[Bug 34083] Norton/Symantec AntiVirus 10.x installers fail to validate embedded certificate (CERT with multiple OU fields, crypt32.CertGetNameStringW must return RDNs in reverse order)
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Dec 31 06:57:34 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=34083
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Symantec Antivirus 10.x |Norton/Symantec AntiVirus
|installer fails in custom |10.x installers fail to
|action |validate embedded
|WriteCcSettingsTables.03FE0 |certificate (CERT with
|1CF_295E_4354_A292_7DC4A810 |multiple OU fields,
|E0DA (CERT with multiple OU |crypt32.CertGetNameStringW
|fields, |must return RDNs in reverse
|crypt32.CertGetNameStringW |order)
|must return RDNs in reverse |
|order) |
URL| |https://web.archive.org/web
| |/20111104092310/http://spft
| |rl.digitalriver.com/pub/sym
| |antec/tbyb/NAM/NAV10TBEN.ex
| |e
Keywords| |download
--- Comment #6 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
I've found a public download which exhibits the same problem.
'Norton AntiVirus 2010 (17.x)':
https://web.archive.org/web/20111104092310/http://spftrl.digitalriver.com/pub/symantec/tbyb/NAM/NAV10TBEN.exe
--- snip ---
$ WINEDEBUG=+seh,+relay,+msi,+wintrust,+crypt wine ./NAV10TBEN.exe >>log.txt
2>&1
...
01a0:Call wintrust.WinVerifyTrust(ffffffff,0183f8c4,0183f67c) ret=6d3d8100
...
01a0:trace:wintrust:dump_wintrust_data 0183F67C
01a0:trace:wintrust:dump_wintrust_data cbStruct: 48
01a0:trace:wintrust:dump_wintrust_data pPolicyCallbackData: 00000000
01a0:trace:wintrust:dump_wintrust_data pSIPClientData: 00000000
01a0:trace:wintrust:dump_wintrust_data dwUIChoice: 2
01a0:trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000000
01a0:trace:wintrust:dump_wintrust_data dwUnionChoice: 1
01a0:trace:wintrust:dump_file_info 0183F6EC
01a0:trace:wintrust:dump_file_info cbStruct: 16
01a0:trace:wintrust:dump_file_info pcwszFilePath:
L"Z:\\HOME\\FOCHT\\DOWNLOADS\\NAV10TBEN.EXE"
01a0:trace:wintrust:dump_file_info hFile: 0000013C
01a0:trace:wintrust:dump_file_info pgKnownSubject: (null)
01a0:trace:wintrust:dump_wintrust_data dwStateAction: 0
01a0:trace:wintrust:dump_wintrust_data hWVTStateData: 00000000
01a0:trace:wintrust:dump_wintrust_data pwszURLReference: (null)
01a0:trace:wintrust:dump_wintrust_data dwProvFlags: 00000010
01a0:trace:wintrust:dump_wintrust_data dwUIContext: 0
01a0:trace:wintrust:WINTRUST_DefaultVerifyAndClose (FFFFFFFF,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0183F67C)
01a0:trace:wintrust:WINTRUST_DefaultVerify (FFFFFFFF,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0183F67C)
...
01a0:Ret crypt32.CertVerifyCertificateChainPolicy() retval=00000001
ret=01cffd31
01a0:trace:wintrust:SoftpubAuthenticode returning 0 (00000000)
01a0:Ret wintrust.SoftpubAuthenticode() retval=00000000 ret=01d01e85
01a0:trace:wintrust:WINTRUST_DefaultVerify returning 00000000
01a0:trace:wintrust:WINTRUST_DefaultClose (FFFFFFFF,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0183F67C)
...
01a0:trace:wintrust:WINTRUST_DefaultClose returning 00000000
01a0:trace:wintrust:WINTRUST_DefaultVerifyAndClose returning 00000000
01a0:trace:wintrust:WinVerifyTrust returning 00000000
...
01a0:Call
crypt32.CryptQueryObject(00000001,00185770,00000400,00000002,00000000,0183f9b8,0183f9c0,0183f9bc,0183f9f0,0183f9ec,00000000)
ret=6d3d8cad
01a0:trace:crypt:CryptQueryObject (00000001, 00185770, 00000400, 00000002,
00000000, 0183F9B8, 0183F9C0, 0183F9BC, 0183F9F0, 0183F9EC, 00000000)
...
01a0:trace:crypt:CRYPT_QueryEmbeddedMessageObject
L"Z:\\HOME\\FOCHT\\DOWNLOADS\\NAV10TBEN.EXE"
...
