From xen-announce-bounces@lists.xen.org Mon Nov 12 10:53:50 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 12 Nov 2012 10:53:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TXrbn-0006NB-1P; Mon, 12 Nov 2012 10:51:15 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TRhfr-0001f2-T8; Fri, 26 Oct 2012 11:02:00 +0000 Received: from [85.158.139.83:61094] by server-4.bemta-5.messagelabs.com id 3D/F1-01455-6AD6A805; Fri, 26 Oct 2012 11:01:58 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-182.messagelabs.com!1351249316!27438188!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 22601 invoked from network); 26 Oct 2012 11:01:57 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-182.messagelabs.com with AES256-SHA encrypted SMTP; 26 Oct 2012 11:01:57 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TRhfg-0003oA-7z; Fri, 26 Oct 2012 11:01:48 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TRhff-0004iR-Vi; Fri, 26 Oct 2012 11:01:48 +0000 Date: Fri, 26 Oct 2012 11:01:47 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Mon, 12 Nov 2012 10:51:13 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. IMPACT ====== A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0 leading to a denial of service attack. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== Running only trusted kernels and ramdisks will avoid this vulnerability. Using pvgrub also avoids this vulnerability since the builder will run in guest context. (nb: use of pygrub *is* vulnerable). Running only HVM guests will avoid this vulnerability. RELATED ISSUE ============= CVE-2012-2625 covers a bug in pygrub which caused that process to consume excessive amount of memory under similar circumstances to the above. This was fixed in xen-unstable (and the fix inherited by Xen 4.2.x) in revision 25589:60f09d1ab1fe but not called out as a security problem. This fix is also included, where relevant, in the patches below. RESOLUTION ========== Applying the appropriate attached patch resolves this issue, including the related pygrub fix where neccesary. xsa25-unstable.patch Xen unstable xsa25-4.2.patch Xen 4.2.x xsa25-4.1.patch Xen 4.1.x $ sha256sum xsa25*.patch 613e4b82cdc9cabf9cbd52076118887b298c47e680c2066a28a77f12e9f90606 xsa25-4.1.patch 135bc089d003f9b97991764c37b1ab8d37e9cbcfa1b9bd7429b4503abe00c8f5 xsa25-4.2.patch 534495b7eef6e599f5814f0a67fc84fbe2e8eee9d223a09ad178ff63bdcda3dd xsa25-unstable.patch Note that these patches impose a new size limit of 1Gby on both the compressed and uncompressed sizes of ramdisks. On some systems it may be desirable to relax these limits and risk virtual address or memory exhaustion in the toolstack. This can be achieved by setting XC_DOM_DECOMPRESS_MAX to the desired limit (in bytes). This can be done by building with "APPEND_CFLAGS=-DXC_DOM_DECOMPRESS_MAX=" or by editing tools/libxc/xc_dom.h directly. NOTE REGARDING LACK OF EMBARGO ============================== These issues have already been discussed in public in various places, including https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 and http://bugs.debian.org/688125. This advisory is therefore not subject to an embargo. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQim1nAAoJEIP+FMlX6CvZgw0IAKTyGbRlt5N2i8YbRdAj0+wF OA4X5G1GlAEf0iGVjYi92/HnVyjWxLSNCKJK4YSWAUrlnkAC2IEUU6vqQOkxN/ic 88D1VS8tEtQwRGa9jNxf4RTCLvdGxrVK4lnSDu7OplgwMDT7O/X+Dq89xKN2VCYw /iqpzlAndmC0Lqz0U8VlV71JryS5uwg980GWimQaIEinyOWFS5cuImvBamptl+zU aoU3JxERd3YWASrspm8dBOtwc75DucWY1hOjz52uloodKcJha55Objcm8dn76xwN JV7sHGFRrQyxHnQJ9GeSuV0RHkxB6VhMXTGWKFaynOLjtUUoidkawgs1ld+Qsms= =Vj6Q -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa25-4.1.patch" Content-Disposition: attachment; filename="xsa25-4.1.