Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:75053 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 10931 invoked from network); 24 Jun 2014 07:39:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jun 2014 07:39:24 -0000 Authentication-Results: pb1.pair.com smtp.mail=remi@fedoraproject.org; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=remi@fedoraproject.org; sender-id=unknown Received-SPF: error (pb1.pair.com: domain fedoraproject.org from 217.70.183.196 cause and error) X-PHP-List-Original-Sender: remi@fedoraproject.org X-Host-Fingerprint: 217.70.183.196 relay4-d.mail.gandi.net Received: from [217.70.183.196] ([217.70.183.196:36181] helo=relay4-d.mail.gandi.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 99/21-34096-A2B29A35 for ; Tue, 24 Jun 2014 03:39:24 -0400 Received: from mfilter3-d.gandi.net (mfilter3-d.gandi.net [217.70.178.133]) by relay4-d.mail.gandi.net (Postfix) with ESMTP id 4947017209B for ; Tue, 24 Jun 2014 09:39:20 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter3-d.gandi.net Received: from relay4-d.mail.gandi.net ([217.70.183.196]) by mfilter3-d.gandi.net (mfilter3-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id gOB7-KZC8Jk3 for ; Tue, 24 Jun 2014 09:39:17 +0200 (CEST) X-Originating-IP: 82.241.130.121 Received: from schrodingerscat.famillecollet.com (pom51-2-82-241-130-121.fbx.proxad.net [82.241.130.121]) (Authenticated sender: contact@ll-experts.com) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 95645172094 for ; Tue, 24 Jun 2014 09:39:16 +0200 (CEST) Message-ID: <53A92B24.40706@fedoraproject.org> Date: Tue, 24 Jun 2014 09:39:16 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: PHP Internals References: <53A1C722.9060501@fedoraproject.org> <53A21137.6010705@sugarcrm.com> <53A2A9BD.1070603@sugarcrm.com> <53A3874E.20704@sugarcrm.com> <53A65578.6000701@sugarcrm.com> <53A8626B.701@fedoraproject.org> <53A866B6.4060501@sugarcrm.com> In-Reply-To: <53A866B6.4060501@sugarcrm.com> Content-Type: multipart/mixed; boundary="------------000004070108090900080404" Subject: Re: [PHP-DEV] Re: Bug 67072 resolution for 5.4/5.5 From: remi@fedoraproject.org (Remi Collet) --------------000004070108090900080404 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Le 23/06/2014 19:41, Stas Malyshev a =C3=A9crit : > Hi! >=20 >> Minimal reproducer: >> >> > class FooFile extends SplFileInfo { >> } >> $str =3D 'O:7:"FooFile":0:{}'; >> var_dump(unserialize($str)); >> ?