{"id":830,"date":"2011-04-14T17:30:15","date_gmt":"2011-04-14T15:30:15","guid":{"rendered":"http:\/\/blog.m-ri.de\/?p=830"},"modified":"2011-04-17T10:38:47","modified_gmt":"2011-04-17T08:38:47","slug":"bug-black-patchday-for-all-os-from-xp-and-later-3-mfc-8-0-vc-2005-or-mfc-9-0-vc-2008-linked-dynamically-to-the-mfc-may-not-find-the-mfc-language-dlls-after-installation-of-the-security-packs-d","status":"publish","type":"post","link":"http:\/\/blog.m-ri.de\/index.php\/2011\/04\/14\/bug-black-patchday-for-all-os-from-xp-and-later-3-mfc-8-0-vc-2005-or-mfc-9-0-vc-2008-linked-dynamically-to-the-mfc-may-not-find-the-mfc-language-dlls-after-installation-of-the-security-packs-d\/","title":{"rendered":"BUG: Black Patchday for all OS from XP and later 3. &#8211; MFC 8.0 (VC-2005) or MFC 9.0 (VC-2008) linked dynamically to the MFC may not find the MFC language DLLs after installation of the security packs dated April 12th 2011"},"content":{"rendered":"<p><strong>This is the English translation of the already published German article:<\/strong><br \/>\n<a title=\"Permanent Link: BUG: Schwarzer Patchday f\u00fcr alle OS XP und sp\u00e4ter 3. \u2013 MFC 8.0 (VC-2005) oder MFC 9.0 (VC-2008) die dynamisch gelinkt wurden finden die MFC Sprach-DLLs evtl. nicht mehr nach Installation der Sicherheitspatches vom 12.04.2011\" rel=\"bookmark\" href=\"http:\/\/blog.m-ri.de\/index.php\/2011\/04\/14\/bug-schwarzer-patchday-fur-alle-os-xp-und-spater-3-mfc-8-0-vc-2005-oder-mfc-9-0-vc-2008-die-dynamisch-gelinkt-wurden-finden-die-mfc-sprach-dlls-evtl-nicht-mehr-nach-installation-der-sicherhei\/\">BUG: Schwarzer Patchday f\u00fcr alle OS XP und sp\u00e4ter 3. \u2013 MFC 8.0 (VC-2005) oder MFC 9.0 (VC-2008) die dynamisch gelinkt wurden finden die MFC Sprach-DLLs evtl. nicht mehr nach Installation der Sicherheitspatches vom 12.04.2011<\/a><\/p>\n<h3>Affected are:<\/h3>\n<ul>\n<li>All programs created with MFC 8.0 and MFC 9.0 that link dynamically to the <em>MFC DLLs<\/em> .<\/li>\n<li>All operating systems from <em>Windows XP <\/em>and later. 32bit as 64bit<\/li>\n<li>Al programs that do not use an application local installation (program directory, see note at the bottom of the article). So all programs\u00a0that use and depend on <em>WinSxS<\/em> and <em>VCRedist_x86.exe <\/em>( <em>VCRedist_x64.exe<\/em>).<\/li>\n<li>All programs that are localized and use the <em>MFC90xxx.DLL <\/em>or. <em>MFC80xxx.DLL <\/em>language-DLLs and the OS system language is not set to English.<\/li>\n<\/ul>\n<h3>It is affected due to the security fixes offered April 12th, 2011:<\/h3>\n<p>For VS-2005 SP1 <a onclick=\"javascript:_gaq.push(['_trackEvent','outbound-article','support.microsoft.com']);\" href=\"http:\/\/support.microsoft.com\/kb\/2465367\">http:\/\/support.microsoft.com\/kb\/2465367<\/a> and <a onclick=\"javascript:_gaq.push(['_trackEvent','outbound-article','support.microsoft.com']);\" href=\"http:\/\/support.microsoft.com\/kb\/2467175\">http:\/\/support.microsoft.com\/kb\/2467175<\/a><br \/>\nFor VS-2008 SP1 <a onclick=\"javascript:_gaq.push(['_trackEvent','outbound-article','support.microsoft.com']);\" href=\"http:\/\/support.microsoft.com\/kb\/2465361\">http:\/\/support.microsoft.com\/kb\/2465361<\/a> and <a onclick=\"javascript:_gaq.push(['_trackEvent','outbound-article','support.microsoft.com']);\" href=\"http:\/\/support.microsoft.com\/kb\/2467174\">http:\/\/support.microsoft.com\/kb\/2467174<\/a><\/p>\n<h3>Failure description:<\/h3>\n<p>The MFC language DLLs (satellite DLLs) are not loaded any longer. Parts of the application appear in English and not the selected language from the OS.