Details
-
Bug
-
Resolution: Fixed
-
P2: Important
-
6.5.1, 6.6
-
None
-
Windows 10 21H2. Visual Studio 2022.
-
-
4d11ba66d (dev), a75ad8ddc (6.6), a439185ba (tqtc/lts-6.5)
Description
QNetworkAccessManager freezes when attempting to perform GET or POST operations from a process with low integrity level (low IL) sandboxing.
Background: This bug is preventing my company from performing HTTP calls from Qt applications running on embedded medical devices.
Steps to reproduce
- Unzip attached reproducer
- Build project on Windows.
- From an administrator command prompt: Run icacls QtNetworkAuthSandboxing.exe /setintegritylevel Low to make the program run in low integrity level (low IL).
- From a regular command prompt: Run QtNetworkAuthSandboxing.exe
- Observe that the program freezes without any console output.
Root cause
The root cause appear to be the CertOpenSystemStore(0, L"ROOT") calls in qtls_schannel.cpp. These calls will fail when running under low IL due to lack of write access to the HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT registry key. This can be verified by monitoring registry access with Process Explorer.
Proposed fix
Replace the CertOpenSystemStore(0, L"ROOT") calls with CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER, L"ROOT") so that the certificate store is opened in read-only mode.
Attachments
For Gerrit Dashboard: QTBUG-118192 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
512387,5 | Fix QNetworkAccessManager hang with low integrity level sandboxing | dev | qt/qtbase | Status: MERGED | +2 | 0 |
512665,2 | Fix QNetworkAccessManager hang with low integrity level sandboxing | 6.6 | qt/qtbase | Status: MERGED | +2 | 0 |
512745,2 | Fix QNetworkAccessManager hang with low integrity level sandboxing | tqtc/lts-6.5 | qt/tqtc-qtbase | Status: MERGED | +2 | 0 |