> >=20 > I'm afraid here we can't do much - SplFileInfo is one of the classes > that it is unsafe to instantiate this way. It's what original 67072 was > about and I don't think it's safe to leave it this way, since at best i= t > can crash any code that uses unserialize() on external data, at worst > you got RCE. I think the segfault have to be fixed in spl. And if we plan to allow newInstanceArgWithoutConstructor() for internal classes this is mandatory. See attached patch (quickly written, just for test) So we can allow "O:.." (perhaps only for empty data used in the phpunit/doctrine hack, =3D> strlen(*p)<=3D1) Running: echo unserialize('O:13:"SplFileObject":1:{s:9:"*filename";s:15:"/home/flag/fla= g";}'); echo unserialize('O:13:"SplFileObject":0:{}'); Warning: Erroneous data format for unserializing 'SplFileObject' ... Fatal error: SplFileObject::__toString(): Object not initialized ... Remi. --------------000004070108090900080404 Content-Type: text/plain; charset=UTF-8; name="spl_patch.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="spl_patch.txt" ZGlmZiAtdXAgZXh0L3NwbC9zcGxfZGlyZWN0b3J5LmMucHJldiBleHQvc3BsL3NwbF9kaXJl Y3RvcnkuYwotLS0gZXh0L3NwbC9zcGxfZGlyZWN0b3J5LmMucHJldgkyMDE0LTA2LTI0IDA5 OjI0OjM2LjcyODU4NDc3MCArMDIwMAorKysgZXh0L3NwbC9zcGxfZGlyZWN0b3J5LmMJMjAx NC0wNi0yNCAwOToyNzozMS42MzIzMzQwNzMgKzAyMDAKQEAgLTQ2LDYgKzQ2LDEyIEBACiAK ICNkZWZpbmUgU1BMX0hBU19GTEFHKGZsYWdzLCB0ZXN0X2ZsYWcpICgoZmxhZ3MgJiB0ZXN0 X2ZsYWcpID8gMSA6IDApCiAKKyNkZWZpbmUgU1BMX0NIRUNLX1RZUEUoX3R5cGUpIGRvIHtc CisJCWlmIChpbnRlcm4tPnR5cGUgIT0gX3R5cGUpIHsgXAorCQkJcGhwX2Vycm9yX2RvY3Jl ZihOVUxMIFRTUk1MU19DQywgRV9FUlJPUiwgIk9iamVjdCBub3QgaW5pdGlhbGl6ZWQiKTsg XAorCQl9IFwKKwl9IHdoaWxlICgwKQorCiAvKiBkZWNsYXJlIHRoZSBjbGFzcyBoYW5kbGVy cyAqLwogc3RhdGljIHplbmRfb2JqZWN0X2hhbmRsZXJzIHNwbF9maWxlc3lzdGVtX29iamVj dF9oYW5kbGVyczsKIC8qIGluY2x1ZGVzIGhhbmRsZXIgdG8gdmFsaWRhdGUgb2JqZWN0IHN0 YXRlIHdoZW4gcmV0cmlldmluZyBtZXRob2RzICovCkBAIC0xNTEsNyArMTU3LDcgQEAgc3Rh dGljIHplbmRfb2JqZWN0X3ZhbHVlIHNwbF9maWxlc3lzdGVtXwogCiAJaW50ZXJuID0gZW1h bGxvYyhzaXplb2Yoc3BsX2ZpbGVzeXN0ZW1fb2JqZWN0KSk7CiAJbWVtc2V0KGludGVybiwg MCwgc2l6ZW9mKHNwbF9maWxlc3lzdGVtX29iamVjdCkpOwotCS8qIGludGVybi0+dHlwZSA9 IFNQTF9GU19JTkZPOyBkb25lIGJ5IHNldCAwICovCisJaW50ZXJuLT50eXBlID0gU1BMX0ZT X0lORk87CiAJaW50ZXJuLT5maWxlX2NsYXNzID0gc3BsX2NlX1NwbEZpbGVPYmplY3Q7CiAJ aW50ZXJuLT5pbmZvX2NsYXNzID0gc3BsX2NlX1NwbEZpbGVJbmZvOwogCWlmIChvYmopICpv YmogPSBpbnRlcm47CkBAIC03NTMsNiArNzU5LDcgQEAgU1BMX01FVEhPRChEaXJlY3RvcnlJ dGVyYXRvciwgcmV3aW5kKQogCQlyZXR1cm47CiAJfQogCisJU1BMX0NIRUNLX1RZUEUoU1BM