<\/p>\n<h3>Background:<\/h3>\n<p>To prevent loading of wrong satellite DLLs (<em>Binary Planting<\/em>), an internal function in <em>appcore.cpp<\/em> named <em>_AfxLoadLangDLL was <\/em>changed. It checks if an activation context is active or not and if the DLLs should be loaded using this context. If there is an activation context active it is safe to load the satellite DLLs(<em>MFCDEUxxx.DLL<\/em> etc.) without defining a full path. If no activation context is active the path of the current application is used to load and find the satellite DLLs. The DLLs are loaded with a call to <em>LoadLibrary<\/em>.<\/p>\n<p>The code used looks like this (empty lines removed):<\/p>\n<pre lang=\"cpp\">...\r\nTCHAR *pszFilename = ::PathFindFileName(szLangDLL);\r\nACTCTX_SECTION_KEYED_DATA data;\r\nif (FindActCtxSectionString(\r\n    FIND_ACTCTX_SECTION_KEY_RETURN_HACTCTX,\r\n    NULL,\r\n    ACTIVATION_CONTEXT_SECTION_DLL_REDIRECTION,\r\n    pszFilename,\r\n    &amp;data) )\r\n{\r\n    \/\/ Load using the dll name only...\r\n    hInstance = ::LoadLibraryEx(pszFilename, NULL, 0);\r\n}\r\nelse\r\n{\r\n    \/\/ Load using the full path...\r\n    hInstance = ::LoadLibraryEx(szLangDLL, NULL, 0);\r\n}\r\n...<\/pre>\n<p>The code looks OK.\u00a0 And it is conform to the documentation of <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/aa375149(VS.85).aspx#\">FindActCtxSectionString<\/a> where the last parameter is defined as <em>__out<\/em>.<\/p>\n<pre lang=\"cpp\">BOOL FindActCtxSectionString(\r\n  __in   DWORD dwFlags,\r\n  __in   const GUID *lpExtensionGuid,\r\n  __in   ULONG ulSectionId,\r\n  __in   LPCTSTR lpStringToFind,\r\n  __out  PACTCTX_SECTION_KEYED_DATA ReturnedData\r\n);<\/pre>\n<p>But the documentation of <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/aa374148(VS.85).aspx\">ACTCTX_SECTION_KEYED_DATA <\/a>tells a different story:<\/p>\n<blockquote><p>Callers <strong>should initialize <\/strong>the ACTCTX_SECTION_KEYED_DATA structure as such:<br \/>\n&#8222;ACTCTX_SECTION_KEYED_DATA askd = { sizeof(askd) };&#8220;<br \/>\nwhich initializes all members to zero\/null except the size field which is set correctly.<\/p><\/blockquote>\n<p>(BTW: In my eyes a documentation failure)<\/p>\n<p>So what we see is that the code misses this: <strong>data.cbSize isn&#8217;t initialized<\/strong>\u2757<br \/>\nNow we have 3 possible scenarios what can happen with a\u00a0 randomly initialized\u00a0<em>data.cbSize <\/em>field:<\/p>\n<ol>\n<li><em>data.cbSize <\/em>is larger than\u00a0<em>sizeof(ACTCTX_SECTION_KEYED_DATA):<\/em><br \/>\nIn this case the activation context is correctly detected. The program executes normal.\u00a0 With an activation context no full path is needed. The MFC90xxx.DLL will be loaded from the WinSxS (Side by Side) or found over the common search path.<\/li>\n<li><em>data.cbSize <\/em>is\u00a0less than\u00a0 <em>sizeof(ACTCTX_SECTION_KEYED_DATA)<\/em>:<br \/>\nIn this case <em>FindActCtxSectionString<\/em> returns with an error. The DLL is now loaded with a full path name constructed from the application directory to prevent <em>Binary Planting<\/em>. Butthe problemis that with a normal installation the searched files are all in WinSxS, and the application directory has no such data. The DLL is not loaded.<br \/>\nIf the application local assemblies are used and placed in sub directories they aren&#8217;t found either.<\/li>\n<li>A future problem.<br \/>\nIf an OS will use a larger <em>ACTCTX_SECTION_KEYED_DATA <\/em>and <em>data.cbSize <\/em>has a greater value than the corresponding <em>sizeof(&#8230;)<\/em>:<br \/>\nWe have a buffer-overrun!<\/li>\n<\/ol>\n<p>I always recommend to use private and application local assemblies for the CRT and MFC DLLs. And to install all this files local to the application.<br \/>\nYears ago I wrote an article for this scenario that was published on CodeProject and a hotfix for <em>VS-2008 <\/em>is also available<em> <\/em>\u2757<br \/>\n<strong><a title=\"Create projects easily with private MFC, ATL and CRT assemblies\" href=\"http:\/\/www.codeproject.com\/KB\/cpp\/PrivateAssemblyProjects.aspx\">Create projects easily with private MFC, ATL and CRT assemblies<\/a><br \/>\n<a title=\"Hotfix f\u00fcr UseMSPrivateAssemblies.h und VC-2008\" href=\"http:\/\/blog.m-ri.de\/index.php\/2008\/05\/06\/hotfix-fuer-usemsprivateassembliesh-und-vc-2008\/\">Hotfix f\u00fcr UseMSPrivateAssemblies.h und VC-2008<\/a><\/strong><\/p>\n<h3>What to do?