Mich,
I found a regression in 5.29.If I run stunnel.exe or tstunnel.exe with no arguments, having a configuration file stunnel.conf in the current directory, the program segfaults. This works fine on 5.28 or previous versions.
I uploaded a dump file to http://www.osronline.com/page.cfm?name=Analyze and the report pointed to a call to strncpy. Then, I ran a diff between 5.28 and 5.29 sources  and this sent me to file options.c, function options_cmdline. I found that in the call  strncpy(configuration_file, name, PATH_MAX-1), name was null. The problem is that variable name initialized at the begining of the function is garbled at the end.  The following patch fixed the issue for me:

--- options.c.old       Tue Dec 22 18:09:39 2015
+++ options.c   Mon Jan 04 23:14:29 2016
@@ -272,8 +272,11 @@
     } else
 #endif
     {
-        name=arg1;
-        type=CONF_FILE;
+        if (arg1)
+       {
+               name=arg1;
+               type=CONF_FILE;
+       }
     }

 #ifdef HAVE_REALPATH

Regards,
Jose A. Diaz

On Monday, January 4, 2016 4:11 PM, Michal Trojnara <***@mirt.net> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Guys,

This Friday I intend to release stunnel 5.29.

The planned list of changes:

* New features
  - New WIN32 icons.
  - Performance improvement: rwlocks used for locking with pthreads.

* Bugfixes
  - Compilation fix for *BSD.
  - Fixed configuration file reload for relative stunnel.conf path
    on Unix.
  - Fixed ignoring CRLfile unless CAfile was also specified (thx
    to Strukov Petr).

Feel free to try stunnel 5.29b3, so I can fix any
discovered issues before the final release:
https://www.stunnel.org/downloads.html

Best regards,
    Mike

Thank you for reporting this issue. I made a really dumb mistake.

My patch (restoring the intended control flow) is:

- --- a/src/options.c
+++ b/src/options.c
@@ -227,6 +227,9 @@ int options_cmdline(char *arg1, char *arg2) {
char *name;
CONF_TYPE type;

+#ifdef USE_WIN32
+ (void)arg2; /* squash the unused parameter warning */
+#endif
if(!arg1) {
name=
#ifdef CONFDIR
@@ -258,9 +261,7 @@ int options_cmdline(char *arg1, char *arg2) {
log_flush(LOG_MODE_INFO);
return 2;
} else
- -#ifdef USE_WIN32
- - (void)arg2; /* squash the unused parameter warning */
- -#else
+#ifndef USE_WIN32
if(!strcasecmp(arg1, "-fd")) {
if(!arg2) {
s_log(LOG_ERR, "No file descriptor specified");

I have uploaded stunnel-5.29b4 to https://www.stunnel.org/downloads.html

Best regards,
Mike

Mich,
Yes. My quick tests show that beta 4 works as intended.
Any suggestions to measure performance improvements against 5.28?
Regards,Jose

On Tuesday, January 5, 2016 4:48 AM, Michal Trojnara <***@mirt.net> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Thank you for reporting this issue.  I made a really dumb mistake.

My patch (restoring the intended control flow) is:

- --- a/src/options.c
+++ b/src/options.c
@@ -227,6 +227,9 @@ int options_cmdline(char *arg1, char *arg2) {
    char *name;
    CONF_TYPE type;

+#ifdef USE_WIN32
+    (void)arg2; /* squash the unused parameter warning */
+#endif
    if(!arg1) {
        name=
#ifdef CONFDIR
@@ -258,9 +261,7 @@ int options_cmdline(char *arg1, char *arg2) {
        log_flush(LOG_MODE_INFO);
        return 2;
    } else
- -#ifdef USE_WIN32
- -    (void)arg2; /* squash the unused parameter warning */
- -#else
+#ifndef USE_WIN32
    if(!strcasecmp(arg1, "-fd")) {
        if(!arg2) {
            s_log(LOG_ERR, "No file descriptor specified");

I have uploaded stunnel-5.29b4 to https://www.stunnel.org/downloads.html

Best regards,
    Mike

Thank you.
The change allows for multiple readers to simultaneously enter some
areas of code (in both OpenSSL and stunnel itself) that previously
were protected with simple critical sections. The change is supposed
to reduce latency when concurrent connections are used. Measuring the
actual improvement may be tricky.

The change was only implemented for pthreads. On Windows, rwlocks are
only available on Vista and higher. I'd need a better reason for
breaking compatibility with Windows 2000/XP. 8-)

Best regards,
Mike