X0ZTX0RJUik7CiAJaW50ZXJuLT51LmRpci5pbmRleCA9IDA7CiAJaWYgKGludGVybi0+dS5k aXIuZGlycCkgewogCQlwaHBfc3RyZWFtX3Jld2luZGRpcihpbnRlcm4tPnUuZGlyLmRpcnAp OwpAQCAtODAxLDYgKzgwOCw3IEBAIFNQTF9NRVRIT0QoRGlyZWN0b3J5SXRlcmF0b3IsIG5l eHQpCiAJCXJldHVybjsKIAl9CiAKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRElSKTsKIAlp bnRlcm4tPnUuZGlyLmluZGV4Kys7CiAJZG8gewogCQlzcGxfZmlsZXN5c3RlbV9kaXJfcmVh ZChpbnRlcm4gVFNSTUxTX0NDKTsKQEAgLTgyNCw2ICs4MzIsNyBAQCBTUExfTUVUSE9EKERp cmVjdG9yeUl0ZXJhdG9yLCBzZWVrKQogCQlyZXR1cm47CiAJfQogCisJU1BMX0NIRUNLX1RZ UEUoU1BMX0ZTX0RJUik7CiAJaWYgKGludGVybi0+dS5kaXIuaW5kZXggPiBwb3MpIHsKIAkJ Lyogd2UgZmlyc3QgcmV3aW5kICovCiAJCXplbmRfY2FsbF9tZXRob2Rfd2l0aF8wX3BhcmFt cygmdGhpc19wdHIsIFpfT0JKQ0VfUChnZXRUaGlzKCkpLCAmaW50ZXJuLT51LmRpci5mdW5j X3Jld2luZCwgInJld2luZCIsICZyZXR2YWwpOwpAQCAtODYxLDYgKzg3MCw3IEBAIFNQTF9N RVRIT0QoRGlyZWN0b3J5SXRlcmF0b3IsIHZhbGlkKQogCQlyZXR1cm47CiAJfQogCisJU1BM X0NIRUNLX1RZUEUoU1BMX0ZTX0RJUik7CiAJUkVUVVJOX0JPT0woaW50ZXJuLT51LmRpci5l bnRyeS5kX25hbWVbMF0gIT0gJ1wwJyk7CiB9CiAvKiB9fX0gKi8KQEAgLTkxMyw2ICs5MjMs NyBAQCBTUExfTUVUSE9EKERpcmVjdG9yeUl0ZXJhdG9yLCBnZXRGaWxlbmFtCiAJCXJldHVy bjsKIAl9CiAKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRElSKTsKIAlSRVRVUk5fU1RSSU5H KGludGVybi0+dS5kaXIuZW50cnkuZF9uYW1lLCAxKTsKIH0KIC8qIH19fSAqLwpAQCAtOTcy LDYgKzk4Myw3IEBAIFNQTF9NRVRIT0QoRGlyZWN0b3J5SXRlcmF0b3IsIGdldEV4dGVuc2kK IAkJcmV0dXJuOwogCX0KIAorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19ESVIpOwogCXBocF9i YXNlbmFtZShpbnRlcm4tPnUuZGlyLmVudHJ5LmRfbmFtZSwgc3RybGVuKGludGVybi0+dS5k aXIuZW50cnkuZF9uYW1lKSwgTlVMTCwgMCwgJmZuYW1lLCAmZmxlbiBUU1JNTFNfQ0MpOwog CiAJcCA9IHplbmRfbWVtcmNocihmbmFtZSwgJy4nLCBmbGVuKTsKQEAgLTEwMzEsNiArMTA0 Myw3IEBAIFNQTF9NRVRIT0QoRGlyZWN0b3J5SXRlcmF0b3IsIGdldEJhc2VuYW0KIAkJcmV0 dXJuOwogCX0KIAorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19ESVIpOwogCXBocF9iYXNlbmFt ZShpbnRlcm4tPnUuZGlyLmVudHJ5LmRfbmFtZSwgc3RybGVuKGludGVybi0+dS5kaXIuZW50 cnkuZF9uYW1lKSwgc3VmZml4LCBzbGVuLCAmZm5hbWUsICZmbGVuIFRTUk1MU19DQyk7CiAK IAlSRVRVUk5fU1RSSU5HTChmbmFtZSwgZmxlbiwgMCk7CkBAIC0xMDY3LDYgKzEwODAsNyBA QCBTUExfTUVUSE9EKEZpbGVzeXN0ZW1JdGVyYXRvciwga2V5KQogCQlyZXR1cm47CiAJfQog CisJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0RJUik7CiAJaWYgKFNQTF9GSUxFX0RJUl9LRVko aW50ZXJuLCBTUExfRklMRV9ESVJfS0VZX0FTX0ZJTEVOQU1FKSkgewogCQlSRVRVUk5fU1RS SU5HKGludGVybi0+dS5kaXIuZW50cnkuZF9uYW1lLCAxKTsKIAl9IGVsc2UgewpAQCAtMTA4 Niw2ICsxMTAwLDcgQEAgU1BMX01FVEhPRChGaWxlc3lzdGVtSXRlcmF0b3IsIGN1cnJlbnQp CiAJCXJldHVybjsKIAl9CiAKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRElSKTsKIAlpZiAo