[Bug 47038] New: Zero Time Dilemma crashes with unhandled page fault on read access in CryptGenRandom

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 47038] New: Zero Time Dilemma crashes with unhandled page fault on read access in CryptGenRandom

Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=47038

            Bug ID: 47038
           Summary: Zero Time Dilemma crashes with unhandled page fault on
                    read access in CryptGenRandom
           Product: Wine
           Version: 4.6
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: advapi32
          Assignee: [hidden email]
          Reporter: [hidden email]
      Distribution: ---

The game crashes instantly after launching, before even opening a window.

The game makes a call to CryptAcquireContextA which fails because the game
doesn't set the CRYPT_NEWKEYSET flag and wine assumes the existence of a
certain registry key. The registry key doesn't exist, wine returns an error and
the game calls CryptGenRandom with the value it received from
CryptAcquireContextA without checking for an error.

Relevant log lines:

0288:Call
advapi32.CryptAcquireContextA(0032fc08,00000000,00000000,00000001,00000000)
ret=004087cc
0288:Call rsaenh.CPAcquireContext(063a5e80,00000000,00000000,063a09e8)
ret=7e93ce36
0288:Call advapi32.GetUserNameA(0032f78c,0032f788) ret=7b9e46b0
0288:Ret  advapi32.GetUserNameA() retval=00000001 ret=7b9e46b0
0288:Call advapi32.RegOpenKeyExA(80000001,0032f5cc
"Software\\Wine\\Crypto\\RSA\\thijs",00000000,00020019,0032f730) ret=7b9dcb6e
0288:Ret  advapi32.RegOpenKeyExA() retval=00000002 ret=7b9dcb6e
0288:Ret  rsaenh.CPAcquireContext() retval=00000000 ret=7e93ce36
0288:Ret  advapi32.CryptAcquireContextA() retval=00000000 ret=004087cc
0288:Call advapi32.CryptGenRandom(00000004,00000004,0032fc04) ret=004087db
...
wine: Unhandled page fault on read access to 0x00000004 at address 0x7e93d3f3
(thread 0288), starting debugger...

I patched CryptAcquireContextA with "*phProv = 0;" before returning. This fixes
the crash and the game runs fine at first glance, so it seems the game does not
rely on a correct implementation. The link below contains the full
+relay,+crypt log (includes a lot of output from Steam).

https://mega.nz/#!TAVWWKIZ!Z2W5IquxzNEOkR-DxkWAyPwTRz8ZlHjWK9CvQkQUCmc

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 47038] Zero Time Dilemma: CryptAcquireContext fails when asked to return default container

Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=47038

Dmitry Timoshkov <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Zero Time Dilemma crashes   |Zero Time Dilemma:
                   |with unhandled page fault   |CryptAcquireContext fails
                   |on read access in           |when asked to return
                   |CryptGenRandom              |default container
          Component|advapi32                    |rsaenh
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1

--- Comment #1 from Dmitry Timoshkov <[hidden email]> ---
It's a bug in rsaenh.CPAcquireContext that fails when asked to return default
container which doesn't exist at this point. A later crash in CryptGenRandom
is caused by earlier failure.

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 47038] Zero Time Dilemma: CryptAcquireContext fails when asked to return default container

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=47038

--- Comment #2 from [hidden email] ---
I don't have a windows machine to test right now, but the documentation
suggests wine is correct in returning an error.

The documentation for the NTE_BAD_KEYSET error code says:

"The key container could not be opened. A common cause of this error is that
the key container does not exist. To create a key container, call
CryptAcquireContext using the CRYPT_NEWKEYSET flag."
https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-cryptacquirecontexta

The application never makes a call with that flag set. The application might be
relying on *phProv getting set to null when an error occurs. In that case
CryptGenRandom would also just return an error instead of crashing.

Example code on
https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/example-c-program-creating-a-key-container-and-generating-keys
also checks for that error and tries again with the CRYPT_NEWKEYSET flag.

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 47038] Zero Time Dilemma: CryptAcquireContext fails when asked to return default container

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=47038

--- Comment #3 from Dmitry Timoshkov <[hidden email]> ---
(In reply to tijs96 from comment #2)

> I don't have a windows machine to test right now, but the documentation
> suggests wine is correct in returning an error.
>
> The documentation for the NTE_BAD_KEYSET error code says:
>
> "The key container could not be opened. A common cause of this error is that
> the key container does not exist. To create a key container, call
> CryptAcquireContext using the CRYPT_NEWKEYSET flag."
> https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-
> cryptacquirecontexta
>
> The application never makes a call with that flag set. The application might
> be relying on *phProv getting set to null when an error occurs. In that case
> CryptGenRandom would also just return an error instead of crashing.
>
> Example code on
> https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/example-c-program-
> creating-a-key-container-and-generating-keys also checks for that error and
> tries again with the CRYPT_NEWKEYSET flag.

The problem has nothing to do with NTE_BAD_KEYSET error code, the app asks
to open the default container, and that fails under Wine.

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.