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgpbIEluY2x1ZGVzIDI1 NTg5OjYwZjA5ZDFhYjFmZSBmb3IgQ1ZFLTIwMTItMjYyNSBdCgpkaWZmIC0t Z2l0IGEvc3R1YmRvbS9ncnViL2tleGVjLmMgYi9zdHViZG9tL2dydWIva2V4 ZWMuYwppbmRleCAwNmJlZjUyLi5iMjFjOTFhIDEwMDY0NAotLS0gYS9zdHVi ZG9tL2dydWIva2V4ZWMuYworKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwpA QCAtMTM3LDYgKzEzNywxMCBAQCB2b2lkIGtleGVjKHZvaWQgKmtlcm5lbCwg bG9uZyBrZXJuZWxfc2l6ZSwgdm9pZCAqbW9kdWxlLCBsb25nIG1vZHVsZV9z aXplLCBjaGFyCiAgICAgZG9tID0geGNfZG9tX2FsbG9jYXRlKHhjX2hhbmRs ZSwgY21kbGluZSwgZmVhdHVyZXMpOwogICAgIGRvbS0+YWxsb2NhdGUgPSBr ZXhlY19hbGxvY2F0ZTsKIAorICAgIC8qIFdlIGFyZSB1c2luZyBndWVzdCBv d25lZCBtZW1vcnksIHRoZXJlZm9yZSBubyBsaW1pdHMuICovCisgICAgeGNf ZG9tX2tlcm5lbF9tYXhfc2l6ZShkb20sIDApOworICAgIHhjX2RvbV9yYW1k aXNrX21heF9zaXplKGRvbSwgMCk7CisKICAgICBkb20tPmtlcm5lbF9ibG9i ID0ga2VybmVsOwogICAgIGRvbS0+a2VybmVsX3NpemUgPSBrZXJuZWxfc2l6 ZTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGMveGNfZG9tLmggYi90b29s cy9saWJ4Yy94Y19kb20uaAppbmRleCBlNzJmMDY2Li43MDQzZjk2IDEwMDY0 NAotLS0gYS90b29scy9saWJ4Yy94Y19kb20uaAorKysgYi90b29scy9saWJ4 Yy94Y19kb20uaApAQCAtNTIsNiArNTIsOSBAQCBzdHJ1Y3QgeGNfZG9tX2lt YWdlIHsKICAgICB2b2lkICpyYW1kaXNrX2Jsb2I7CiAgICAgc2l6ZV90IHJh bWRpc2tfc2l6ZTsKIAorICAgIHNpemVfdCBtYXhfa2VybmVsX3NpemU7Cisg ICAgc2l6ZV90IG1heF9yYW1kaXNrX3NpemU7CisKICAgICAvKiBhcmd1bWVu dHMgYW5kIHBhcmFtZXRlcnMgKi8KICAgICBjaGFyICpjbWRsaW5lOwogICAg IHVpbnQzMl90IGZfcmVxdWVzdGVkW1hFTkZFQVRfTlJfU1VCTUFQU107CkBA IC0xNzUsNiArMTc4LDIzIEBAIHZvaWQgeGNfZG9tX3JlbGVhc2VfcGh5cyhz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogdm9pZCB4Y19kb21fcmVsZWFz ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogaW50IHhjX2RvbV9tZW1f aW5pdChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHVuc2lnbmVkIGludCBt ZW1fbWIpOwogCisvKiBTZXQgdGhpcyBsYXJnZXIgaWYgeW91IGhhdmUgZW5v cm1vdXMgcmFtZGlza3Mva2VybmVscy4gTm90ZSB0aGF0CisgKiB5b3Ugc2hv dWxkIHRydXN0IGFsbCBrZXJuZWxzIG5vdCB0byBiZSBtYWxpY2lvdXNseSBs YXJnZSAoZS5nLiB0bworICogZXhoYXVzdCBhbGwgZG9tMCBtZW1vcnkpIGlm IHlvdSBkbyB0aGlzIChzZWUgQ1ZFLTIwMTItNDU0NCAvCisgKiBYU0EtMjUp LiBZb3UgY2FuIGFsc28gc2V0IHRoZSBkZWZhdWx0IGluZGVwZW5kZW50bHkg Zm9yCisgKiByYW1kaXNrcy9rZXJuZWxzIGluIHhjX2RvbV9hbGxvY2F0ZSgp IG9yIGNhbGwKKyAqIHhjX2RvbV97a2VybmVsLHJhbWRpc2t9X21heF9zaXpl LgorICovCisjaWZuZGVmIFhDX0RPTV9ERUNPTVBSRVNTX01BWAorI2RlZmlu ZSBYQ19ET01fREVDT01QUkVTU19NQVggKDEwMjQqMTAyNCoxMDI0KSAvKiAx R0IgKi8KKyNlbmRpZgorCitpbnQgeGNfZG9tX2tlcm5lbF9jaGVja19zaXpl KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4 Y19kb21fa2VybmVsX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRv bSwgc2l6ZV90IHN6KTsKKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3Np emUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworaW50 IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2Ug KmRvbSwgc2l6ZV90IHN6KTsKKwogc2l6ZV90IHhjX2RvbV9jaGVja19nemlw KHhjX2ludGVyZmFjZSAqeGNoLAogICAgICAgICAgICAgICAgICAgICAgdm9p ZCAqYmxvYiwgc2l6ZV90IHppcGxlbik7CiBpbnQgeGNfZG9tX2RvX2d1bnpp cCh4Y19pbnRlcmZhY2UgKnhjaCwKQEAgLTIyNCw3ICsyNDQsOCBAQCB2b2lk IHhjX2RvbV9sb2dfbWVtb3J5X2Zvb3RwcmludChzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20pOwogdm9pZCAqeGNfZG9tX21hbGxvYyhzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sIHNpemVfdCBzaXplKTsKIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpOwogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSk7Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5h bWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKTsKIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp OwogCiAvKiAtLS0gYWxsb2MgbWVtb3J5IHBvb2wgLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwpkaWZmIC0tZ2l0IGEv dG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYyBiL3Rvb2xzL2xp YnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMKaW5kZXggOTg1MmU2Ny4uNzNj ZmFkMSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vs