01a0:trace:crypt:CertGetCertificateContextProperty returning 0
01a0:trace:crypt:CertFindExtension "2.5.29.37" 9 00200918
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0024, 00200A68, 12,
0x00008000, 00000000, 0183F7B0, 0183F7B8)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertGetEnhancedKeyUsage returning 1
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D4071A0, 0183F2C8,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183EC14, 0183EC18)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.3" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (5, 0019763C, 0183F2C8, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 21 (L"Symantec Corporation")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407194, 0183F6D8,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183EC14, 0183EC18)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.11" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (4, 001975B4, 0183F6D8, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 54 (L"Digital ID Class 3 -
Microsoft Software Validation v2")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407188, 0183F4D0,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183EC14, 0183EC18)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.10" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (5, 00197584, 0183F4D0, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 21 (L"Symantec Corporation")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407180, 0183F0C0,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183EC14, 0183EC18)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.7" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (4, 00197560, 0183F0C0, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 13 (L"Santa Monica")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407178, 0183ECB0,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183EC14, 0183EC18)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.8" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (4, 0019753C, 0183ECB0, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 11 (L"California")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407170, 0183EEB8,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183EC14, 0183EC18)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.6" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (4, 00197520, 0183EEB8, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 3 (L"US")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407194, 0183F6D8,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183F434, 0183F438)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.11" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (4, 001975B4, 0183F6D8, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 54 (L"Digital ID Class 3 -
Microsoft Software Validation v2")
01a0:trace:crypt:CertGetNameStringW (001C7854, 3, 00000000, 6D407188, 0183F4D0,
260)
01a0:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 00200794, 219,
0x00008000, 00000000, 0183F434, 0183F438)
01a0:trace:crypt:CryptDecodeObjectEx returning 1
01a0:trace:crypt:CertFindRDNAttr "2.5.4.10" 001974D8
01a0:trace:crypt:CertRDNValueToStrW (5, 00197584, 0183F4D0, 260)
01a0:trace:crypt:CertRDNValueToStrW returning 21 (L"Symantec Corporation")
01a0:trace:crypt:CertFreeCertificateContext (001C7854)
01a0:trace:crypt:MemStore_release (00191BF0) ref=1
...
01a0:Call KERNEL32.lstrlenW(00185770 L"2020-12-31-12-59-27-245 : 0x01A0 : Error
: CTrustCheck::Initialize(88) : failed to verify trust: 3\r\n") ret=0043049f
...
0184:Call user32.DrawTextW(005c00b9,01616558 L"The install file cannot be
properly validated. Please click the link below for instructions on how to
resolve this issue.-hs\00e0",00000003,0031d614,00000920) ret=6d73b79f
--- snip ---
Installer log file 'NortonInstall-*.log':
--- snip ---
2020-12-31-12-59-20-378 : 0x0184 : Information : install version: 6.0.0.94
2020-12-31-12-59-20-379 : 0x0184 : Information : command line:
"Z:\home\focht\Downloads\NAV10TBEN.exe"
2020-12-31-12-59-20-379 : 0x0184 : Information : base install folder:
C:\Program Files (x86)\NortonInstaller
2020-12-31-12-59-20-379 : 0x0184 : Information : install log folder:
C:\ProgramData\NortonInstaller\Logs\2020-12-31-12h59m20s
2020-12-31-12-59-20-379 : 0x0184 : Information : install temp folder:
C:\ProgramData\NortonInstaller\SymTemp
2020-12-31-12-59-20-397 : 0x0184 : Information : Install Cache: C:\Program
Files
(x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.0.0.136
2020-12-31-12-59-20-399 : 0x0184 : Information : Start: Load InstallUI
2020-12-31-12-59-20-399 : 0x0184 : Information : Finish: Load InstallUI
(ERROR_FILE_NOT_FOUND)
2020-12-31-12-59-20-401 : 0x0184 : Information : Start: Extract Package
...
2020-12-31-12-59-20-992 : 0x01A0 : Information : Start: Load Engine
2020-12-31-12-59-21-019 : 0x01A0 : Information : Finish: Load ProductCallback
2020-12-31-12-59-21-021 : 0x01A0 : Information : Completed: 0, Patch Detected:
0
2020-12-31-12-59-21-023 : 0x01A0 : Information : Quiet: 0, Quiet Basic: 0
2020-12-31-12-59-21-024 : 0x01A0 : Information : Install: 1, Relaunch: 0
2020-12-31-12-59-21-025 : 0x01A0 : Information : Show Errors: 1, No Error
Report: 0
2020-12-31-12-59-21-025 : 0x01A0 : Information : InitializeStates returned
0x00000000
2020-12-31-12-59-21-026 : 0x01A0 : Information : ===> Start: Initialize
Process Trust
2020-12-31-12-59-21-028 : 0x01A0 : Information : Verify Process
...
2020-12-31-12-59-27-245 : 0x01A0 : Error : CTrustCheck::Initialize(88) : failed
to verify trust: 3
...
2020-12-31-12-59-27-465 : 0x01A0 : Error : CTrustCheck::Initialize(102) :
invalid signature: 3
2020-12-31-12-59-27-467 : 0x01A0 : Information : <=== Finish: Initialize
Process Trust, Time: 6443ms (0x800b0100)
2020-12-31-12-59-27-468 : 0x01A0 : Error : CEngineManager::Initialize(211) :
InitializeTrust failed (0x800b0100)
2020-12-31-12-59-27-470 : 0x01A0 : Information : Engine Version: 6.0.0.94
...
--- snip ---
virustotal.com scan of the installer binary:
https://www.virustotal.com/gui/file/687880087e0a7975912446f8695a6f115f77bda87862317e0f900509035ba694/details
$ sha1sum NAV10TBEN.exe
eadfb9c860146186c548aba695a9be87607f5586 NAV10TBEN.exe
$ du -sh NAV10TBEN.exe
74M NAV10TBEN.exe
$ wine --version
wine-6.0-rc4
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list