[Bug 21501] New: Visual C++ 2010 beta 2 web installer can't replace corrupted downloads (sharing violation due to wintrust handle leak)

http://bugs.winehq.org/show_bug.cgi?id=21501

Summary: Visual C++ 2010 beta 2 web installer can't replace corrupted downloads (sharing violation due to wintrust handle leak) Product: Wine Version: 1.1.37 Platform: x86 URL: http://www.microsoft.com/visualstudio/en-us/try/defaul t.mspx#download OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wintrust AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net

Hello,

the web installer verifies the integrity of already downloaded files using hashing and wintrust signature checks.

In case of a corrupted file, WinVerifyTrust -> WINTRUST_DefaultVerify -> SOFTPUB_LoadFileMessage fails:

--- snip --- ... 0031:trace:wintrust:SoftpubInitialize (0x1004c230) 0031:trace:wintrust:SoftpubInitialize returning 00000000 0031:trace:wintrust:SoftpubLoadMessage (0x1004c230) 0031: create_file( access=80000000, attributes=00000040, sharing=00000001, create=1, options=00000050, attrs=00000080, objattr={rootdir=0000,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/windows/temp/21006.01/1033/VS_PRO/wcu/vc90sp1/vc_red.cab" ) 0031: create_file() = 0 { handle=0178 } 0031: get_handle_fd( handle=0178 ) 0031: *fd* 0178 -> 145 0031: get_handle_fd() = 0 { type=1, removable=0, access=00120089, options=00000050 } 0031:trace:wintrust:SOFTPUB_OpenFile returning 1 0031:trace:wintrust:SOFTPUB_GetFileSubject returning 1 0031:trace:wintrust:SOFTPUB_GetSIP returning 1 0031:trace:wintrust:CryptSIPGetSignedDataMsg (0x38ddf90 0x1004c268 0 0x9bf677c (nil)) 0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile (0x38ddf90 0x1004c268 0 0x9bf677c (nil)) 0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile cert_offset: 3823372 0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile cert_size: 5944 0031:warn:wintrust:WINTRUST_GetSignedMsgFromCabFile offset beyond file, not attempting to read 0031:trace:wintrust:CryptSIPGetSignedDataMsg returning 0 0031:trace:wintrust:SoftpubLoadMessage returning 1 (800b0100) 0031:trace:wintrust:WINTRUST_DefaultVerify returning 800b0100 0031:trace:wintrust:WinVerifyTrust returning 800b0100 ... --- snip ---

It seems if WinVerifyTrust fails that way, the caller is not supposed to clean up, e.g. calling WinVerifyTrust with WTD_STATEACTION_CLOSE -> WINTRUST_DefaultClose. The web installer never does - hence the handle + additional data is leaked.

This leaked file handle later leads to a sharing violation when urlmon tries to copy the new file from download cache to destination (DownloadBSC_OnStopBinding):

--- snip --- 0031: create_file( access=c0010000, attributes=00000040, sharing=00000007, create=1, options=00001040, attrs=00000000, objattr={rootdir=0000,sd={},name=L""}, filename="/home/focht/.wine/dosdevices/c:/windows/temp/21006.01/1033/VS_PRO/wcu/vc90sp1/vc_red.cab" ) 0031: create_file() = SHARING_VIOLATION { handle=0000 } ... --- snip ---

After 3 download + replacement tries, it gives up.

Properly internally cleaning up (closing the file handle ...) helps the installer/urlmon to replace the file.

Regards