https://bugs.winehq.org/show_bug.cgi?id=50331

Bug ID: 50331 Summary: WISE-based installers may create paths with special characters such as colon ':' which are invalid on Windows (Mario Forever 5.0) Product: Wine Version: 6.0-rc2 Hardware: x86-64 OS: Linux Status: NEW Severity: minor Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---

Hello folks,

while looking at bug 48895 I've noticed that the WISE-based installer creates a directory structure/path which should not exist. Such paths would be invalid on Windows.

Download:

https://web.archive.org/web/20111101054124/http://www.softendo.com/mario_gam...

-- snip --- $ ll .wine/drive_c/ total 24 drwxrwxr-x. 3 focht focht 4096 Dec 14 19:53 C: drwxrwxr-x. 3 focht focht 4096 Dec 14 19:53 ProgramData drwxrwxr-x. 6 focht focht 4096 Dec 14 19:52 'Program Files' drwxrwxr-x. 7 focht focht 4096 Dec 14 19:53 'Program Files (x86)' drwxrwxr-x. 4 focht focht 4096 Dec 14 19:53 users drwxrwxr-x. 17 focht focht 4096 Dec 14 19:53 windows --- snip ---

--- snip --- $ tree .wine/drive_c/C: .wine/drive_c/C: └── users └── focht └── Temp └── INSTALL.LOG

3 directories, 1 file --- snip ---

Yay.

'C:\users\focht\Temp\INSTALL.LOG' = ok 'C:\C:\users\focht\Temp\INSTALL.LOG' = invalid

