http://bugs.winehq.org/show_bug.cgi?id=21870
Summary: Steam 2010 beta UI can't purchase games Product: Wine Version: 1.1.39 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: secur32 AssignedTo: wine-bugs@winehq.org ReportedBy: epssyis@gmail.com
Created an attachment (id=26499) --> (http://bugs.winehq.org/attachment.cgi?id=26499) Attempting to buy a game in Steam UI Beta
As seen in the attached image the Steam client brings up a 'testshell-error' when attempting to purchase games already added to the shopping cart. This is via clicking any game -> adding it to the cart -> and selecting 'Purchase for Self' which takes you to the URL https://store.steampowered.com/checkout/?purchasetype=self. At this point the secur32 fault presents itself.
The fault crops up out of secur32 but includes failures in crypt (and GNUTLS): fixme:secur32:schan_InitializeSecurityContextW Using hardcoded "NORMAL" priority fixme:crypt:CRYPT_CriticalExtensionsSupported unsupported critical extension "2.5.29.32" fixme:crypt:CRYPT_CriticalExtensionsSupported unsupported critical extension "2.5.29.32" GNUTLS ERROR: Resource temporarily unavailable, try again. GNUTLS ERROR: Decryption has failed. err:secur32:schan_DecryptMessage Returning SEC_E_INTERNAL_ERROR
Debug channels for secur32 and crypt contain all the issues related to this bug that I can detect. I have not included debug output as I do not know what personal information may be stored in the data. Recreating the issue should be simple as it affects all users of the Steam UI Beta at this time.
This bug is different to 19653.
http://bugs.winehq.org/show_bug.cgi?id=21870
Hans Leidekker hans@meelstraat.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hans@meelstraat.net
--- Comment #1 from Hans Leidekker hans@meelstraat.net 2010-02-26 02:54:18 --- Does this patch from bug 20748 help? http://bugs2.winehq.org/attachment.cgi?id=24832
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #2 from edward savage epssyis@gmail.com 2010-02-26 04:22:22 --- The patch from 20748 does not appear to work and the bug is still present.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #3 from edward savage epssyis@gmail.com 2010-02-26 04:47:42 --- http://bugs.winehq.org/show_bug.cgi?id=3254
This bug appears to be very similar to this issue. It's possible the only differences are the amount of attributes called how ever I could be completely wrong. Both bugs should probably continue until some one is sure they are the same.
I can provide debugs on request if any one needs them.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #4 from Hans Leidekker hans@meelstraat.net 2010-02-26 05:46:27 --- Can you try this patch from bug 3254? http://bugs2.winehq.org/attachment.cgi?id=23392
Please attach a +secur32 trace. Make sure to remove any personal information.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #5 from edward savage epssyis@gmail.com 2010-02-26 13:13:58 --- Created an attachment (id=26504) --> (http://bugs.winehq.org/attachment.cgi?id=26504) Secur32 debug log for purchasing on steam beta ui
Here is the secur32 debug log requested.
http://bugs.winehq.org/show_bug.cgi?id=21870
3vi1 winehq.org@eternaldusk.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #6 from 3vi1 winehq.org@eternaldusk.com 2010-02-27 12:00:00 --- *** This bug has been confirmed by popular vote. ***
http://bugs.winehq.org/show_bug.cgi?id=21870
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #7 from Dan Kegel dank@kegel.com 2010-03-17 22:36:51 --- Seems to affect League of Legends as well; happens when you try to log in.
http://bugs.winehq.org/show_bug.cgi?id=21870
Andras Kovacs andras@csevego.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |andras@csevego.net
--- Comment #8 from Andras Kovacs andras@csevego.net 2010-03-19 17:30:50 --- Also affects VMware Infrastructure Client 4.0 when you try to log in.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #9 from edward savage epssyis@gmail.com 2010-04-21 04:03:58 --- I was reviewing bug 3254 and noticed the patch in post #77 to fix the issue outlined in that bug. While the patch does not fix this issue it does cause an alternative failure in steam which appears to be progress. Instead of a testshell error in steam and a blank white page there is a wine page fault with the address persisting in steam and a blank standard gray/black steam background. Before steam crashes as a result of the page fault it is possible to view source for where the checkout page would be (nothing is rendered). The checkout page is being generated in full (the purchase is listed, places to enter credit card details, etc) and sent to the client with the patch whereas without it you only get '<html><head></head><body></body></html>' and a white page.
