[Bug 14483] New: WinVerifyTrustEx doesn't return expected HRESULT for PE images not digitally signed (TRUST_E_NOSIGNATURE)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Jul 14 17:45:00 CDT 2008
http://bugs.winehq.org/show_bug.cgi?id=14483
Summary: WinVerifyTrustEx doesn't return expected HRESULT for PE
images not digitally signed (TRUST_E_NOSIGNATURE)
Product: Wine
Version: CVS/GIT
Platform: PC
URL: http://www.filehippo.com/download_msn_messenger/751/
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: wintrust
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Hello,
this is a follow-up bug of bug 12718
Enable tracing:
--- snip ---
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Trace]
"Level"=dword:00000099
--- snip ---
"msnmsgr.exe" PE image is *not* digitally signed.
Compare both:
--- snip windows trace ---
..
<3776, 3780>: Verifying calling process image is
signed... at passportclientlibrary.cpp_103
<3776, 3780>: Failed to WinVerifyTrustEx : C:\Program Files\MSN
Messenger\msnmsgr.exe. hr = 0x800b0100 at util.cpp_802
<3776, 3780>: Failed to Verify the file signature : C:\Program Files\MSN
Messenger\msnmsgr.exe. hr = 0x800b0100 at util.cpp_858
<3776, 3780>: Unable to verify caller is signed by MSFT cert 0x800b0100.
GetCertificate API will not function correctly. at passportclientlibrary.cpp_124
--- snip windows trace ---
vs.
--- snip wine trace ---
..
<8, 9>: Verifying calling process image is
signed... at passportclientlibrary.cpp_103
<8, 9>: Passed WinVerifyTrustEx : C:\Program Files\MSN Messenger\msnmsgr.exe.
@util.cpp_807
<8, 9>: Verify certificate against microsoft root : C:\Program Files\MSN
Messenger\msnmsgr.exe. @util.cpp_808
<8, 9>: Failed to Verify the file signature : C:\Program Files\MSN
Messenger\msnmsgr.exe. hr = 0x800b0100 at util.cpp_858
<8, 9>: Unable to verify caller is signed by MSFT cert 0x800b0100.
GetCertificate API will not function correctly. at passportclientlibrary.cpp_124
--- snip wine trace ---
--- snip wine ---
0030:Ret imagehlp.ImageGetCertificateHeader() retval=00000000 ret=609fb7cc
..
0030:trace:wintrust:CryptSIPGetSignedDataMsg returning 0
0030:Ret wintrust.CryptSIPGetSignedDataMsg() retval=00000000 ret=607c4b2a
0030:trace:crypt:CryptSIPGetSignedDataMsg returning 0
0030:trace:wintrust:SoftpubLoadMessage returning 1 (800b0100)
0030:Ret wintrust.SoftpubLoadMessage() retval=00000001 ret=60a05942
0030:trace:wintrust:WINTRUST_DefaultVerify returning 00000001
0030:trace:wintrust:WinVerifyTrust returning 00000001
0030:Ret wintrust.WinVerifyTrustEx() retval=00000001 ret=003ad2e9
--- snip wine ---
Remember: S_FALSE is not a failure code at all.
The return code evaluation from messenger looks like an inlined FAILED() macro
((HRESULT)(Status)<0) which basically just tests if the result has the high bit
set.
They don't test for S_OK, hence it incorrectly reports "pass" in wine.
TRUST_E_NOSIGNATURE has to be propagated somewhere because that's what
WinVerifyTrustEx() should return in that case.
Reagrds
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list