U1BMX0ZJTEVfRElSX0NVUlJFTlQoaW50ZXJuLCBTUExfRklMRV9ESVJfQ1VSUkVOVF9BU19Q QVRITkFNRSkpIHsKIAkJc3BsX2ZpbGVzeXN0ZW1fb2JqZWN0X2dldF9maWxlX25hbWUoaW50 ZXJuIFRTUk1MU19DQyk7CiAJCVJFVFVSTl9TVFJJTkdMKGludGVybi0+ZmlsZV9uYW1lLCBp bnRlcm4tPmZpbGVfbmFtZV9sZW4sIDEpOwpAQCAtMTEwOSw2ICsxMTI0LDcgQEAgU1BMX01F VEhPRChEaXJlY3RvcnlJdGVyYXRvciwgaXNEb3QpCiAJCXJldHVybjsKIAl9CiAKKwlTUExf Q0hFQ0tfVFlQRShTUExfRlNfRElSKTsKIAlSRVRVUk5fQk9PTChzcGxfZmlsZXN5c3RlbV9p c19kb3QoaW50ZXJuLT51LmRpci5lbnRyeS5kX25hbWUpKTsKIH0KIC8qIH19fSAqLwpAQCAt MTE0Miw3ICsxMTU4LDcgQEAgU1BMX01FVEhPRChTcGxGaWxlSW5mbywgX19jb25zdHJ1Y3Qp CiAKIAl6ZW5kX3Jlc3RvcmVfZXJyb3JfaGFuZGxpbmcoJmVycm9yX2hhbmRsaW5nIFRTUk1M U19DQyk7CiAJCi0JLyogaW50ZXJuLT50eXBlID0gU1BMX0ZTX0lORk87IGFscmVhZHkgc2V0 ICovCisJaW50ZXJuLT50eXBlID0gU1BMX0ZTX0lORk87CiB9CiAvKiB9fX0gKi8KIApAQCAt MTQ0NSw2ICsxNDYxLDcgQEAgU1BMX01FVEhPRChGaWxlc3lzdGVtSXRlcmF0b3IsIHJld2lu ZCkKIAkJcmV0dXJuOwogCX0KIAorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19ESVIpOwogCWlu dGVybi0+dS5kaXIuaW5kZXggPSAwOwogCWlmIChpbnRlcm4tPnUuZGlyLmRpcnApIHsKIAkJ cGhwX3N0cmVhbV9yZXdpbmRkaXIoaW50ZXJuLT51LmRpci5kaXJwKTsKQEAgLTE0NjUsNiAr MTQ4Miw3IEBAIFNQTF9NRVRIT0QoRmlsZXN5c3RlbUl0ZXJhdG9yLCBnZXRGbGFncykKIAkJ cmV0dXJuOwogCX0KIAorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19ESVIpOwogCVJFVFVSTl9M T05HKGludGVybi0+ZmxhZ3MgJiAoU1BMX0ZJTEVfRElSX0tFWV9NT0RFX01BU0sgfCBTUExf RklMRV9ESVJfQ1VSUkVOVF9NT0RFX01BU0sgfCBTUExfRklMRV9ESVJfT1RIRVJTX01BU0sp KTsKIH0gLyogfX19ICovCiAKQEAgLTE0OTMsNiArMTUxMSw3IEBAIFNQTF9NRVRIT0QoUmVj dXJzaXZlRGlyZWN0b3J5SXRlcmF0b3IsIGgKIAlpZiAoemVuZF9wYXJzZV9wYXJhbWV0ZXJz KFpFTkRfTlVNX0FSR1MoKSBUU1JNTFNfQ0MsICJ8YiIsICZhbGxvd19saW5rcykgPT0gRkFJ TFVSRSkgewogCQlyZXR1cm47CiAJfQorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19ESVIpOwog CWlmIChzcGxfZmlsZXN5c3RlbV9pc19pbnZhbGlkX29yX2RvdChpbnRlcm4tPnUuZGlyLmVu dHJ5LmRfbmFtZSkpIHsKIAkJUkVUVVJOX0ZBTFNFOwogCX0gZWxzZSB7CkBAIC0xNTIxLDYg KzE1NDAsNyBAQCBTUExfTUVUSE9EKFJlY3Vyc2l2ZURpcmVjdG9yeUl0ZXJhdG9yLCBnCiAJ CXJldHVybjsKIAl9CiAJCisJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0RJUik7CiAJc3BsX2Zp bGVzeXN0ZW1fb2JqZWN0X2dldF9maWxlX25hbWUoaW50ZXJuIFRTUk1MU19DQyk7CiAKIAlp ZiAoU1BMX0hBU19GTEFHKGludGVybi0+ZmxhZ3MsIFNQTF9GSUxFX0RJUl9DVVJSRU5UX0FT X1BBVEhOQU1FKSkgewpAQCAtMTU2MCw2ICsxNTgwLDcgQEAgU1BMX01FVEhPRChSZWN1cnNp dmVEaXJlY3RvcnlJdGVyYXRvciwgZwogCQlyZXR1cm47CiAJfQogCisJU1BMX0NIRUNLX1RZ UEUoU1BMX0ZTX0RJUik7CiAJaWYgKGludGVybi0+dS5kaXIuc3ViX3BhdGgpIHsKIAkJUkVU VVJOX1NUUklOR0woaW50ZXJuLT51LmRpci5zdWJfcGF0aCwgaW50ZXJuLT51LmRpci5zdWJf