It may be a good starting point to solve this problem?
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #10 from Jim Cameron jim_24601@btinternet.com 2010-05-01 19:58:02 --- Created an attachment (id=27657) --> (http://bugs.winehq.org/attachment.cgi?id=27657) Changes to DecryptMessage() for the Steam client
The patch to bug 3254 returns a buffer of type SECBUFFER_EMPTY if there is additional data it can't handle yet, but does not set its pvBuffer field up. The MSDN article linked from the post states that "The pvBuffer field of the extra buffer does not contain a copy of the excess data." but it does not say what it in fact contains. Steam tries to copy data out of it, so it must refer to the excess data; if it isn't a copy, it must therefore point to the excess within the input buffer.
It also turns out that Steam is expecting a SECBUFFER_DATA buffer to be set up in one of the output buffers on return. Since DecryptMessage is stated to decrypt the data in place, this must again be a pointer to the input buffer, now holding the decrypted data, and its length set appropriately.
It also turns out that in response to a SEC_E_INCOMPLETE_MESSAGE result, the Windows application will re-present all the data, however our gnutls back-end has already swallowed the first part of the message and does not want it again. We must keep track of this.
The attached patch does these things. The steam client successfully accesses the secure server and brings back a form for me to fill in my details. Unfortunately the drop-down lists don't work, so I can't actually fill it in correctly. That's likely another problem, though.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #11 from edward savage epssyis@gmail.com 2010-05-02 00:21:17 --- (In reply to comment #10)
Created an attachment (id=27657)
--> (http://bugs.winehq.org/attachment.cgi?id=27657) [details]
Changes to DecryptMessage() for the Steam client
With this patch the test shell error is gone and some of the page does render. The full page is still being received in view source but it is variable for me how much of the page appears in the viewport. None of my attempts have yielded a page of much use.
Here is the console (tail) output of my attempts http://pastebin.com/N91wCgwZ and there are some new errors and fixme's being triggered.
Good progress!
http://bugs.winehq.org/show_bug.cgi?id=21870
Jim Cameron jim_24601@btinternet.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jim_24601@btinternet.com
--- Comment #12 from Jim Cameron jim_24601@btinternet.com 2010-05-02 10:56:20 --- The RtlQueueWorkItem fixus are likely not directly to do with steam, and seem to be benign. The gnutls "resource currently unavailable" messages are benign if annoying. gnutls is expecting to use a back-end like recv(), which can block until it gets more data, but we have to back out and return to the caller. I'm more concerned about the internal errors. There may still be a problem with extra data when the amount of excess is very small. Can you get a log with "+secur32"?
http://bugs.winehq.org/show_bug.cgi?id=21870
Jim Cameron jim_24601@btinternet.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #27657|0 |1 is obsolete| |
--- Comment #13 from Jim Cameron jim_24601@btinternet.com 2010-05-02 12:33:50 --- Created an attachment (id=27672) --> (http://bugs.winehq.org/attachment.cgi?id=27672) Improved crypt support for Steam store
I was using, as a quick and dirty solution, a static variable to keep track of how much data to skip when re-called after getting an incomplete packet. This doesn't work properly in the presence of multiple sessions. This patch allocates a persistent transport struct for each session and keeps the skip count there.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #14 from Jim Cameron jim_24601@btinternet.com 2010-05-02 12:47:54 --- With the above patch installed, I was able to buy a game from the Steam store. I'm just hoping it didn't try to charge me ONE MEEELION DOLLARS! :)
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #15 from edward savage epssyis@gmail.com 2010-05-03 00:57:28 --- With the second patch the page renders, my details are automagically entered, and game dependencies are detected. I can't find any faults and console output is free from faults beyond UTLIS complaints.
Would you still like a +secur32 trace for your second patch?
I was planning to buy Guild Wars later today so I'll see how well it works for me when actually purchasing a game.
