[Bug 46906] New: SIMATIC WinCC V15.1 Runtime installer: SeCon tool ' SeCon_Win32.exe' crashes due to hnetcfg 'INetFwRules::get__NewEnum' not initializing out parameter
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Mar 25 07:50:07 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=46906
Bug ID: 46906
Summary: SIMATIC WinCC V15.1 Runtime installer: SeCon tool
'SeCon_Win32.exe' crashes due to hnetcfg
'INetFwRules::get__NewEnum' not initializing out
parameter
Product: Wine
Version: 4.4
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: hnetcfg
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says.
--- snip ---
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x00417194).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:00417194 ESP:0032fa08 EBP:0032fa7c EFLAGS:00010206( R- -- I - -P- )
EAX:00750000 EBX:00000000 ECX:00000000 EDX:0032fa54
ESI:00000000 EDI:0032fb54
...
Backtrace:
=>0 0x00417194 EntryPoint+0xffffffff() in secon_win32 (0x0032fa7c)
1 0x00412400 EntryPoint+0xffffffff() in secon_win32 (0x0032fb10)
2 0x0040a394 EntryPoint+0xffffffff() in secon_win32 (0x0032fbf4)
3 0x00401b8b EntryPoint+0xffffffff() in secon_win32 (0x0032fdf4)
4 0x004013f4 EntryPoint+0xffffffff() in secon_win32 (0x0032fe68)
5 0x0056e9ce EntryPoint+0xffffffff() in secon_win32 (0x0032feb0)
6 0x7b472c56 call_process_entry+0x11() in kernel32 (0x0032fec8)
7 0x7b472d8f start_process+0x12c()
[/home/focht/projects/wine/mainline-src/dlls/kernel32/process.c:1256] in
kernel32 (0x0032ffd8)
8 0x7b472c62 start_process_wrapper+0x9() in kernel32 (0x0032ffec)
0x00417194 EntryPoint+0xffffffff in secon_win32: movl 0x0(%ecx),%eax
Modules:
Module Address Debug info Name (133 modules)
PE 400000- 639000 Export secon_win32
ELF 7b2fe000-7b330000 Deferred hnetcfg<elf>
\-PE 7b310000-7b330000 \ hnetcfg
...
ELF f7f01000-f7f02000 Deferred [vdso].so
Threads:
process tid prio (all id:s are in hex)
...
00000135 (D) C:\Program Files (x86)\Common Files\Siemens\SeCon\SeCon_Win32.exe
00000136 0 <==
--- snip ---
Application/installer log file:
--- snip---
...
13:14:53|.... |Controller::ShowForm() |(01) Show dialog:
SeCon
13:14:53|.... |Controller::ShowForm() |(01)
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Running on
64-bit platform...
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) SetupUnit
DOES NOT support 64-bit platform, so 32-bit EXE will be used for secutiry
settings: SeCon_Win32.exe
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Local cached
SeCon found: C:\Program Files (x86)\Common Files\Siemens\Secon\SeCon_Win32.exe
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01)
(FileVersion: 205.101.101.02_00.00.00.00)
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Bundle SeCon
found: Z:\HOME\FOCHT\DOWNLOADS\SIMATIC WINCC RUNTIME ADVANCED
V15.1\InstData\Resources\Secon\SeCon_Win32.exe
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01)
(FileVersion: 205.101.101.02_00.00.00.00)
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) (Local
Version: 205.101.101.02_00.00.00.00) >= (Bundle Version:
205.101.101.02_00.00.00.00)
13:14:53|.. |SecurityEnvironment::GetSeconExePath() |(01) Most current
Secon will be used: C:\Program Files (x86)\Common
Files\Siemens\Secon\SeCon_Win32.exe
13:14:53| |ecurityEnvironment::CreateSeconRtfFile()|
13:14:53| |ecurityEnvironment::CreateSeconRtfFile()|(01) START
creating SeconRtfFile
13:14:53|... |ecurityEnvironment::CreateSeconRtfFile()|(01) Creating
Secon-OPFILE...
