In addition to my earlier packet capture and stack trace, I can now add a detailed debug log from a different occurrence of this crash. See attachment.
I turned the log level on stunnel all the way up to the maximum (debug=7) and left things running until another attack hit my server. This log only covers 30 seconds, but in that time stunnel handled four different incoming connections, the last of which ended in a crash. It's probably worth noting that right before the crash there's a big chunk of repetitive message pairs: "Remove session callback" followed by "Deallocating application specific data for session connect address", repeated in tandem until the crash with "INTERNAL ERROR: Bad magic at ssl.c, line 117". Hope that helps, and please let me know if there's any more information I can provide. ** Attachment added: "Debug log during crash" https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+attachment/5331741/+files/stunnel.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847275 Title: stunnel4: "INTERNAL ERROR: Bad magic at ssl.c, line 117" - DoS vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1847275/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