cGF0aF9sZW4sIDEpOwogCX0gZWxzZSB7CkBAIC0xNTgxLDYgKzE2MDIsNyBAQCBTUExfTUVU SE9EKFJlY3Vyc2l2ZURpcmVjdG9yeUl0ZXJhdG9yLCBnCiAJCXJldHVybjsKIAl9CiAKKwlT UExfQ0hFQ0tfVFlQRShTUExfRlNfRElSKTsKIAlpZiAoaW50ZXJuLT51LmRpci5zdWJfcGF0 aCkgewogCQlsZW4gPSBzcHByaW50Zigmc3ViX25hbWUsIDAsICIlcyVjJXMiLCBpbnRlcm4t PnUuZGlyLnN1Yl9wYXRoLCBzbGFzaCwgaW50ZXJuLT51LmRpci5lbnRyeS5kX25hbWUpOwog CQlSRVRVUk5fU1RSSU5HTChzdWJfbmFtZSwgbGVuLCAwKTsKQEAgLTIxNTEsNiArMjE3Myw3 IEBAIHN0YXRpYyBpbnQgc3BsX2ZpbGVzeXN0ZW1fZmlsZV9jYWxsKHNwbF8KIAkJemVuZF90 aHJvd19leGNlcHRpb25fZXgoc3BsX2NlX1J1bnRpbWVFeGNlcHRpb24sIDAgVFNSTUxTX0ND LCAiSW50ZXJuYWwgZXJyb3IsIGZ1bmN0aW9uICclcycgbm90IGZvdW5kLiBQbGVhc2UgcmVw b3J0IiwgI2Z1bmNfbmFtZSk7IFwKIAkJcmV0dXJuOyBcCiAJfSBcCisJU1BMX0NIRUNLX1RZ UEUoU1BMX0ZTX0ZJTEUpOyBcCiAJc3BsX2ZpbGVzeXN0ZW1fZmlsZV9jYWxsKGludGVybiwg ZnVuY19wdHIsIHBhc3NfbnVtX2FyZ3MsIHJldHVybl92YWx1ZSwgYXJnMiBUU1JNTFNfQ0Mp OyBcCiB9IC8qIH19fSAqLwogCkBAIC0yMzg0LDYgKzI0MDcsNyBAQCBTUExfTUVUSE9EKFNw bEZpbGVPYmplY3QsIHJld2luZCkKIAkJcmV0dXJuOwogCX0KIAorCVNQTF9DSEVDS19UWVBF KFNQTF9GU19GSUxFKTsKIAlzcGxfZmlsZXN5c3RlbV9maWxlX3Jld2luZChnZXRUaGlzKCks IGludGVybiBUU1JNTFNfQ0MpOwogfSAvKiB9fX0gKi8KIApAQCAtMjM5Nyw2ICsyNDIxLDcg QEAgU1BMX01FVEhPRChTcGxGaWxlT2JqZWN0LCBlb2YpCiAJCXJldHVybjsKIAl9CiAKKwlT UExfQ0hFQ0tfVFlQRShTUExfRlNfRklMRSk7CiAJUkVUVVJOX0JPT0wocGhwX3N0cmVhbV9l b2YoaW50ZXJuLT51LmZpbGUuc3RyZWFtKSk7CiB9IC8qIH19fSAqLwogCkBAIC0yNDEwLDYg KzI0MzUsNyBAQCBTUExfTUVUSE9EKFNwbEZpbGVPYmplY3QsIHZhbGlkKQogCQlyZXR1cm47 CiAJfQogCisJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0ZJTEUpOwogCWlmIChTUExfSEFTX0ZM QUcoaW50ZXJuLT5mbGFncywgU1BMX0ZJTEVfT0JKRUNUX1JFQURfQUhFQUQpKSB7CiAJCVJF VFVSTl9CT09MKGludGVybi0+dS5maWxlLmN1cnJlbnRfbGluZSB8fCBpbnRlcm4tPnUuZmls ZS5jdXJyZW50X3p2YWwpOwogCX0gZWxzZSB7CkBAIC0yNDI3LDYgKzI0NTMsNyBAQCBTUExf TUVUSE9EKFNwbEZpbGVPYmplY3QsIGZnZXRzKQogCQlyZXR1cm47CiAJfQogCisJU1BMX0NI RUNLX1RZUEUoU1BMX0ZTX0ZJTEUpOwogCWlmIChzcGxfZmlsZXN5c3RlbV9maWxlX3JlYWQo aW50ZXJuLCAwIFRTUk1MU19DQykgPT0gRkFJTFVSRSkgewogCQlSRVRVUk5fRkFMU0U7CiAJ fQpAQCAtMjQ0Miw3ICsyNDY5LDcgQEAgU1BMX01FVEhPRChTcGxGaWxlT2JqZWN0LCBjdXJy ZW50KQogCWlmICh6ZW5kX3BhcnNlX3BhcmFtZXRlcnNfbm9uZSgpID09IEZBSUxVUkUpIHsK IAkJcmV0dXJuOwogCX0KLQorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19GSUxFKTsKIAlpZiAo IWludGVybi0+dS5maWxlLmN1cnJlbnRfbGluZSAmJiAhaW50ZXJuLT51LmZpbGUuY3VycmVu dF96dmFsKSB7CiAJCXNwbF9maWxlc3lzdGVtX2ZpbGVfcmVhZF9saW5lKGdldFRoaXMoKSwg aW50ZXJuLCAxIFRTUk1MU19DQyk7CiAJfQpAQCAtMjQ2NCw2ICsyNDkxLDcgQEAgU1BMX01F