13:14:53|... |SeconOpFile::WriteFile() |(01) Deleting
existing INI-file: C:\users\focht\Temp\SeconOpFile.ini
13:14:53|... |SeconOpFile::WriteFile() |(01) Writing
the INI-file down: C:\users\focht\Temp\SeconOpFile.ini
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) [GENERAL]
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
SessionID=SIA_20190325131258
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
ResourcePath=Z:\HOME\FOCHT\DOWNLOADS\SIMATIC WINCC RUNTIME ADVANCED
V15.1\InstData\Resources\SeCon\
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
SetupLanguage=1033
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
InstallationMoment=0
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
LogfilePath=C:\ProgramData\Siemens\Automation\Logfiles\Setup
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
SaveCurrentFirewall=OFF
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01) [PRODUCT1]
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
UpgradeCode={EC72939E-3D31-4BA7-B5D4-CF6B4C3DFB09}
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
InstallDir=C:\Program Files (x86)\SIEMENS\AUDIT Viewer
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
SecurityXML1=Z:\HOME\FOCHT\DOWNLOADS\SIMATIC WINCC RUNTIME ADVANCED
V15.1\InstData\AuditViewer\Media\Resources\secon_auditviewer.xml
13:14:53|.... |SecurityEnvironment::CreateSeconOpFile()|(01)
13:14:53|... |ecurityEnvironment::CreateSeconRtfFile()|(01) Calling
ReturnFeatures() with OPFILE: C:\users\focht\Temp\SeconOpFile.ini
13:14:53|INFO1 |SeconExe::CallFunction() |(01)
CallFunction - Called: ReturnFeatures arg1=C:\users\focht\Temp\SeconOpFile.ini
arg2= timeout=0
13:14:53|INFO1 |SeconExe::CallFunction() |(01)
CallFunction - ReturnFeatures return value: 10
13:14:53|... |ecurityEnvironment::CreateSeconRtfFile()|(01)
ReturnFeatures() returned: 10
...
--- snip ---
Adding +relay "magically" prevents the crash.
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/Common Files/Siemens/SeCon
$ WINEDEBUG=+seh,+relay,+hnetcfg wine ./SeCon_Win32.exe ReturnFeatures
"C:\\users\\focht\\Temp\\SeconOpFile.ini" >>log.txt 2>&1
...
--- snip ---
The reason is stupid application code:
--- snip ---
00417172 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-1C]
00417175 8B08 MOV ECX,DWORD PTR DS:[EAX]
00417177 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-30] ; uninit stack var!
0041717A 52 PUSH EDX
0041717B 50 PUSH EAX
0041717C 8B41 2C MOV EAX,DWORD PTR DS:[ECX+2C]
0041717F FFD0 CALL EAX ; netfw_rules_get__NewEnum
00417181 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-30] ; garbage out param
00417184 3BC3 CMP EAX,EBX
00417186 74 12 JE SHORT SeCon_Wi.0041719A
00417188 8B08 MOV ECX,DWORD PTR DS:[EAX]
0041718A 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28]
0041718D 52 PUSH EDX
0041718E 68 C8D95E00 PUSH SeCon_Wi.005ED9C8
00417193 50 PUSH EAX
00417194 8B01 MOV EAX,DWORD PTR DS:[ECX]
00417196 FFD0 CALL EAX
--- snip ---
Instead of checking the HRESULT, the app code directly peeks at the out
parameter.
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/hnetcfg/policy.c#l234
--- snip ---
234 static HRESULT WINAPI netfw_rules_get__NewEnum(
235 INetFwRules *iface,
236 IUnknown **newEnum)
237 {
238 fw_rules *This = impl_from_INetFwRules( iface );
239
240 FIXME("%p, %p\n", This, newEnum);
241 return E_NOTIMPL;
242 }
--- snip ---
Wine should initialize the 'newEnum' out parameter to NULL.
$ sha1sum SIMATIC_WinCC_Runtime_Advanced_V15_1.exe
db1f97bb648b62fa1c5d974d7f2bcb6b4a9fd786
SIMATIC_WinCC_Runtime_Advanced_V15_1.exe
$ du -sh SIMATIC_WinCC_Runtime_Advanced_V15_1.exe
1.3G SIMATIC_WinCC_Runtime_Advanced_V15_1.exe
$ wine --version
wine-4.4-188-gc988910cae
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list