http://bugs.winehq.org/show_bug.cgi?id=17591
Summary: Segfault in wintrust.dll Product: Wine Version: 1.1.16 Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wintrust AssignedTo: wine-bugs@winehq.org ReportedBy: ChristophFranzen@gmx.net
Created an attachment (id=19749) --> (http://bugs.winehq.org/attachment.cgi?id=19749) Terminal output with error messages and backtrace
The program "Mein Büro 2009" crashes immediately in "wintrust.dll". The attachment shows the output if no overrides are active.
Using the native windows function does also not work. Using Windows dlls results in the certificate of a program dll not being verified, the application refuses to start.
http://bugs.winehq.org/show_bug.cgi?id=17591
Christoph Franzen ChristophFranzen@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ChristophFranzen@gmx.net
http://bugs.winehq.org/show_bug.cgi?id=17591
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |juan_lang@yahoo.com
--- Comment #1 from Juan Lang juan_lang@yahoo.com 2009-03-02 19:14:08 --- Please attach a +wintrust trace. Is the program available anywhere online?
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #2 from Christoph Franzen ChristophFranzen@gmx.net 2009-03-02 20:00:46 --- Thank you for your quick answer.
This is a German language program available as a test version at the following URL:
http://update.buhl-finance.com/ESD/MeinBuero/WISOMeinBuero2009TRIAL.exe
I had at first problems installing it caused by german "Umlaut" characters in the name on CD ROM and a faulty Unicode setting on the mount point, if this self extracting archive contains the same MSI file as the CD, this could be an issue unless you set your character set to UTF-8. Apart from this, the installation was straightforward.
I will run it again with "WINEDEBUG=+wintrust" set, and send a new attachment soon.
http://bugs.winehq.org/show_bug.cgi?id=17591
Christoph Franzen ChristophFranzen@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #19749|0 |1 is obsolete| |
--- Comment #3 from Christoph Franzen ChristophFranzen@gmx.net 2009-03-02 20:07:23 --- Created an attachment (id=19756) --> (http://bugs.winehq.org/attachment.cgi?id=19756) Output with "+wintrust" set
I've run the command again and set "WINEDEBUG=+wintrust" as you requested.
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #4 from Juan Lang juan_lang@yahoo.com 2009-03-02 21:09:51 --- Thanks. Here's the source of the problem:
trace:wintrust:dump_file_info cbStruct: 12 trace:wintrust:dump_file_info pcwszFilePath: L"C:\Programme\Buhl\Mein B\00fcro 2009\On4UD.dll" trace:wintrust:dump_file_info hFile: 0xffffffff trace:wintrust:dump_file_info pgKnownSubject: <guid-0x002c>
pgKnownSubject is clearly a bogus pointer. Accessing it is what shows up in the crash log: wine: Unhandled page fault on read access to 0x0000002c at address
I'll attach a patch shortly.
http://bugs.winehq.org/show_bug.cgi?id=17591
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://update.buhl- | |finance.com/ESD/MeinBuero/WI | |SOMeinBuero2009TRIAL.exe
--- Comment #5 from Juan Lang juan_lang@yahoo.com 2009-03-02 21:12:14 --- Updating URL field for ease of reference.
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #6 from Juan Lang juan_lang@yahoo.com 2009-03-02 21:13:07 --- Created an attachment (id=19760) --> (http://bugs.winehq.org/attachment.cgi?id=19760) Patch
This might not be 100% correct. Windows might use an exception handler instead. Still, could you try with this patch?
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #7 from Christoph Franzen ChristophFranzen@gmx.net 2009-03-02 21:24:44 --- Thank you for the patch.
I am using the Debian Lenny package, and haven't yet compiled Wine from source. I will try it as soon as I get to compile Wine. Can you give me any directions and build dependencies or alternatively provide me with a precompiled dll (Lenny uses glibc 2.7) for testing?
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #8 from Juan Lang juan_lang@yahoo.com 2009-03-02 21:41:07 --- The building wine page on the wiki is full of directions (http://wiki.winehq.org/Recommended_Packages ), but I'd ignore them in this case. wintrust doesn't have any external dependencies. Grab the source, then: ./configure && make depend && make
Wait a long while, depending on the speed of your machine. You only need replace wintrust.dll.so, the patch doesn't do anything fancy and there haven't been any other changes to wintrust since 1.1.16.
