http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #2 from Austin English austinenglish@gmail.com 2011-09-15 12:28:30 CDT --- I also get a crash in rpcrt4/server, but not consistently. The backtrace shows secur32: ../../../tools/runtest -q -P wine -M rpcrt4.dll -T ../../.. -p rpcrt4_test.exe.so server.c && touch server.ok fixme:rpc:rpcrt4_ncalrpc_inquire_auth_client privs not implemented fixme:rpc:rpcrt4_ncalrpc_inquire_auth_client server_princ_name not implemented fixme:ntdll:NtFsControlFile FSCTL_PIPE_IMPERSONATE: impersonating self fixme:rpc:rpcrt4_ncalrpc_inquire_auth_client privs not implemented fixme:rpc:rpcrt4_ncalrpc_inquire_auth_client server_princ_name not implemented fixme:ntdll:NtFsControlFile FSCTL_PIPE_IMPERSONATE: impersonating self wine: Unhandled exception 0x000006c0 at address 0x7b839f63 (thread 0020), starting debugger... ... Backtrace: =>0 0x7b839f63 RaiseException+0x87(code=0x6c0, flags=0, nbargs=0, args=0x0(nil)) [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/kernel32/except.c:84] in kernel32 (0x0033f888) 1 0x6896b0bb RpcRaiseException+0x34(exception=0x6c0) [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/rpcrt4_main.c:188] in rpcrt4 (0x0033f8b8) 2 0x6892f970 NdrSendReceive+0x158(stubmsg=0x33fa00, buffer="trin�") [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/ndr_clientserver.c:216] in rpcrt4 (0x0033f908) 3 0x684e9450 sum_aligns+0x16a(a=0x33fbd4) [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/tests/server_c.c:3795] in rpcrt4_test (0x0033faf8) 4 0x684dbbb2 basic_tests+0xd75() [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/tests/server.c:906] in rpcrt4_test (0x0033fc88) 5 0x684dea61 run_tests+0x16() [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/tests/server.c:1446] in rpcrt4_test (0x0033fc98) 6 0x684df1ef client+0x6b1(test="np_basic") [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/tests/server.c:1535] in rpcrt4_test (0x0033fcd8) 7 0x684df883 func_server+0x150() [/home/austin/wineslave.dir/sandbox/slave/runtests-default/build/dlls/rpcrt4/tests/server.c:1646] in rpcrt4_test (0x0033fd18) ... Modules: Module Address Debug info Name (51 modules) ELF 40000000-40033000 Deferred secur32<elf> -PE 40010000-40033000 \ secur32 ELF 40033000-40061000 Deferred netapi32<elf> -PE 40040000-40061000 \ netapi32 ELF 40061000-40084000 Deferred iphlpapi<elf> -PE 40070000-40084000 \ iphlpapi ELF 40099000-400ae000 Deferred libresolv.so.2 ELF 400ae000-400df000 Deferred ws2_32<elf> -PE 400c0000-400df000 \ ws2_32 ELF 400df000-401a8000 Deferred libgnutls.so.26 ELF 401a8000-401b9000 Deferred libtasn1.so.3 ELF 401b9000-4023e000 Deferred libgcrypt.so.11

I'll attach the full backtrace.

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #4 from Austin English austinenglish@gmail.com 2011-09-15 16:32:29 CDT --- (In reply to comment #1)

I dimly recall problems with openssl-1.0. Does the same problem happen if you downgrade to 0.9.8o or so (what Ubuntu seems to be using)?

Installing openssl_0.9.8o-4squeeze2_i386.deb doesn't help.

gnutls is more of a dependency mess, and this should work properly on newer gnutls/ssl (or an appropriate gnutls/ssl bug filed), so unless someone really needs it, I'm putting back the newer packages.

http://bugs.winehq.org/show_bug.cgi?id=28383

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, patch, testcase

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #7 from Dan Kegel dank@kegel.com 2011-09-26 23:27:35 CDT --- For some reason, Toralf posted in the user mailing list: http://forum.winehq.org/viewtopic.php?t=13589 quoting a gnutls developer saying "Interesting. The handshake is completed successfully but the data exchanged are not encrypted! I see in the capture that the TLS application data packet contains the TLS headers and plaintext data (an HTTP get request). That's why the peer responds with an alert. He would expect encrypted data instead. It might be something in pEncryptMessage() or in its usage but I'm not familiar with the API to provide more info. "

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #9 from Toralf Förster toralf.foerster@gmx.de 2011-09-27 09:35:51 CDT --- Created attachment 36580 --> http://bugs.winehq.org/attachment.cgi?id=36580 wine test case output

(In reply to comment #8)

It's certainly encrypted here. A +secur32 log and associated packet capture may indeed help.

the pcap file is here :

https://lists.gnu.org/archive/html/gnutls-devel/2011-09/msg00107.html

and attached is the output of 'export WINEDEBUG=+secur32; make test 2>&1 | tee -a log'

FWIW I switched to gcc 4.5.3 and GnuTLS 3.0.3 few days ago.