--- snip --- $ WINEDEBUG=+seh,+relay wine ./Install_Mario_Forever_v5_0.exe >>log.txt 2>&1 ... 00dc:Call KERNEL32.CreateProcessA(00000000,00feb3a0 ""C:\Program Files (x86)\softendo.com\Mario Forever 5.0\Data\Mario Forever.exe"",00000000,00000000,00000001,00000020,00000000,00000000,0031fa14,0031fa04) ret=00402d64 ... 00dc:Ret KERNEL32.CreateProcessA() retval=00000001 ret=00402d64 ... 0164:Call KERNEL32.CreateProcessA(0031fdb0 "C:\users\focht\Temp\GLB3623.tmp",0031f9a0 "C:\users\focht\Temp\GLB3623.tmp \x7f4736 C:\PROG~5P2\softendo.com\MARI~UTU.0\Data\MARI~QXO.EXE",00000000,00000000,00000000,00000000,00000000,00000000,0031feb4,0031fef8) ret=004011ca ... 0164:Ret KERNEL32.CreateProcessA() retval=00000001 ret=004011ca ... 016c:Call KERNEL32.LoadLibraryA(0031fdec "C:\users\focht\Temp\GLC378f.tmp") ret=0040264d ... 016c:Ret PE DLL (proc=00BBA469,module=00BA0000 L"GLC378f.tmp",reason=PROCESS_ATTACH,res=00000000) retval=1 016c:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b01bdfc 016c:Call ntdll.RtlReleasePath(00183048) ret=7b01be33 016c:Ret ntdll.RtlReleasePath() retval=00000001 ret=7b01be33 016c:Ret KERNEL32.LoadLibraryA() retval=00ba0000 ret=0040264d 016c:Call KERNEL32.GetProcAddress(00ba0000,00405250 "WiseMain") ret=00402661 016c:Ret KERNEL32.GetProcAddress() retval=00ba100f ret=00402661 016c:Call KERNEL32.GetProcAddress(00ba0000,00405240 "UpdateScreen") ret=0040266e 016c:Ret KERNEL32.GetProcAddress() retval=00bac865 ret=0040266e 016c:Call KERNEL32.GetProcAddress(00ba0000,00405230 "DisplayGraphics") ret=0040267b 016c:Ret KERNEL32.GetProcAddress() retval=00ba2a6f ret=0040267b 016c:Call KERNEL32.GetProcAddress(00ba0000,00405224 "DiskPrompt") ret=00402688 016c:Ret KERNEL32.GetProcAddress() retval=00bad303 ret=00402688 016c:Call KERNEL32.GetProcAddress(00ba0000,00405218 "FileWrite") ret=00402695 016c:Ret KERNEL32.GetProcAddress() retval=00bb4119 ret=00402695 016c:Call KERNEL32.GetProcAddress(00ba0000,0040520c "HandleFtp") ret=004026a2 016c:Ret KERNEL32.GetProcAddress() retval=00bac84a ret=004026a2 ... 016c:Call KERNEL32.lstrcpyA(011e1036,0031dad0 "%MAINDIR%") ret=00bb234b 016c:Ret KERNEL32.lstrcpyA() retval=011e1036 ret=00bb234b 016c:Call KERNEL32.lstrcpyA(011eaf58,011c2db0 "C:\users\focht\Temp") ret=00bb2435 016c:Ret KERNEL32.lstrcpyA() retval=011eaf58 ret=00bb2435 ... 016c:Call KERNEL32.lstrcpyA(011b0ad8,001808a4 "%MAINDIR%\INSTALL.LOG") ret=00bab871 016c:Ret KERNEL32.lstrcpyA() retval=011b0ad8 ret=00bab871 ... 016c:Call KERNEL32.lstrlenA(011e1036 "%MAINDIR%") ret=00baae75 016c:Ret KERNEL32.lstrlenA() retval=00000009 ret=00baae75 016c:Call KERNEL32.lstrlenA(0031f4a1 "\INSTALL.LOG") ret=00baae7d 016c:Ret KERNEL32.lstrlenA() retval=0000000c ret=00baae7d 016c:Call KERNEL32.lstrlenA(011eaf58 "C:\C:\users\focht\Temp") ret=00baae8d 016c:Ret KERNEL32.lstrlenA() retval=00000016 ret=00baae8d 016c:Call KERNEL32.lstrlenA(011eaf58 "C:\C:\users\focht\Temp") ret=00baaeb9 016c:Ret KERNEL32.lstrlenA() retval=00000016 ret=00baaeb9 ... 016c:Call KERNEL32.lstrcpyA(0031f364,0031f498 "C:\C:\users\focht\Temp\INSTALL.LOG") ret=00bacb03 016c:Ret KERNEL32.lstrcpyA() retval=0031f364 ret=00bacb03 016c:Call user32.CharNextA(0031f364 "C:\C:\users\focht\Temp\INSTALL.LOG") ret=00bb699d 016c:Ret user32.CharNextA() retval=0031f365 ret=00bb699d 016c:Call user32.CharNextA(0031f365 ":\C:\users\focht\Temp\INSTALL.LOG") ret=00bb699d 016c:Ret user32.CharNextA() retval=0031f366 ret=00bb699d 016c:Call KERNEL32.CreateDirectoryA(0031f364 "C:",00000000) ret=00bac978 ... 016c:Call ntdll.RtlNtStatusToDosError(c0000035) ret=7b013301 016c:Ret ntdll.RtlNtStatusToDosError() retval=000000b7 ret=7b013301 016c:Ret KERNEL32.CreateDirectoryA() retval=00000000 ret=00bac978 016c:Call user32.CharNextA(0031f367 "C:\users\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f368 ret=00bac95f 016c:Call user32.CharNextA(0031f368 ":\users\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f369 ret=00bac95f 016c:Call KERNEL32.CreateDirectoryA(0031f364 "C:\C:",00000000) ret=00bac978 016c:Ret KERNEL32.CreateDirectoryA() retval=00000001 ret=00bac978 016c:Call KERNEL32.lstrlenA(0031f23c "Made Dir: C:\C:\r\n") ret=00bac9cc ... 016c:Call user32.CharNextA(0031f36a "users\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f36b ret=00bac95f 016c:Call user32.CharNextA(0031f36b "sers\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f36c ret=00bac95f 016c:Call user32.CharNextA(0031f36c "ers\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f36d ret=00bac95f 016c:Call user32.CharNextA(0031f36d "rs\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f36e ret=00bac95f 016c:Call user32.CharNextA(0031f36e "s\focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f36f ret=00bac95f 016c:Call KERNEL32.CreateDirectoryA(0031f364 "C:\C:\users",00000000) ret=00bac978 ... 016c:Ret KERNEL32.CreateDirectoryA() retval=00000001 ret=00bac978 016c:Call KERNEL32.lstrlenA(0031f23c "Made Dir: C:\C:\users\r\n") ret=00bac9cc ... 016c:Call user32.CharNextA(0031f370 "focht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f371 ret=00bac95f 016c:Call user32.CharNextA(0031f371 "ocht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f372 ret=00bac95f 016c:Call user32.CharNextA(0031f372 "cht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f373 ret=00bac95f 016c:Call user32.CharNextA(0031f373 "ht\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f374 ret=00bac95f 016c:Call user32.CharNextA(0031f374 "t\Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f375 ret=00bac95f 016c:Call KERNEL32.CreateDirectoryA(0031f364 "C:\C:\users\focht",00000000) ret=00bac978 016c:Ret KERNEL32.CreateDirectoryA() retval=00000001 ret=00bac978 016c:Call KERNEL32.lstrlenA(0031f23c "Made Dir: C:\C:\users\r\n") ret=00bac9cc ... 016c:Call user32.CharNextA(0031f376 "Temp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f377 ret=00bac95f 016c:Call user32.CharNextA(0031f377 "emp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f378 ret=00bac95f 016c:Call user32.CharNextA(0031f378 "mp\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f379 ret=00bac95f 016c:Call user32.CharNextA(0031f379 "p\INSTALL.LOG") ret=00bac95f 016c:Ret user32.CharNextA() retval=0031f37a ret=00bac95f 016c:Call KERNEL32.CreateDirectoryA(0031f364 "C:\C:\users\focht\Temp",00000000) ret=00bac978 016c:Ret KERNEL32.CreateDirectoryA() retval=00000001 ret=00bac978 016c:Call KERNEL32.lstrlenA(0031f23c "Made Dir: C:\C:\users\focht\r\n") ret=00bac9cc ... 016c:Call KERNEL32.SetFileAttributesA(0031f364 "C:\C:\users\focht\Temp\INSTALL.LOG",00000000) ret=00bacb33 016c:Ret KERNEL32.SetFileAttributesA() retval=00000000 ret=00bacb33 ... 016c:Call KERNEL32.CreateFileA(0031f364 "C:\C:\users\focht\Temp\INSTALL.LOG",40000000,00000000,00000000,00000003,00000080,00000000) ret=00bb40c9 016c:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00bb40c9 ... 016c:Call KERNEL32.CreateFileA(0031f364 "C:\C:\users\focht\Temp\INSTALL.LOG",40000000,00000000,00000000,00000002,00000080,00000000) ret=00bb40c9 016c:Ret KERNEL32.CreateFileA() retval=000000a8 ret=00bb40c9 --- snip ---