I'm pretty sure I have a different glibc version than you, so my build of wintrust might not be of any use to you. Just in case, I'll email it to you.
http://bugs.winehq.org/show_bug.cgi?id=17591
Christoph Franzen ChristophFranzen@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED
--- Comment #9 from Christoph Franzen ChristophFranzen@gmx.net 2009-03-02 22:40:26 --- Your precompiled "wintrust.dll.so" is compatible with my glibc version, I could start the program, and already made the online update which it suggested to perform during the first run.
This has apparently run successfully, but has thrown an exception in Wine during a database update. I will report this as a separate bug in the next few days, if I can grab appropriate output from my terminal and put the program into the Appdb if everything works.
Thank you for the quick solution. I hope this patch will make it into the next version of Wine, so there will hopefully be at least one program more it works with.
http://bugs.winehq.org/show_bug.cgi?id=17591
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |UNCONFIRMED Resolution|FIXED |
--- Comment #10 from Dmitry Timoshkov dmitry@codeweavers.com 2009-03-02 22:45:10 --- The bug is not fixed until the patch is committed to the official source tree.
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #11 from Juan Lang juan_lang@yahoo.com 2009-03-03 20:22:13 --- The patch is unfortunately incorrect. Testing on Windows XP shows that a program just crashes if it passes a bogus pointer for pgKnownSubject. The question is, where's the bogus pointer coming from?
Could you attach a +relay,+wintrust log without the patch applied?
http://bugs.winehq.org/show_bug.cgi?id=17591
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 Summary|Segfault in wintrust.dll |WISO MeinBuero 2009 trial | |segfaults in wintrust.dll
--- Comment #12 from Juan Lang juan_lang@yahoo.com 2009-03-06 11:56:02 --- I downloaded the trial from the download URL and installed it. It wanted to install .net 2.0, and I let it, even though that installer crashed. Some other installer also failed, but neither prevented the installation of the main program. After installing, I ran Mein Buero 2009 from the main installation with:
$ wine MB.exe
Sure enough, it crashes in wintrust.dll. From a +relay,+wintrust log: 0009:Call KERNEL32.GetLocalTime(0032fbe0) ret=0040fc6d 0009:Ret KERNEL32.GetLocalTime() retval=00000001 ret=0040fc6d 0009:Call KERNEL32.GetModuleFileNameA(00000000,0032fae0,00000105) ret=004032d4 0009:Ret KERNEL32.GetModuleFileNameA() retval=0000002b ret=004032d4 0009:Call KERNEL32.GetFileAttributesA(03ae12bc "C:\Program Files\Buhl\Mein B\xfcro 2009\On4UD.dll") ret=006228f2 0009:Ret KERNEL32.GetFileAttributesA() retval=00000020 ret=006228f2 0009:Call KERNEL32.GetModuleFileNameA(00000000,0032fae0,00000105) ret=004032d4 0009:Ret KERNEL32.GetModuleFileNameA() retval=0000002b ret=004032d4 0009:Call KERNEL32.MultiByteToWideChar(00000003,00000000,03ae1330 "C:\Program Files\Buhl\Mein B\xfcro 2009\On4UD.dll",0000002e,03ae1364,0000002e) ret=00405ceb 0009:Ret KERNEL32.MultiByteToWideChar() retval=0000002e ret=00405ceb 0009:Call wintrust.WinVerifyTrust(ffffffff,018f8a98,0032fb84) ret=016eea8d trace:wintrust:WinVerifyTrust (0xffffffff, {00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x32fb84) trace:wintrust:dump_wintrust_data 0x32fb84 trace:wintrust:dump_wintrust_data cbStruct: 44 trace:wintrust:dump_wintrust_data pPolicyCallbackData: (nil) trace:wintrust:dump_wintrust_data pSIPClientData: (nil) trace:wintrust:dump_wintrust_data dwUIChoice: 2 trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000000 trace:wintrust:dump_wintrust_data dwUnionChoice: 1 trace:wintrust:dump_file_info 0x32fb78 trace:wintrust:dump_file_info cbStruct: 12 trace:wintrust:dump_file_info pcwszFilePath: L"C:\Program Files\Buhl\Mein B\00fcro 2009\On4UD.dll" trace:wintrust:dump_file_info hFile: 0xffffffff trace:wintrust:dump_file_info pgKnownSubject: <guid-0x002c> trace:wintrust:dump_wintrust_data dwStateAction: 0 trace:wintrust:dump_wintrust_data hWVTStateData: (nil) trace:wintrust:dump_wintrust_data pwszURLReference: (null) trace:wintrust:dump_wintrust_data dwProvFlags: 00000010 trace:wintrust:dump_wintrust_data dwUIContext: 61739824
Again, there's that bogus GUID. Prior to these log lines, what's going on doesn't seem to related directly to the file On4UD.dll, so it's hard to say where the GUID is coming from. I'll attach the log shortly.
http://bugs.winehq.org/show_bug.cgi?id=17591
Juan Lang juan_lang@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|wintrust |-unknown
--- Comment #13 from Juan Lang juan_lang@yahoo.com 2009-03-06 11:56:42 --- It appears that wintrust.dll is doing the correct thing given a bogus GUID, so I'm setting the component to unknown.