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #11 from Austin English austinenglish@gmail.com 2011-09-27 12:15:06 CDT --- (In reply to comment #10)

Created attachment 36582 [details] patch

(In reply to comment #9) That's pretty much where the problem is. Does the attached patch make it any better?

Still fails here: trace:secur32:schan_DecryptMessage context_handle 0x128428, message 0x33fcb0, message_seq_no 0, quality (nil) trace:secur32:dump_buffer_desc Buffer desc 0x33fcb0: trace:secur32:dump_buffer_desc buffer 0: cbBuffer 37, BufferType 0x1 pvBuffer 0x128660 trace:secur32:dump_buffer_desc buffer 1: cbBuffer 37, BufferType 0 pvBuffer (nil) trace:secur32:dump_buffer_desc buffer 2: cbBuffer 0, BufferType 0 pvBuffer (nil) trace:secur32:dump_buffer_desc buffer 3: cbBuffer 0, BufferType 0 pvBuffer (nil) trace:secur32:schan_pull Pull 5 bytes trace:secur32:schan_get_buffer Using buffer 0: cbBuffer 37, BufferType 0x1, pvBuffer 0x128660 trace:secur32:schan_pull Read 5 bytes trace:secur32:schan_gnutls_log <4> REC[0x7db46388]: Expected Packet[1] Application Data(23) with length: 37 trace:secur32:schan_gnutls_log <4> REC[0x7db46388]: Received Packet[1] Alert(21) with length: 32 trace:secur32:schan_pull Pull 32 bytes trace:secur32:schan_get_buffer Using buffer 0: cbBuffer 37, BufferType 0x1, pvBuffer 0x128660 trace:secur32:schan_pull Read 32 bytes trace:secur32:schan_gnutls_log <4> REC[0x7db46388]: Decrypted Packet[1] Alert(21) with length: 2 trace:secur32:schan_gnutls_log <4> REC[0x7db46388]: Alert[2|20] - Bad record MAC - was received trace:secur32:schan_gnutls_log <2> ASSERT: gnutls_record.c:726 trace:secur32:schan_gnutls_log <2> ASSERT: gnutls_record.c:1122 GnuTLS error: A TLS fatal alert has been received. err:secur32:schan_DecryptMessage Returning -2146893052 schannel.c:748: Test failed: DecryptMessage failed: 80090304

attaching full log.

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #13 from Henri Verbeet hverbeet@gmail.com 2011-09-27 12:30:25 CDT --- Created attachment 36585 --> http://bugs.winehq.org/attachment.cgi?id=36585 patch

Probably because the patch has a typo, try this one instead. Note that the interesting part of the log is the EncryptMessage() call, DecryptMessage() failing is mostly just a side effect. EcryptMessage() is not supposed to succeed when gnutls_record_send() fails, but that's a different (though related) issue.

http://bugs.winehq.org/show_bug.cgi?id=28383

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Attachment #36582|0 |1 is obsolete| | Attachment #36583|0 |1 is obsolete| |

--- Comment #15 from Austin English austinenglish@gmail.com 2011-09-27 12:50:13 CDT --- Created attachment 36586 --> http://bugs.winehq.org/attachment.cgi?id=36586 secur32 output with patch2

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #17 from Austin English austinenglish@gmail.com 2011-09-27 13:05:21 CDT --- (In reply to comment #16)

(In reply to comment #14)

...

passes make test, but still getting some assert failures. I'll attach a secur32 trace.

Yeah, but it has always done that. I think these are more of the level of Wine's WARNs than what people would generally consider assertions. Considering we're feeding it invalid / incomplete data to see what happens, it's probably not that surprising that it complains a bit.

MM, good point. I'll resolve the bug once your patch gets in.

Thanks for looking Henri!

http://bugs.winehq.org/show_bug.cgi?id=28383

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED

--- Comment #19 from Austin English austinenglish@gmail.com 2011-10-03 18:06:30 CDT --- Fixed for me by: http://source.winehq.org/git/wine.git/commitdiff/65aed972c0dac659800faf0097d...

though I'm frequently getting hangs, see bug 28568

http://bugs.winehq.org/show_bug.cgi?id=28383

--- Comment #21 from Austin English austinenglish@gmail.com 2011-10-04 13:11:37 CDT --- (In reply to comment #20)

With that test case and the mentioned git commit already included I get :

tfoerste@n22 ~/devel/wine-git/dlls/secur32/tests $ git describe wine-1.3.29-169-gdb882bf

tfoerste@n22 ~/devel/wine-git/dlls/secur32/tests $ rm schannel.ok; make test; ls -l schannel.ok

../../../tools/runtest -q -P wine -M secur32.dll -T ../../.. -p secur32_test.exe.so schannel.c && touch schannel.ok

GnuTLS error: An unexpected TLS packet was received.

Yes, I see this as well. We are testing invalid data and other weird things, so it's not surprising..

http://bugs.winehq.org/show_bug.cgi?id=28383

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #22 from Alexandre Julliard julliard@winehq.org 2011-10-10 13:13:41 CDT --- Closing bugs fixed in 1.3.30.