[Bug 21501] New: Visual C++ 2010 beta 2 web installer can't replace corrupted downloads (sharing violation due to wintrust handle leak)
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Jan 26 15:51:23 CST 2010
http://bugs.winehq.org/show_bug.cgi?id=21501
Summary: Visual C++ 2010 beta 2 web installer can't replace
corrupted downloads (sharing violation due to wintrust
handle leak)
Product: Wine
Version: 1.1.37
Platform: x86
URL: http://www.microsoft.com/visualstudio/en-us/try/defaul
t.mspx#download
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: wintrust
AssignedTo: wine-bugs at winehq.org
ReportedBy: focht at gmx.net
Hello,
the web installer verifies the integrity of already downloaded files using
hashing and wintrust signature checks.
In case of a corrupted file, WinVerifyTrust -> WINTRUST_DefaultVerify ->
SOFTPUB_LoadFileMessage fails:
--- snip ---
...
0031:trace:wintrust:SoftpubInitialize (0x1004c230)
0031:trace:wintrust:SoftpubInitialize returning 00000000
0031:trace:wintrust:SoftpubLoadMessage (0x1004c230)
0031: create_file( access=80000000, attributes=00000040, sharing=00000001,
create=1, options=00000050, attrs=00000080,
objattr={rootdir=0000,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/temp/21006.01/1033/VS_PRO/wcu/vc90sp1/vc_red.cab"
)
0031: create_file() = 0 { handle=0178 }
0031: get_handle_fd( handle=0178 )
0031: *fd* 0178 -> 145
0031: get_handle_fd() = 0 { type=1, removable=0, access=00120089,
options=00000050 }
0031:trace:wintrust:SOFTPUB_OpenFile returning 1
0031:trace:wintrust:SOFTPUB_GetFileSubject returning 1
0031:trace:wintrust:SOFTPUB_GetSIP returning 1
0031:trace:wintrust:CryptSIPGetSignedDataMsg (0x38ddf90 0x1004c268 0 0x9bf677c
(nil))
0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile (0x38ddf90 0x1004c268 0
0x9bf677c (nil))
0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile cert_offset: 3823372
0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile cert_size: 5944
0031:warn:wintrust:WINTRUST_GetSignedMsgFromCabFile offset beyond file, not
attempting to read
0031:trace:wintrust:CryptSIPGetSignedDataMsg returning 0
0031:trace:wintrust:SoftpubLoadMessage returning 1 (800b0100)
0031:trace:wintrust:WINTRUST_DefaultVerify returning 800b0100
0031:trace:wintrust:WinVerifyTrust returning 800b0100
...
--- snip ---
It seems if WinVerifyTrust fails that way, the caller is not supposed to clean
up, e.g. calling WinVerifyTrust with WTD_STATEACTION_CLOSE ->
WINTRUST_DefaultClose.
The web installer never does - hence the handle + additional data is leaked.
This leaked file handle later leads to a sharing violation when urlmon tries to
copy the new file from download cache to destination
(DownloadBSC_OnStopBinding):
--- snip ---
0031: create_file( access=c0010000, attributes=00000040, sharing=00000007,
create=1, options=00001040, attrs=00000000,
objattr={rootdir=0000,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/temp/21006.01/1033/VS_PRO/wcu/vc90sp1/vc_red.cab"
)
0031: create_file() = SHARING_VIOLATION { handle=0000 }
...
--- snip ---
After 3 download + replacement tries, it gives up.
Properly internally cleaning up (closing the file handle ...) helps the
installer/urlmon to replace the file.
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list