VEhPRChTcGxGaWxlT2JqZWN0LCBrZXkpCiAJCXJldHVybjsKIAl9CiAKKwlTUExfQ0hFQ0tf VFlQRShTUExfRlNfRklMRSk7CiAvKglEbyBub3QgcmVhZCB0aGUgbmV4dCBsaW5lIHRvIHN1 cHBvcnQgY29ycmVjdCBjb3VudGluZyB3aXRoIGZnZXRjKCkKIAlpZiAoIWludGVybi0+Y3Vy cmVudF9saW5lKSB7CiAJCXNwbF9maWxlc3lzdGVtX2ZpbGVfcmVhZF9saW5lKGdldFRoaXMo KSwgaW50ZXJuLCAxIFRTUk1MU19DQyk7CkBAIC0yNDgxLDYgKzI1MDksNyBAQCBTUExfTUVU SE9EKFNwbEZpbGVPYmplY3QsIG5leHQpCiAJCXJldHVybjsKIAl9CiAKKwlTUExfQ0hFQ0tf VFlQRShTUExfRlNfRklMRSk7CiAJc3BsX2ZpbGVzeXN0ZW1fZmlsZV9mcmVlX2xpbmUoaW50 ZXJuIFRTUk1MU19DQyk7CiAJaWYgKFNQTF9IQVNfRkxBRyhpbnRlcm4tPmZsYWdzLCBTUExf RklMRV9PQkpFQ1RfUkVBRF9BSEVBRCkpIHsKIAkJc3BsX2ZpbGVzeXN0ZW1fZmlsZV9yZWFk X2xpbmUoZ2V0VGhpcygpLCBpbnRlcm4sIDEgVFNSTUxTX0NDKTsKQEAgLTI1MjgsNyArMjU1 Nyw4IEBAIFNQTF9NRVRIT0QoU3BsRmlsZU9iamVjdCwgc2V0TWF4TGluZUxlbikKIAkJemVu ZF90aHJvd19leGNlcHRpb25fZXgoc3BsX2NlX0RvbWFpbkV4Y2VwdGlvbiwgMCBUU1JNTFNf Q0MsICJNYXhpbXVtIGxpbmUgbGVuZ3RoIG11c3QgYmUgZ3JlYXRlciB0aGFuIG9yIGVxdWFs IHplcm8iKTsKIAkJcmV0dXJuOwogCX0KLQkKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRklM RSk7CisKIAlpbnRlcm4tPnUuZmlsZS5tYXhfbGluZV9sZW4gPSBtYXhfbGVuOwogfSAvKiB9 fX0gKi8KIApAQCAtMjU0Miw2ICsyNTcyLDcgQEAgU1BMX01FVEhPRChTcGxGaWxlT2JqZWN0 LCBnZXRNYXhMaW5lTGVuKQogCQlyZXR1cm47CiAJfQogCisJU1BMX0NIRUNLX1RZUEUoU1BM X0ZTX0ZJTEUpOwogCVJFVFVSTl9MT05HKChsb25nKWludGVybi0+dS5maWxlLm1heF9saW5l X2xlbik7CiB9IC8qIH19fSAqLwogCkBAIC0yNjExLDYgKzI2NDIsNyBAQCBTUExfTUVUSE9E KFNwbEZpbGVPYmplY3QsIGZnZXRjc3YpCiAJCWNhc2UgMDoKIAkJCWJyZWFrOwogCQl9CisJ CVNQTF9DSEVDS19UWVBFKFNQTF9GU19GSUxFKTsKIAkJc3BsX2ZpbGVzeXN0ZW1fZmlsZV9y ZWFkX2NzdihpbnRlcm4sIGRlbGltaXRlciwgZW5jbG9zdXJlLCBlc2NhcGUsIHJldHVybl92 YWx1ZSBUU1JNTFNfQ0MpOwogCX0KIH0KQEAgLTI2NDcsNiArMjY3OSw3IEBAIFNQTF9NRVRI T0QoU3BsRmlsZU9iamVjdCwgZnB1dGNzdikKIAkJY2FzZSAwOgogCQkJYnJlYWs7CiAJCX0K KwkJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0ZJTEUpOwogCQlyZXQgPSBwaHBfZnB1dGNzdihp bnRlcm4tPnUuZmlsZS5zdHJlYW0sIGZpZWxkcywgZGVsaW1pdGVyLCBlbmNsb3N1cmUsIGVz Y2FwZSBUU1JNTFNfQ0MpOwogCQlSRVRVUk5fTE9ORyhyZXQpOwogCX0KQEAgLTI2ODksNiAr MjcyMiw3IEBAIFNQTF9NRVRIT0QoU3BsRmlsZU9iamVjdCwgc2V0Q3N2Q29udHJvbCkKIAkJ Y2FzZSAwOgogCQkJYnJlYWs7CiAJCX0KKwkJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0ZJTEUp OwogCQlpbnRlcm4tPnUuZmlsZS5kZWxpbWl0ZXIgPSBkZWxpbWl0ZXI7CiAJCWludGVybi0+ dS5maWxlLmVuY2xvc3VyZSA9IGVuY2xvc3VyZTsKIAkJaW50ZXJuLT51LmZpbGUuZXNjYXBl ICAgID0gZXNjYXBlOwpAQCAtMjcwMyw2ICsyNzM3LDcgQEAgU1BMX01FVEhPRChTcGxGaWxl T2JqZWN0LCBnZXRDc3ZDb250cm9sKQogCXNwbF9maWxlc3lzdGVtX29iamVjdCAqaW50ZXJu ID0gKHNwbF9maWxlc3lzdGVtX29iamVjdCopemVuZF9vYmplY3Rfc3RvcmVfZ2V0X29iamVj