[Bug 27614] New: [FreeBSD][eve online][OOM][dll/iphlpapi/ifenum.c][enumIPAddresses()] "Bad Handshake" bug

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Jun 27 05:38:42 CDT 2011


http://bugs.winehq.org/show_bug.cgi?id=27614

           Summary: [FreeBSD][eve
                    online][OOM][dll/iphlpapi/ifenum.c][enumIPAddresses()]
                     "Bad Handshake" bug
           Product: Wine
           Version: 1.3.23
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: pprocacci at gmail.com


Tested wine versions:  1.3.21 and 1.3.23

Attempting to log into the game "eve online" results in a "Bad Handshake"
error.  I've narrowed down the problem to the following within the
enumIPAddresses routine in dll/iphlpapi/ifenum.c.

###########################################
    do {
      lastlen = ifc->ifc_len;
      HeapFree(GetProcessHeap(), 0, ifc->ifc_buf);
      if (guessedNumAddresses == 0)
        guessedNumAddresses = INITIAL_INTERFACES_ASSUMED;
      else
        guessedNumAddresses *= 2;
      ifc->ifc_len = sizeof(struct ifreq) * guessedNumAddresses;
      ifc->ifc_buf = HeapAlloc(GetProcessHeap(), 0, ifc->ifc_len);
      ioctlRet = ioctl(fd, SIOCGIFCONF, ifc);
    } while ((ioctlRet == 0) && (ifc->ifc_len != lastlen));
###########################################

The above snippet of code loops endlessly until ioctl returns -1.  The
statement "ifc->ifc_len != lastlen" is always true.  This results in enormous
amounts of memory attempting to be allocated and then later used in ioctl. 
Eventually the ioctl call will return -1, breaking the loop. 
ERROR_INVALID_PARAMETER gets returned from this routine, and the proceeding
(proceeding proceeding) routine (GetAdaptersInfo) ends of returning
ERROR_OUTOFMEMORY.

############################################
       ret = getIPAddrTable(&ipAddrTable, GetProcessHeap(), 0);
        if (!ret)
          ret = AllocateAndGetIpForwardTableFromStack(&routeTable, FALSE,
GetProcessHeap(), 0);
        if (!ret)
          table = getNonLoopbackInterfaceIndexTable();
        if (table) {
<!--- snip  ---->
        }
        else
          ret = ERROR_OUTOFMEMORY;
############################################

I don't have a patch on hand or anything, but my debugging led me to the
information provided.

Hope this helps.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list