Content of the file:

--- snip --- *** Installation Started 12/14/2020 22:00 *** Title: Mario Forever Toolbar Source: C:\users\focht\Temp\GLBe5e0.tmp | 12-14-2020 | 22:00:00 | 71680 --- snip ---

There is some brain damage in the Wise Installation Wizard helper module which leads to the (invalid) path 'C:\C:\users\focht\Temp\INSTALL.LOG' -> installer bug.

Using that invalid path as input, the installer code will try to recursively create the directory hierarchy. It forward-searches the path string for backlash '\' and temporarily puts a NULL-terminator in place of it. It then calls 'CreateDirectoryA' on it. Afterwards it puts the backslash back and searches further until the last backlash. See the trace log.

Although there is no limitation on Linux, Wine shouldn't allow the creation of directories/paths which contain special characters such as colon ':' (drive delimiter).

I've made this issue 'minor' for now because it doesn't affect the installer itself. Regarding the log file content: nothing of value would be lost. The browser toolbar (also search engine redirector) is garbage anyway. Borderline malware.

$ sha1sum Install_Mario_Forever_v5_0.exe af961a2a63f1380731c0f9cb7dc8a0e1447b1618 Install_Mario_Forever_v5_0.exe

$ du -sh Install_Mario_Forever_v5_0.exe 17M Install_Mario_Forever_v5_0.exe

$ wine --version wine-6.0-rc2

Regards