dChnZXRUaGlzKCkgVFNSTUxTX0NDKTsKIAljaGFyIGRlbGltaXRlclsyXSwgZW5jbG9zdXJl WzJdOwogCisJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0ZJTEUpOwogCWFycmF5X2luaXQocmV0 dXJuX3ZhbHVlKTsKIAkKIAlkZWxpbWl0ZXJbMF0gPSBpbnRlcm4tPnUuZmlsZS5kZWxpbWl0 ZXI7CkBAIC0yNzI2LDYgKzI3NjEsNyBAQCBTUExfTUVUSE9EKFNwbEZpbGVPYmplY3QsIGZm bHVzaCkKIHsKIAlzcGxfZmlsZXN5c3RlbV9vYmplY3QgKmludGVybiA9IChzcGxfZmlsZXN5 c3RlbV9vYmplY3QqKXplbmRfb2JqZWN0X3N0b3JlX2dldF9vYmplY3QoZ2V0VGhpcygpIFRT Uk1MU19DQyk7CiAKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRklMRSk7CiAJUkVUVVJOX0JP T0woIXBocF9zdHJlYW1fZmx1c2goaW50ZXJuLT51LmZpbGUuc3RyZWFtKSk7CiB9IC8qIH19 fSAqLwogCkBAIC0yNzM0LDYgKzI3NzAsNyBAQCBTUExfTUVUSE9EKFNwbEZpbGVPYmplY3Qs IGZmbHVzaCkKIFNQTF9NRVRIT0QoU3BsRmlsZU9iamVjdCwgZnRlbGwpCiB7CiAJc3BsX2Zp bGVzeXN0ZW1fb2JqZWN0ICppbnRlcm4gPSAoc3BsX2ZpbGVzeXN0ZW1fb2JqZWN0Kil6ZW5k X29iamVjdF9zdG9yZV9nZXRfb2JqZWN0KGdldFRoaXMoKSBUU1JNTFNfQ0MpOwkKKwlTUExf Q0hFQ0tfVFlQRShTUExfRlNfRklMRSk7CiAJbG9uZyByZXQgPSBwaHBfc3RyZWFtX3RlbGwo aW50ZXJuLT51LmZpbGUuc3RyZWFtKTsKIAogCWlmIChyZXQgPT0gLTEpIHsKQEAgLTI3NTQs NiArMjc5MSw3IEBAIFNQTF9NRVRIT0QoU3BsRmlsZU9iamVjdCwgZnNlZWspCiAJCXJldHVy bjsKIAl9CiAKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRklMRSk7CiAJc3BsX2ZpbGVzeXN0 ZW1fZmlsZV9mcmVlX2xpbmUoaW50ZXJuIFRTUk1MU19DQyk7CiAJUkVUVVJOX0xPTkcocGhw X3N0cmVhbV9zZWVrKGludGVybi0+dS5maWxlLnN0cmVhbSwgcG9zLCB3aGVuY2UpKTsKIH0g LyogfX19ICovCkBAIC0yNzY2LDYgKzI4MDQsNyBAQCBTUExfTUVUSE9EKFNwbEZpbGVPYmpl Y3QsIGZnZXRjKQogCWNoYXIgYnVmWzJdOwogCWludCByZXN1bHQ7CiAKKwlTUExfQ0hFQ0tf VFlQRShTUExfRlNfRklMRSk7CiAJc3BsX2ZpbGVzeXN0ZW1fZmlsZV9mcmVlX2xpbmUoaW50 ZXJuIFRTUk1MU19DQyk7CiAKIAlyZXN1bHQgPSBwaHBfc3RyZWFtX2dldGMoaW50ZXJuLT51 LmZpbGUuc3RyZWFtKTsKQEAgLTI3ODksOCArMjgyOCw5IEBAIFNQTF9NRVRIT0QoU3BsRmls ZU9iamVjdCwgZmdldHNzKQogewogCXNwbF9maWxlc3lzdGVtX29iamVjdCAqaW50ZXJuID0g KHNwbF9maWxlc3lzdGVtX29iamVjdCopemVuZF9vYmplY3Rfc3RvcmVfZ2V0X29iamVjdChn ZXRUaGlzKCkgVFNSTUxTX0NDKTsKIAl6dmFsICphcmcyID0gTlVMTDsKLQlNQUtFX1NURF9a VkFMKGFyZzIpOwogCisJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0ZJTEUpOworCU1BS0VfU1RE X1pWQUwoYXJnMik7CiAJaWYgKGludGVybi0+dS5maWxlLm1heF9saW5lX2xlbiA+IDApIHsK IAkJWlZBTF9MT05HKGFyZzIsIGludGVybi0+dS5maWxlLm1heF9saW5lX2xlbik7CiAJfSBl bHNlIHsKQEAgLTI4MTEsNiArMjg1MSw3IEBAIFNQTF9NRVRIT0QoU3BsRmlsZU9iamVjdCwg ZnBhc3N0aHJ1KQogewogCXNwbF9maWxlc3lzdGVtX29iamVjdCAqaW50ZXJuID0gKHNwbF9m aWxlc3lzdGVtX29iamVjdCopemVuZF9vYmplY3Rfc3RvcmVfZ2V0X29iamVjdChnZXRUaGlz KCkgVFNSTUxTX0NDKTsKIAorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19GSUxFKTsKIAlSRVRV