<\/h3>\n<p>Uninstall all of the mentioned security fixes with the specified article IDs.<br \/>\nRuntime-2005: KB2467175, Runtime-2008: KB2467174<br \/>\nVS-2007 SP1: KB2465367, VS-2008 SP1: KB2465361).<\/p>\n<h3>Further notes:<\/h3>\n<p>The affected C\/C++ Runtimes of <em>Visual Studio <\/em>have the following version numbers:<br \/>\n&#8211; VC-2005 8.0.50727.5592 (KB2467175)<br \/>\n&#8211; VC-2008 9.0.30729.5570 (KB2467174)<\/p>\n<p>My comment to tis issue:<br \/>\nIt was easier to live with the DLL-hell. \ud83d\ude41<\/p>\n<p><strong>Many thanks to my Co-MVP<\/strong><strong> Mike Ryan who helped me to discover this problems with the latest security patches:!:<\/strong><\/p>\n<p><strong>What Do I mean with &#8222;application local&#8220;?<br \/>\n<\/strong>Some people ship the MFC files in the application directory. In such a case this DLLs are not loaded if a newer version can be found in the WinSxS directory. This is not application local for <strong>me<\/strong>!<br \/>\nSo if the manifest file in the program directory still have a publicKey entry, the local files will be used\u00a0 in case of the here described bug. Even if the activation context was not detected, so the local files are a kind of fallback and help prevent get around the problem.<br \/>\nMy articles describe how to make your application really application local in removingthe publicKey tokens from the manifest files. Such programs will never fail on such broken security patches. (Just read my article at Codeproject). (Thanks for Co-MVP David Ching who asked me for a clarification)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the English translation of the already published German article: BUG: Schwarzer Patchday f\u00fcr alle OS XP und sp\u00e4ter 3. \u2013 MFC 8.0 (VC-2005) oder MFC 9.0 (VC-2008) die dynamisch gelinkt wurden finden die MFC Sprach-DLLs evtl. nicht mehr nach Installation der Sicherheitspatches vom 12.04.2011 Affected are: All programs created with MFC 8.0 and &hellip; <a href=\"http:\/\/blog.m-ri.de\/index.php\/2011\/04\/14\/bug-black-patchday-for-all-os-from-xp-and-later-3-mfc-8-0-vc-2005-or-mfc-9-0-vc-2008-linked-dynamically-to-the-mfc-may-not-find-the-mfc-language-dlls-after-installation-of-the-security-packs-d\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eBUG: Black Patchday for all OS from XP and later 3. &#8211; MFC 8.0 (VC-2005) or MFC 9.0 (VC-2008) linked dynamically to the MFC may not find the MFC language DLLs after installation of the security packs dated April 12th 2011\u201c <\/span>weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,3,17,27],"tags":[99,288,352,136,34,358,36,44,186,284],"class_list":["post-830","post","type-post","status-publish","format-standard","hentry","category-mfc","category-programmieren","category-vista-2","category-vs2008","tag-bug","tag-english","tag-mfc","tag-qualitaetssicherung","tag-sp","tag-vista","tag-vs-2005","tag-vs-2008","tag-windows-7","tag-windows-xp"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/posts\/830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/comments?post=830"}],"version-history":[{"count":1,"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/posts\/830\/revisions"}],"predecessor-version":[{"id":831,"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/posts\/830\/revisions\/831"}],"wp:attachment":[{"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/media?parent=830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/categories?post=830"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.m-ri.de\/index.php\/wp-json\/wp\/v2\/tags?post=830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}