Signature corrupted after uploading MSI file to WebDav folder on IIS 6


 


Symptom


========


Download one public MSI file which has digital signature from http://go.microsoft.com/fwlink/?LinkId=95743 , view its Digital Signature property:


 



 webdav1


It shows the signature is OK.


 


1.   On IIS 6, enable WebDav folder (For detailed steps can refer to Using WebDAV with IIS), upload the MSI file to this folder, check the uploaded MSI signature property:


 



webdav2 


We can see the Signature is not valid now.


 


If we put other files, such as .exe, or .zip, this symptom will not happen.


 


Analysis


=============


I have performed Live debugging in good scenario (by putting a .exe file to webdav folder) and problematic scenario (by putting a .msi file to webdav folder).


 


Found out the issue is caused by the fact that the MSI file is a type of OLE doc file, and it doesn’t have the ‘CONTENTS’ stream in the ‘Bagaaqy23kudbhchAaq5u2chNd’ storage. When WEBDAV is going to update the file properties (by the PropPatch verb),  the ‘CONTENTS’ stream will be created in the Bagaaqy23kudbhchAaq5u2chNd’ storage by the OLE32.dll module’s persisting stream logic. When this happened, the original digital signature that file has could be impacted as we see.


 


0:004> kL


ChildEBP RetAddr 


0132f634 776dbdb6 ole32!CExposedDocFile::OpenStorage+0xcd


0132f6f8 7777367f ole32!CPropertySetStorage::Open+0x100


0132f77c 77773e56 ole32!CPropertyBagEx::OpenPropStg+0x5a


0132fbb0 6711bea5 ole32!CPropertyBagEx::WriteMultiple+0xab


0132fbd4 6711dac3 httpext!CFSProp::ScSetProps+0x29


0132fc0c 6711e7fc httpext!CFSPatch::ScPatch+0xaf


0132fc68 6711f1ee httpext!CPropPatchRequest::DoPatch+0x194


0132fc84 6711f4a8 httpext!CPropPatchRequest::ParseBody+0x39


0132fca8 6711f542 httpext!CPropPatchRequest::Execute+0x195


0132fccc 671296d2 httpext!DAVPropPatch+0x86


0132fd1c 67117bc6 httpext!CDAVExt::DwMain+0x12e


0132fe40 5a322991 httpext!DwDavFSExtensionProc+0x3f


0132fe60 5a3968ff w3isapi!ProcessIsapiRequest+0x214


0132fe94 5a3a66f1 w3core!W3_ISAPI_HANDLER::IsapiDoWork+0x3fd


0132feac 5a394c6f w3core!W3_ISAPI_HANDLER::OnCompletion+0x7e


0132fec4 5a394bf0 w3core!W3_HANDLER::MainOnCompletion+0x52


0132fee8 5a394baf w3core!W3_CONTEXT::ExecuteHandlerCompletion+0x23


0132ff08 5a394fab w3core!W3_MAIN_CONTEXT::DoWork+0x91


0132ff20 5a3618b2 w3core!W3_MAIN_CONTEXT::OnIoCompletion+0x37


0132ff38 5a361650 w3dt!UL_NATIVE_REQUEST::DoStateProcess+0x48


 


0:004> du 0x0132f6b4


0132f6b4  “.Bagaaqy23kudbhchAaq5u2chNd


 


0:004> r eax


eax=80030002


 


0:004> !error 80030002


Error code: (HRESULT) 0x80030002 (2147680258) – %1 could not be found.


 


0:004> du ole32!g_oszPropertyContentsStreamName


77680108  “CONTENTS


 


Based on the analysis result, we know that zip or exe file will not be impacted as it is not the ole doc file format.


 


To verify if a file is an OLE doc file, can use this stg.exe file to open it.


 


http://support.microsoft.com/kb/139545


 


 If the file is an ole doc file and the Bagaaqy23kudbhchAaq5u2chNd storage exists, it will be displayed like:


 



 webdav3


 


Summary


========


While uploading OLE files to IIS 6 webdav folder, it may be filled with CONTENTS information and then may cause digital signature becomes invalid. To workaround this, just zip the files. On IIS 7, there is no such a problem based on our tests.


 


Regards,


 


Freist Li


 

Comments (0)

Skip to main content