[Bug 21501] New: Visual C++ 2010 beta 2 web installer can't replace corrupted downloads (sharing violation due to wintrust handle leak)

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Jan 26 15:51:23 CST 2010 

http://bugs.winehq.org/show_bug.cgi?id=21501

           Summary: Visual C++ 2010 beta 2 web installer can't replace
                    corrupted downloads (sharing violation due to wintrust
                    handle leak)
           Product: Wine
           Version: 1.1.37
          Platform: x86
               URL: http://www.microsoft.com/visualstudio/en-us/try/defaul
                    t.mspx#download
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: wintrust
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net


Hello,

the web installer verifies the integrity of already downloaded files using
hashing and wintrust signature checks.

In case of a corrupted file, WinVerifyTrust -> WINTRUST_DefaultVerify ->
SOFTPUB_LoadFileMessage fails:

--- snip ---
...
0031:trace:wintrust:SoftpubInitialize (0x1004c230)
0031:trace:wintrust:SoftpubInitialize returning 00000000
0031:trace:wintrust:SoftpubLoadMessage (0x1004c230)
0031: create_file( access=80000000, attributes=00000040, sharing=00000001,
create=1, options=00000050, attrs=00000080,
objattr={rootdir=0000,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/temp/21006.01/1033/VS_PRO/wcu/vc90sp1/vc_red.cab"
)
0031: create_file() = 0 { handle=0178 }
0031: get_handle_fd( handle=0178 )
0031: *fd* 0178 -> 145
0031: get_handle_fd() = 0 { type=1, removable=0, access=00120089,
options=00000050 }
0031:trace:wintrust:SOFTPUB_OpenFile returning 1
0031:trace:wintrust:SOFTPUB_GetFileSubject returning 1
0031:trace:wintrust:SOFTPUB_GetSIP returning 1
0031:trace:wintrust:CryptSIPGetSignedDataMsg (0x38ddf90 0x1004c268 0 0x9bf677c
(nil))
0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile (0x38ddf90 0x1004c268 0
0x9bf677c (nil))
0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile cert_offset: 3823372
0031:trace:wintrust:WINTRUST_GetSignedMsgFromCabFile cert_size: 5944
0031:warn:wintrust:WINTRUST_GetSignedMsgFromCabFile offset beyond file, not
attempting to read
0031:trace:wintrust:CryptSIPGetSignedDataMsg returning 0
0031:trace:wintrust:SoftpubLoadMessage returning 1 (800b0100)
0031:trace:wintrust:WINTRUST_DefaultVerify returning 800b0100
0031:trace:wintrust:WinVerifyTrust returning 800b0100
...
--- snip ---

It seems if WinVerifyTrust fails that way, the caller is not supposed to clean
up, e.g. calling WinVerifyTrust with WTD_STATEACTION_CLOSE ->
WINTRUST_DefaultClose.
The web installer never does - hence the handle + additional data is leaked.

This leaked file handle later leads to a sharing violation when urlmon tries to
copy the new file from download cache to destination
(DownloadBSC_OnStopBinding):

--- snip ---
0031: create_file( access=c0010000, attributes=00000040, sharing=00000007,
create=1, options=00001040, attrs=00000000,
objattr={rootdir=0000,sd={},name=L""},
filename="/home/focht/.wine/dosdevices/c:/windows/temp/21006.01/1033/VS_PRO/wcu/vc90sp1/vc_red.cab"
)
0031: create_file() = SHARING_VIOLATION { handle=0000 }
...
--- snip ---

After 3 download + replacement tries, it gives up.

Properly internally cleaning up (closing the file handle ...) helps the
installer/urlmon to replace the file.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list