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #14 from Juan Lang juan_lang@yahoo.com 2009-03-06 11:58:31 --- Created an attachment (id=19822) --> (http://bugs.winehq.org/attachment.cgi?id=19822) +relay,+wintrust log
I trimmed the lines after the crash, and only retained the last 100,000 lines from the log, assuming what happened before then is just generic startup stuff.
http://bugs.winehq.org/show_bug.cgi?id=17591
Andre ar@esoma.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ar@esoma.org
--- Comment #15 from Andre ar@esoma.org 2009-06-06 12:02:46 --- Same problem occurs with MeinVerein2009.
http://bugs.winehq.org/show_bug.cgi?id=17591
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #16 from Anastasius Focht focht@gmx.net 2009-06-06 15:42:31 --- Hello,
I also described the problem of apps passing such data in bug 12405 (WISO Sparbuch 2008). Seems to affect all apps from that german software vendor "Buhl".
Reading MSDN again: http://msdn.microsoft.com/en-us/library/aa388206.aspx
--- quote --- ... hFile
Optional. File handle to the open file to be verified. This handle must be to a file that has at least read permission. This member can be set to NULL.
pgKnownSubject
Optional. Pointer to a GUID structure that specifies the subject type. This member can be set to NULL. --- quote ---
M$ says "Optional" and "can be set".
If you look at the size of the WINTRUST_FILE_INFO structure the app passed in: cbStruct -> 12 bytes. That means the subject GUID member is not included and the "0x2c" ptr data most likely belongs to something different. Maybe the app uses an older format/version of the structures or interpreted "optional" = leave member out of struct size calculation?
Wine's Wintrust needs to handle such cases. Maybe you can use some WVT_* macros like WVT_IS_CBSTRUCT_GT_MEMBEROFFSET to test if members are included or not, I think they were made exactly for this purpose.
Regards
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #17 from Juan Lang juan_lang@yahoo.com 2009-06-09 11:09:57 --- (In reply to comment #16)
If you look at the size of the WINTRUST_FILE_INFO structure the app passed in: cbStruct -> 12 bytes. That means the subject GUID member is not included and the "0x2c" ptr data most likely belongs to something different.
Ahhhhh. So obvious. I'm embarrassed it escaped my notice, and flattered that you thought this was interesting enough to look into. I'll try to get to this, but certainly wouldn't object to someone else having a go: Anastasius's suggestion looks spot on to me, and the fix looks easy.
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #18 from Juan Lang juan_lang@yahoo.com 2009-06-11 16:40:00 --- Patch sent: http://www.winehq.org/pipermail/wine-patches/2009-June/074142.html
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #19 from Juan Lang juan_lang@yahoo.com 2009-06-12 11:04:05 --- Patch was committed. Could someone verify that it's fixed?
http://bugs.winehq.org/show_bug.cgi?id=17591
--- Comment #20 from Anastasius Focht focht@gmx.net 2009-06-13 05:41:04 --- Hello,
--- quote --- Patch was committed. Could someone verify that it's fixed? --- quote ---
I only tested with WISO Sparbuch 2009 but as both apps come from same vendor/suite this is most likely also fixed for WISO MeinBuero 2009.
Fixed by commit 9ae0f7a191a722bdc6bd28a3474db4321112d1b7 I suggest to close this one.
Regards
http://bugs.winehq.org/show_bug.cgi?id=17591
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #21 from Austin English austinenglish@gmail.com 2009-06-13 05:54:25 --- Fixed.
http://bugs.winehq.org/show_bug.cgi?id=17591
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #22 from Alexandre Julliard julliard@winehq.org 2009-06-19 11:05:40 --- Closing bugs fixed in 1.1.24.
http://bugs.winehq.org/show_bug.cgi?id=17591
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |9ae0f7a191a722bdc6bd28a3474 | |db4321112d1b7 Component|-unknown |wintrust
http://bugs.winehq.org/show_bug.cgi?id=17591
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
-
wine-bugs@winehq.org