[Bug 24160] New: sigcheck incorrectly validates modified exes
http://bugs.winehq.org/show_bug.cgi?id=24160 Summary: sigcheck incorrectly validates modified exes Product: Wine Version: 1.3.1 Platform: x86 URL: http://technet.microsoft.com/en-us/sysinternals/bb8974 41.aspx OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: crypt32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: adys.wh(a)gmail.com http://www.pastethat.com/dJurt/get (3MB compressed, 8MB uncompressed - cant attach) wine sigcheck -q wow2.exe Z:\home\adys\Wow2.exe: Verified: Signed Signing date: 1:43 PM 8/26/2010 Publisher: Blizzard Entertainment Description: World of Warcraft Retail Product: World of Warcraft Version: Version 3.3 File version: 3, 3, 5, 12340 fixme:mscoree:CorExitProcess (0) stub The file is NOT valid, and on Windows it shows up as "Bad signature" instead of Signed. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 --- Comment #1 from Jerome Leclanche <adys.wh(a)gmail.com> 2010-08-26 08:09:11 --- Created an attachment (id=30404) --> (http://bugs.winehq.org/attachment.cgi?id=30404) Smaller exe Smaller exe that reproduces the issue -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 Jerome Leclanche <adys.wh(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|crypt32 |wintrust --- Comment #2 from Juan Lang <juan_lang(a)yahoo.com> 2010-08-26 11:41:27 --- Wintrust is a more likely component. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 Juan Lang <juan_lang(a)yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 --- Comment #3 from Juan Lang <juan_lang(a)yahoo.com> 2010-09-02 11:24:38 CDT --- Confirming. Output on Windows XP on the smaller exe: C:\foo\WowError2.exe: Verified: Bad Signature Signing date: 9:23 AM 9/2/2010 Publisher: n/a Description: n/a Product: n/a Version: n/a File version: n/a -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 --- Comment #4 from Juan Lang <juan_lang(a)yahoo.com> 2010-09-07 11:42:09 CDT --- For what it's worth, I mentioned this limitation a while back: http://www.winehq.org/pipermail/wine-devel/2008-July/067661.html In order to verify a file's signature, we need to be able to generate a correct one. That's partly bug 16420, i.e. an implementation of wintrust:CryptSIPCreateIndirectData is probably needed. I don't think they're quite duplicates. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 Jerome Leclanche <adys.wh(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |16420 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 Chris Boyle <chris(a)boyle.name> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chris(a)boyle.name -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=24160 --- Comment #5 from Austin English <austinenglish(a)gmail.com> 2013-09-19 20:13:17 CDT --- austin(a)aw25 ~ $ wine sigcheck.exe WowError2.exe fixme:process:SetProcessDEPPolicy (1): stub fixme:wer:WerSetFlags (2) stub! fixme:heap:HeapSetInformation (nil) 1 (nil) 0 fixme:process:SetProcessShutdownParameters (00000380, 00000000): partial stub. Sigcheck v1.92 - File version and signature viewer Copyright (C) 2004-2013 Mark Russinovich Sysinternals - www.sysinternals.com fixme:wintrust:CryptCATEnumerateMember unhandled object id "1.3.6.1.4.1.311.12.2.1" ^ repeats a dozen or so times Z:\home\austin\WowError2.exe: Verified: Signed Signing date: 12:21 AM 6/25/2010 Publisher: Blizzard Entertainment Description: n/a Product: n/a Version: n/a File version: n/a still in wine-1.7.2-106-g7f859e5 -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=24160 roger(a)mailinator.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |roger(a)mailinator.com --- Comment #6 from roger(a)mailinator.com --- Sigcheck v2.1 - File version and signature viewer Copyright (C) 2004-2014 Mark Russinovich Sysinternals - www.sysinternals.com Z:\home\ko\Downloads\WowError2.exe: Verified: Signed Signing date: 9:21 25.6.2010 Publisher: Blizzard Entertainment Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: 32-bit wine 1.7.31 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=24160 Bug 24160 depends on bug 16420, which changed state. Bug 16420 Summary: Certificate chaining error trying to use Microsoft signcode tool https://bugs.winehq.org/show_bug.cgi?id=16420 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |ABANDONED -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=24160 Romain Lechat <romlepetitlyonnais(a)hotmail.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |romlepetitlyonnais(a)hotmail. | |fr --- Comment #7 from Romain Lechat <romlepetitlyonnais(a)hotmail.fr> --- Hello, I am looking for a solution to this bug. Has anyone found it ? Thanks -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org