What needs to be done now to get this included in Wine?
Thanks for your hard work!
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #16 from Jim Cameron jim_24601@btinternet.com 2010-05-03 07:53:41 --- No need for the +secur32 log now, thanks, I think that's cracked it. What needs to happen now is some more verification work and a test case or two. I'll follow that up when I have the time, which may not be for a little while, unfortunately.
http://bugs.winehq.org/show_bug.cgi?id=21870
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch Target Milestone|--- |1.2.0
--- Comment #17 from Dan Kegel dank@kegel.com 2010-05-03 08:29:27 --- Working patch, affects many games -> nominating for 1.2
The 1.2 code freeze is almost upon us, please get this in if you can.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #18 from edward savage epssyis@gmail.com 2010-05-03 09:11:08 --- (In reply to comment #16)
No need for the +secur32 log now, thanks, I think that's cracked it. What needs to happen now is some more verification work and a test case or two. I'll follow that up when I have the time, which may not be for a little while, unfortunately.
I just purchased Guild Wars via Steam using your patch and everything went smoothly. The correct value has been charged to my card as well with no security notes raised by the bank.
I should note that the strange page rendering I was noting under your old patch does still show up with the new patch, just much less often. And I can only get it to do it on the standard Steam install and not the beta release. The beta release still runs notably better than the standard so people should be using it anyway.
Standard Steam 60/1224 Apr 28
Beta Steam 60/1227 Apr 30
I wonder what release you are using Jim? (Help -> About Steam)
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #19 from Jim Cameron jim_24601@btinternet.com 2010-05-06 08:03:36 --- Edward: I'm using 60/1224 Apr 28. There may still be something squiffy to do with overlapping encryption/decryption requests, or it may be a bug in the Steam client itself. I'd be interested in a +secur32 log exhibiting the problem, if you can reproduce it.
Dan: I'll try to get a test case and patch in, but it might not be until the weekend.
http://bugs.winehq.org/show_bug.cgi?id=21870
Christoph Hohmann reboot@gmx.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |reboot@gmx.ch
--- Comment #20 from Christoph Hohmann reboot@gmx.ch 2010-05-16 07:44:29 --- The patch 'steam-store-crypt2.patch' seems to fix the login problems of League of Legends and the crash of the game client when a game is started.
http://bugs.winehq.org/show_bug.cgi?id=21870
Amos Wenger amoswenger@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |amoswenger@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=21870
Carlton Hobbs carlton.hobbs@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |carlton.hobbs@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #21 from Jim Cameron jim_24601@btinternet.com 2010-06-22 15:02:43 --- Apologies for the lack of progress on this patch. I said I didn't have much time to work on open source right now; clearly it was even less than that. I haven't forgotten about it, but I fear I've missed the 1.2 freeze now.
http://bugs.winehq.org/show_bug.cgi?id=21870
Luke Bratch l_bratch@yahoo.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |l_bratch@yahoo.co.uk
http://bugs.winehq.org/show_bug.cgi?id=21870
Mike Ellery mellery@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mellery@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=21870
Jeff Cook jeff@deserettechnology.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeff@deserettechnology.com
--- Comment #22 from Jeff Cook jeff@deserettechnology.com 2010-08-28 22:40:32 CDT --- Just wondering if anything ever happened with this patch/bug. It's been a while now and the code freeze is over.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #23 from Devin Cofer ranguvar@archlinux.us 2010-09-18 15:43:39 CDT --- Created an attachment (id=30848) --> (http://bugs.winehq.org/attachment.cgi?id=30848) steam-store-crypt2.patch hacked for 1.3.3, may be broken
steam-store-crypt2.patch no longer applies cleanly to Wine as of 1.3.3, so I messed with it a tad and this is what I got. Possibly broken, haven't had time to test.