Uk5fTE9ORyhwaHBfc3RyZWFtX3Bhc3N0aHJ1KGludGVybi0+dS5maWxlLnN0cmVhbSkpOwog fSAvKiB9fX0gKi8KIApAQCAtMjgyMCw2ICsyODYxLDcgQEAgU1BMX01FVEhPRChTcGxGaWxl T2JqZWN0LCBmc2NhbmYpCiB7CiAJc3BsX2ZpbGVzeXN0ZW1fb2JqZWN0ICppbnRlcm4gPSAo c3BsX2ZpbGVzeXN0ZW1fb2JqZWN0Kil6ZW5kX29iamVjdF9zdG9yZV9nZXRfb2JqZWN0KGdl dFRoaXMoKSBUU1JNTFNfQ0MpOwogCisJU1BMX0NIRUNLX1RZUEUoU1BMX0ZTX0ZJTEUpOwog CXNwbF9maWxlc3lzdGVtX2ZpbGVfZnJlZV9saW5lKGludGVybiBUU1JNTFNfQ0MpOwogCWlu dGVybi0+dS5maWxlLmN1cnJlbnRfbGluZV9udW0rKzsKIApAQCAtMjg0Niw2ICsyODg4LDcg QEAgU1BMX01FVEhPRChTcGxGaWxlT2JqZWN0LCBmd3JpdGUpCiAJaWYgKCFzdHJfbGVuKSB7 CiAJCVJFVFVSTl9MT05HKDApOwogCX0KKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRklMRSk7 CiAKIAlSRVRVUk5fTE9ORyhwaHBfc3RyZWFtX3dyaXRlKGludGVybi0+dS5maWxlLnN0cmVh bSwgc3RyLCBzdHJfbGVuKSk7CiB9IC8qIH19fSAqLwpAQCAtMjg2NCw2ICsyOTA3LDcgQEAg U1BMX01FVEhPRChTcGxGaWxlT2JqZWN0LCBmcmVhZCkKIAkJUkVUVVJOX0ZBTFNFOwogCX0K IAorCVNQTF9DSEVDS19UWVBFKFNQTF9GU19GSUxFKTsKIAlaX1NUUlZBTF9QKHJldHVybl92 YWx1ZSkgPSBlbWFsbG9jKGxlbmd0aCArIDEpOwogCVpfU1RSTEVOX1AocmV0dXJuX3ZhbHVl KSA9IHBocF9zdHJlYW1fcmVhZChpbnRlcm4tPnUuZmlsZS5zdHJlYW0sIFpfU1RSVkFMX1Ao cmV0dXJuX3ZhbHVlKSwgbGVuZ3RoKTsKIApAQCAtMjg4OCw2ICsyOTMyLDcgQEAgU1BMX01F VEhPRChTcGxGaWxlT2JqZWN0LCBmdHJ1bmNhdGUpCiAJCXJldHVybjsKIAl9CiAKKwlTUExf Q0hFQ0tfVFlQRShTUExfRlNfRklMRSk7CiAJaWYgKCFwaHBfc3RyZWFtX3RydW5jYXRlX3N1 cHBvcnRlZChpbnRlcm4tPnUuZmlsZS5zdHJlYW0pKSB7CiAJCXplbmRfdGhyb3dfZXhjZXB0 aW9uX2V4KHNwbF9jZV9Mb2dpY0V4Y2VwdGlvbiwgMCBUU1JNTFNfQ0MsICJDYW4ndCB0cnVu Y2F0ZSBmaWxlICVzIiwgaW50ZXJuLT5maWxlX25hbWUpOwogCQlSRVRVUk5fRkFMU0U7CkBA IC0yOTExLDYgKzI5NTYsNyBAQCBTUExfTUVUSE9EKFNwbEZpbGVPYmplY3QsIHNlZWspCiAJ CVJFVFVSTl9GQUxTRTsJCQogCX0KIAkKKwlTUExfQ0hFQ0tfVFlQRShTUExfRlNfRklMRSk7 CiAJc3BsX2ZpbGVzeXN0ZW1fZmlsZV9yZXdpbmQoZ2V0VGhpcygpLCBpbnRlcm4gVFNSTUxT X0NDKTsKIAkKIAl3aGlsZShpbnRlcm4tPnUuZmlsZS5jdXJyZW50X2xpbmVfbnVtIDwgbGlu ZV9wb3MpIHsKZGlmZiAtdXAgZXh0L3NwbC9zcGxfZGlyZWN0b3J5LmgucHJldiBleHQvc3Bs L3NwbF9kaXJlY3RvcnkuaAotLS0gZXh0L3NwbC9zcGxfZGlyZWN0b3J5LmgucHJldgkyMDE0 LTA2LTI0IDA5OjI0OjQxLjMwMzYwNDM2OSArMDIwMAorKysgZXh0L3NwbC9zcGxfZGlyZWN0 b3J5LmgJMjAxNC0wNi0yNCAwOToyMDoyMS41MDU0OTE2MzkgKzAyMDAKQEAgLTM1LDcgKzM1 LDggQEAgZXh0ZXJuIFBIUEFQSSB6ZW5kX2NsYXNzX2VudHJ5ICpzcGxfY2VfUwogUEhQX01J TklUX0ZVTkNUSU9OKHNwbF9kaXJlY3RvcnkpOwogCiB0eXBlZGVmIGVudW0gewotCVNQTF9G U19JTkZPLCAvKiBtdXN0IGJlIDAgKi8KKwlTUExfRlNfTk9USU5JVElBTElaRUQsCisJU1BM X0ZTX0lORk8sCiAJU1BMX0ZTX0RJUiwKIAlTUExfRlNfRklMRQogfSBTUExfRlNfT0JKX1RZ UEU7Cg== --------------000004070108090900080404--