[Bug 47038] New: Zero Time Dilemma crashes with unhandled page fault on read access in CryptGenRandom
https://bugs.winehq.org/show_bug.cgi?id=47038
Bug ID: 47038 Summary: Zero Time Dilemma crashes with unhandled page fault on read access in CryptGenRandom Product: Wine Version: 4.6 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: advapi32 Assignee: wine-bugs@winehq.org Reporter: tijs96@hotmail.com Distribution: ---
The game crashes instantly after launching, before even opening a window.
The game makes a call to CryptAcquireContextA which fails because the game doesn't set the CRYPT_NEWKEYSET flag and wine assumes the existence of a certain registry key. The registry key doesn't exist, wine returns an error and the game calls CryptGenRandom with the value it received from CryptAcquireContextA without checking for an error.
Relevant log lines:
0288:Call advapi32.CryptAcquireContextA(0032fc08,00000000,00000000,00000001,00000000) ret=004087cc 0288:Call rsaenh.CPAcquireContext(063a5e80,00000000,00000000,063a09e8) ret=7e93ce36 0288:Call advapi32.GetUserNameA(0032f78c,0032f788) ret=7b9e46b0 0288:Ret advapi32.GetUserNameA() retval=00000001 ret=7b9e46b0 0288:Call advapi32.RegOpenKeyExA(80000001,0032f5cc "Software\Wine\Crypto\RSA\thijs",00000000,00020019,0032f730) ret=7b9dcb6e 0288:Ret advapi32.RegOpenKeyExA() retval=00000002 ret=7b9dcb6e 0288:Ret rsaenh.CPAcquireContext() retval=00000000 ret=7e93ce36 0288:Ret advapi32.CryptAcquireContextA() retval=00000000 ret=004087cc 0288:Call advapi32.CryptGenRandom(00000004,00000004,0032fc04) ret=004087db ... wine: Unhandled page fault on read access to 0x00000004 at address 0x7e93d3f3 (thread 0288), starting debugger...
I patched CryptAcquireContextA with "*phProv = 0;" before returning. This fixes the crash and the game runs fine at first glance, so it seems the game does not rely on a correct implementation. The link below contains the full +relay,+crypt log (includes a lot of output from Steam).
https://mega.nz/#!TAVWWKIZ!Z2W5IquxzNEOkR-DxkWAyPwTRz8ZlHjWK9CvQkQUCmc
https://bugs.winehq.org/show_bug.cgi?id=47038
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Zero Time Dilemma crashes |Zero Time Dilemma: |with unhandled page fault |CryptAcquireContext fails |on read access in |when asked to return |CryptGenRandom |default container Component|advapi32 |rsaenh Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #1 from Dmitry Timoshkov dmitry@baikal.ru --- It's a bug in rsaenh.CPAcquireContext that fails when asked to return default container which doesn't exist at this point. A later crash in CryptGenRandom is caused by earlier failure.
https://bugs.winehq.org/show_bug.cgi?id=47038
--- Comment #2 from tijs96@hotmail.com --- I don't have a windows machine to test right now, but the documentation suggests wine is correct in returning an error.
The documentation for the NTE_BAD_KEYSET error code says:
"The key container could not be opened. A common cause of this error is that the key container does not exist. To create a key container, call CryptAcquireContext using the CRYPT_NEWKEYSET flag." https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-cr...
The application never makes a call with that flag set. The application might be relying on *phProv getting set to null when an error occurs. In that case CryptGenRandom would also just return an error instead of crashing.
Example code on https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/example-c-program... also checks for that error and tries again with the CRYPT_NEWKEYSET flag.
https://bugs.winehq.org/show_bug.cgi?id=47038
--- Comment #3 from Dmitry Timoshkov dmitry@baikal.ru --- (In reply to tijs96 from comment #2)
I don't have a windows machine to test right now, but the documentation suggests wine is correct in returning an error.
The documentation for the NTE_BAD_KEYSET error code says:
"The key container could not be opened. A common cause of this error is that the key container does not exist. To create a key container, call CryptAcquireContext using the CRYPT_NEWKEYSET flag." https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt- cryptacquirecontexta
The application never makes a call with that flag set. The application might be relying on *phProv getting set to null when an error occurs. In that case CryptGenRandom would also just return an error instead of crashing.
Example code on https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/example-c-program... creating-a-key-container-and-generating-keys also checks for that error and tries again with the CRYPT_NEWKEYSET flag.
The problem has nothing to do with NTE_BAD_KEYSET error code, the app asks to open the default container, and that fails under Wine.
https://bugs.winehq.org/show_bug.cgi?id=47038
--- Comment #4 from tijs96@hotmail.com --- I'm not sure if there was a commit that fixed this, but I can't reproduce the crash anymore in wine 4.17.
-
wine-bugs@winehq.org -
WineHQ Bugzilla