http://bugs.winehq.org/show_bug.cgi?id=21870
Devin Cofer ranguvar@archlinux.us changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #30848|0 |1 is obsolete| |
--- Comment #24 from Devin Cofer ranguvar@archlinux.us 2010-09-19 00:50:08 CDT --- Created an attachment (id=30859) --> (http://bugs.winehq.org/attachment.cgi?id=30859) steam-store-crypt2.patch hacked for 1.3.3, may be broken but does compile
Apologies for the mess, that one doesn't even compile properly. My fault. This one does, but again, may or may not work.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #25 from Dan Kegel dank@kegel.com 2010-09-23 18:14:52 CDT --- I think 'winetricks ie6' also works around this, at least for a league of legends problem that the patch fixes.
http://bugs.winehq.org/show_bug.cgi?id=21870
Malte Skarupke malteskarupke@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |malteskarupke@web.de
--- Comment #26 from Malte Skarupke malteskarupke@web.de 2010-10-05 13:40:10 CDT --- I can now purchase games in Steam on an unpatched wine 1.3.4.
From the conversation here it seems that the patch was never committed to the
main git repository, so I don't know how that can be. It might be that something changed in how Steam implements it's payment procedure.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #27 from edward savage epssyis@gmail.com 2010-10-05 17:46:03 CDT --- (In reply to comment #26)
I can now purchase games in Steam on an unpatched wine 1.3.4.
From the conversation here it seems that the patch was never committed to the main git repository, so I don't know how that can be. It might be that something changed in how Steam implements it's payment procedure.
Juan Lang made a bunch of commits (just before 1.3.4) regarding how browsers deal with security. I was wondering if it would help but didn't have a chance to check. I'll install a clean wine dir tonight and confirm this is fixed. Will be great if it is!
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #28 from Jeff Cook jeff@deserettechnology.com 2010-10-05 17:50:08 CDT --- It should be noted that Steam recently modified their payment system. They now use something called "Steam Wallet" which can be used to purchase games on the Steam store or to purchase items inside games that are hooked up to the Wallet, like Team Fortress 2.
Someone should test with an older WINE to try and determine if the change that fixed things was Steam Wallet or a change committed to WINE.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #29 from Juan Lang juan_lang@yahoo.com 2010-10-05 18:30:28 CDT --- (In reply to comment #27)
Juan Lang made a bunch of commits (just before 1.3.4) regarding how browsers deal with security.
My patches were to wininet, and this bug is apparently in secur32, so I wouldn't expect anything to have changed in Wine to fix this.
http://bugs.winehq.org/show_bug.cgi?id=21870
--- Comment #30 from Henri Verbeet hverbeet@gmail.com 2010-10-06 05:12:26 CDT --- Probably Mikko's patches starting at b424b34.
http://bugs.winehq.org/show_bug.cgi?id=21870
Riccardo Loti contez@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |contez@gmail.com
--- Comment #31 from Riccardo Loti contez@gmail.com 2010-10-06 07:33:11 CDT --- I can confirm purchases where possibile from at least vanilla 1.3.3 (can't remember for sure since 1.3.2) and before Steam Wallet been implemented. I bought three games, two in 1.3.3 before Steam Wallet (one credit card the other PayPal) and one in 1.3.4 with Steam Wallet deployed, but still using PayPal directly.
Hope clears up the confusion. ;)
Ric
http://bugs.winehq.org/show_bug.cgi?id=21870
3vi1 winehq.org@eternaldusk.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |winehq.org@eternaldusk.com
--- Comment #32 from 3vi1 winehq.org@eternaldusk.com 2010-10-09 12:05:27 CDT --- I believe this is fixed and can be closed. I too can confirm I am able to purchase games in the current version with no problem.
http://bugs.winehq.org/show_bug.cgi?id=21870
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wylda@volny.cz
--- Comment #33 from Wylda wylda@volny.cz 2010-10-09 12:36:05 CDT ---
Reported fixed. Please reopen, if the problem persist for you.
http://bugs.winehq.org/show_bug.cgi?id=21870
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #34 from Wylda wylda@volny.cz 2010-10-09 12:36:17 CDT ---
Reported fixed. Please reopen, if the problem persist for you.
http://bugs.winehq.org/show_bug.cgi?id=21870
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #35 from Alexandre Julliard julliard@winehq.org 2010-10-15 12:50:22 CDT --- Closing bugs fixed in 1.3.5.
-
wine-bugs@winehq.org