "220" not
"220220" and there's rather more than the one line with the spurious
continuation in response to the ehlo.

For the moment, I've installed Fedora 7's stunnel (stunnel-4.20-2) and that
works fine.

Comment 1 John Haxby 2007-09-10 16:40:54 UTC
Sorry, where it says "chgrp nobody:nobody /var/run/stunnel" that should of
course be "chown ..."

Comment 2 Miloslav Trmač 2007-09-24 12:55:15 UTC
Created attachment 204111 [details]
A backported patch

Thanks for your report.

If you are a RHEL customer and have an active support entitlement, please
contact official Red Hat Support at https://www.redhat.com/apps/support/ to
allow correct prioritization of this issue.

Comment 3 John Haxby 2007-10-11 10:15:55 UTC
Only got a developer license :-(

However, the patch applies just fine and fixes the problem.  Many thanks.

Comment 4 RHEL Product and Program Management 2007-12-03 20:46:13 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release.  This request will
be reviewed for a future Red Hat Enterprise Linux release.

Comment 10 errata-xmlrpc 2008-09-24 15:11:42 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0894.html


Note You need to log in before you can comment on or make changes to this bug.