Some applications apparently attempts to decrypt empty strings in some edge cases which currently lead to page fault.
From: Jakub Petrzilka kubapet@gmail.com
Some applications apparently attempts to decrypt empty strings in some edge cases which currently lead to page fault.
Wine-Bug https://bugs.winehq.org/show_bug.cgi?id=57042 --- dlls/rsaenh/rsaenh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c index f854e35dfdf..25aba026152 100644 --- a/dlls/rsaenh/rsaenh.c +++ b/dlls/rsaenh/rsaenh.c @@ -2798,7 +2798,8 @@ BOOL WINAPI RSAENH_CPDecrypt(HCRYPTPROV hProv, HCRYPTKEY hKey, HCRYPTHASH hHash, memcpy(in, out, pCryptKey->dwBlockLen); } if (Final) { - if (pbData[*pdwDataLen-1] && + if (*pdwDataLen >=1 && + pbData[*pdwDataLen-1] && pbData[*pdwDataLen-1] <= pCryptKey->dwBlockLen && pbData[*pdwDataLen-1] <= *pdwDataLen) { BOOL padOkay = TRUE;
Hi,
It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.
The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:
The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=147589
Your paranoid android.
=== debian11b (64 bit WoW report) ===
dinput: hotplug.c:194: Test failed: 0x500: GetDeviceState returned 0
hid: device.c:123: Test failed: Failed to open L"\\?\hid#vid_1209&pid_0001#0&0000&0#{4d1e55b2-f16f-11cf-88cb-001111000030}", error 3. device.c:123: Test failed: Failed to open L"\\?\hid#vid_1209&pid_0001&col01#256&wine test&0&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}", error 3. device.c:123: Test failed: Failed to open L"\\?\hid#vid_1209&pid_0001&col02#256&wine test&0&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}", error 3. device.c:123: Test failed: Failed to open L"\\?\hid#vid_845e&pid_0001#0&0000&0&0&0#{4d1e55b2-f16f-11cf-88cb-001111000030}", error 3. device.c:123: Test failed: Failed to open L"\\?\hid#vid_845e&pid_0002#0&0000&0&0&0#{4d1e55b2-f16f-11cf-88cb-001111000030}", error 3. device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:319: Test failed: Failed to get product string(0x6) device.c:323: Test failed: Failed to get preparsed data(0x6) device.c:325: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:170: Test failed: got error 3 device.c:173: Test failed: Failed to get preparsed data(0x6) device.c:175: Test failed: Failed to get Caps(0xc0110001) device.c:405: Test failed: Failed to get product string(0x6) device.c:409: Test failed: Failed to get preparsed data(0x6) device.c:411: Test failed: Failed to get Caps(0xc0110001)
user32: input.c:2206: Test failed: got 0 messages input.c:2216: Test failed: got 0 messages input.c:1933: Test failed: expected non-zero input.c:1939: Test failed: expected -1, got 0 input.c:1940: Test failed: expected 122, got -559038737 input.c:1941: Test failed: expected non-zero input.c:1945: Test failed: expected non-zero input.c:2080: Test failed: expected non-zero
How is RSAENH_CPDecrypt() called? It's a back end function that should not be called directly by applications. CryptDecrypt() already handles 0 length.
``` Register dump: rip:00006ffffa644c6e rsp:00007ffffe4fd0e0 rbp:00006ffffa65e000 eflags:00010202 ( R- -- I - - - ) rax:00000000ffffffff rbx:0000000000000008 rcx:0000000000006610 rdx:0000000000000000 rsi:0000000000000000 rdi:00007f97bf4b7910 r8:00000000ffffffff r9:00007ffffe4fd158 r10:00006ffffa644890 r11:0000000000000010 r12:0000000000000000 r13:00007ffffe4fd3d0 r14:00007f97bee01420 r15:00007f97d7d327a0 Stack dump: 0x007ffffe4fd0e0: 00007ffffe4fd080 0000000000000000 0x007ffffe4fd0f0: 0000000000000000 0000000000000001 0x007ffffe4fd100: 00007f97bf4b7910 00007ffffe4fd3d0 0x007ffffe4fd110: 00007f97bee01420 00007f97bf117548 0x007ffffe4fd120: 00006fffff31dada ffff027f00001fa0 0x007ffffe4fd130: 0000000000000000 0000000000000000 0x007ffffe4fd140: 0000000000000000 0000000000000000 0x007ffffe4fd150: 0000000000000000 00007f97d7d327a0 0x007ffffe4fd160: 0000000000000000 0000000000000000 0x007ffffe4fd170: 0000000000000000 0000000000000000 0x007ffffe4fd180: 0000000000000000 0000000000000000 0x007ffffe4fd190: 0000000000000000 0000000000000000 Backtrace: =>0 0x006ffffa644c6e RSAENH_CPDecrypt+0x3de(hProv=<is not available>, hKey=<internal error>, hHash=<is not available>, Final=<is not available>, dwFlags=<is not available>, pbData=<is not available>, pdwDataLen=<is not available>) [/home/kubapet/Projects/wine/dlls/rsaenh/rsaenh.c:2802] in rsaenh (0x006ffffa65e000) 1 0x006fffff31fa33 CryptDecrypt+0xa3(hKey=<internal error>, hHash=0, Final=0x1, dwFlags=0, pbData=00007F97BF4B7910, pdwDataLen=00007FFFFE4FD3D0) [/home/kubapet/Projects/wine/dlls/advapi32/crypt.c:799] in advapi32 (0000000000000000) 2 0x000644436c1f24 in system.core.ni (+0x2c1f24) (0x007ffffe4fd2b0) 3 0x000644436baee8 in system.core.ni (+0x2baee8) (0x007f97bf4b7900) 4 0x000644436baab8 in system.core.ni (+0x2baab8) (0x007f97bf4b78e8) 0x006ffffa644c6e RSAENH_CPDecrypt+0x3de [/home/kubapet/Projects/wine/dlls/rsaenh/rsaenh.c:2802] in rsaenh: movzxb (%rdi,%rax,1), %r10d ```
Thanks, it turns out that we should return failure and set last error to NTE_BAD_LEN in this case. I'm attaching a patch that does this, does it fix your application? [decrypt.diff](/uploads/22420d2aff076084a19eef384b05d544/decrypt.diff)
-
Hans Leidekker (@hans) -
Jakub Petrzilka
-
Jakub Petržílka (@kubapet)
-
Kuba Petržílka (@kubapet)
-
Marvin