b2FkZXIuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fYnppbWFnZWxvYWRl ci5jCkBAIC00NywxMyArNDcsMTkgQEAgc3RhdGljIGludCB4Y190cnlfYnpp cDJfZGVjb2RlKAogICAgIGNoYXIgKm91dF9idWY7CiAgICAgY2hhciAqdG1w X2J1ZjsKICAgICBpbnQgcmV0dmFsID0gLTE7Ci0gICAgaW50IG91dHNpemU7 CisgICAgdW5zaWduZWQgaW50IG91dHNpemU7CiAgICAgdWludDY0X3QgdG90 YWw7CiAKICAgICBzdHJlYW0uYnphbGxvYyA9IE5VTEw7CiAgICAgc3RyZWFt LmJ6ZnJlZSA9IE5VTEw7CiAgICAgc3RyZWFtLm9wYXF1ZSA9IE5VTEw7CiAK KyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IGlzIDAgc2l6ZSIpOworICAg ICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgcmV0ID0gQloyX2J6RGVj b21wcmVzc0luaXQoJnN0cmVhbSwgMCwgMCk7CiAgICAgaWYgKCByZXQgIT0g QlpfT0sgKQogICAgIHsKQEAgLTY2LDYgKzcyLDE3IEBAIHN0YXRpYyBpbnQg eGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVy IHRvIHN0YXJ0LCBhbmQgd2UnbGwgcmVhbGxvYyBhcyBuZWVkZWQuCiAgICAg ICovCiAgICAgb3V0c2l6ZSA9IGRvbS0+a2VybmVsX3NpemU7CisKKyAgICAv KgorICAgICAqIHN0cmVhbS5hdmFpbF9pbiBhbmQgb3V0c2l6ZSBhcmUgdW5z aWduZWQgaW50LCB3aGlsZSBrZXJuZWxfc2l6ZQorICAgICAqIGlzIGEgc2l6 ZV90LiBDaGVjayB3ZSBhcmVuJ3Qgb3ZlcmZsb3dpbmcuCisgICAgICovCisg ICAgaWYgKCBvdXRzaXplICE9IGRvbS0+a2VybmVsX3NpemUgKQorICAgIHsK KyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgdG9vIGxhcmdlIik7 CisgICAgICAgIGdvdG8gYnppcDJfY2xlYW51cDsKKyAgICB9CisKICAgICBv dXRfYnVmID0gbWFsbG9jKG91dHNpemUpOwogICAgIGlmICggb3V0X2J1ZiA9 PSBOVUxMICkKICAgICB7CkBAIC05OCwxMyArMTE1LDIwIEBAIHN0YXRpYyBp bnQgeGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0u YXZhaWxfb3V0ID09IDAgKQogICAgICAgICB7CiAgICAgICAgICAgICAvKiBQ cm90ZWN0IGFnYWluc3Qgb3V0cHV0IGJ1ZmZlciBvdmVyZmxvdyAqLwotICAg ICAgICAgICAgaWYgKCBvdXRzaXplID4gSU5UX01BWCAvIDIgKQorICAgICAg ICAgICAgaWYgKCBvdXRzaXplID4gVUlOVF9NQVggLyAyICkKICAgICAgICAg ICAgIHsKICAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJlZShv dXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7 CiAgICAgICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAg ICAgIHsKKyAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgdG9vIGxhcmdlIik7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVm KTsKKyAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTE3Miw5ICsxOTYsMTUg QEAgc3RhdGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgdW5zaWdu ZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBjaGFyICp0bXBfYnVm OwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQgb3V0c2l6ZTsKKyAg ICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFyICptc2c7CiAKKyAg ICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAgICAg IERPTVBSSU5URigiTFpNQTogSW5wdXQgaXMgMCBzaXplIik7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQgPSBsem1hX2Fsb25lX2Rl Y29kZXIoJnN0cmVhbSwgMTI4KjEwMjQqMTAyNCk7CiAgICAgaWYgKCByZXQg IT0gTFpNQV9PSyApCiAgICAgewpAQCAtMjUxLDEzICsyODEsMjAgQEAgc3Rh dGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICggc3Ry ZWFtLmF2YWlsX291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAg LyogUHJvdGVjdCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8K LSAgICAgICAgICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAg ICAgICAgICAgIGlmICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAg ICAgICAgICB7CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJMWk1BOiBv dXRwdXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJl ZShvdXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51 cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYgKCB4Y19kb21f a2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikgKQorICAgICAg ICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigiTFpNQTogb3V0 cHV0IHRvbyBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTMyNyw2ICszNjQsMTIg QEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2RlKAogICAgICAgICAw eDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBkLCAweDBhLCAweDFh LCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICogbHpvX3VpbnQgc2hv dWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlzIGlzIHRoZSBjYXNl IHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVyZmxvdyB2YXJpb3Vz IGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBYQ19CVUlMRF9CVUdf T04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6ZV90KSk7CisKICAg ICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0ICE9IExaT19FX09L ICkKICAgICB7CkBAIC00MDYsNiArNDQ5LDE0IEBAIHN0YXRpYyBpbnQgeGNf dHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBzcmNfbGVuIDw9IDAg fHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+IGxlZnQgKQogICAg ICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0gIk91dHB1dCBidWZm ZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXplID4gU0laRV9NQVgg LSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOworCisgICAgICAgIG1z ZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdlIjsKKyAgICAgICAg aWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCAqc2l6ZSArIGRz dF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAgICAgICAgIG1zZyA9 ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAgICAgICAgIHRtcF9i dWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0X2xlbik7CiAgICAg ICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCmluZGV4IGZlYTlkZTUuLjJhMDFkN2MgMTAwNjQ0Ci0tLSBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9t X2NvcmUuYwpAQCAtMTU5LDcgKzE1OSw4IEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUp CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmls ZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAgIHN0cnVjdCB4 Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZkID0gLTE7CkBA IC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1h cChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCiAgICAgbHNlZWsoZmQsIDAs IFNFRUtfU0VUKTsKICAgICAqc2l6ZSA9IGxzZWVrKGZkLCAwLCBTRUVLX0VO RCk7CiAKKyAgICBpZiAoIG1heF9zaXplICYmICpzaXplID4gbWF4X3NpemUg KQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNoLCBYQ19P VVRfT0ZfTUVNT1JZLAorICAgICAgICAgICAgICAgICAgICAgInRyaWVkIHRv IG1hcCBmaWxlIHdoaWNoIGlzIHRvbyBsYXJnZSIpOworICAgICAgICBnb3Rv IGVycjsKKyAgICB9CisKICAgICBibG9jayA9IG1hbGxvYyhzaXplb2YoKmJs b2NrKSk7CiAgICAgaWYgKCBibG9jayA9PSBOVUxMICkKICAgICAgICAgZ290 byBlcnI7CkBAIC0yMjIsNiArMjMwLDQwIEBAIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp CiB9CiAKIC8qIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLworLyog ZGVjb21wcmVzc2lvbiBidWZmZXIgc2l6aW5nICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICovCitpbnQgeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHN6KQoreworICAgIC8qIE5vIGxpbWl0ICovCisgICAgaWYgKCAhZG9t LT5tYXhfa2VybmVsX3NpemUgKQorICAgICAgICByZXR1cm4gMDsKKworICAg IGlmICggc3ogPiBkb20tPm1heF9rZXJuZWxfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgImtlcm5lbCBpbWFnZSB0b28gbGFy Z2UiKTsKKyAgICAgICAgcmV0dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJu IDA7Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIC8qIE5v IGxpbWl0ICovCisgICAgaWYgKCAhZG9tLT5tYXhfcmFtZGlza19zaXplICkK KyAgICAgICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhf cmFtZGlza19zaXplICkKKyAgICB7CisgICAgICAgIHhjX2RvbV9wYW5pYyhk b20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisgICAgICAgICAgICAgICAg ICAgICAicmFtZGlzayBpbWFnZSB0b28gbGFyZ2UiKTsKKyAgICAgICAgcmV0 dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9CisKKy8qIC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwogLyogcmVhZCBmaWxlcywgY29w eSBtZW1vcnkgYmxvY2tzLCB3aXRoIHRyYW5zcGFyZW50IGd1bnppcCAgICAg ICAgICAgICAgICAgICovCiAKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4 Y19pbnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikK QEAgLTIzNSw3ICsyNzcsNyBAQCBzaXplX3QgeGNfZG9tX2NoZWNrX2d6aXAo eGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJsb2IsIHNpemVfdCB6aXBsZW4p CiAKICAgICBnemxlbiA9IGJsb2IgKyB6aXBsZW4gLSA0OwogICAgIHVuemlw bGVuID0gZ3psZW5bM10gPDwgMjQgfCBnemxlblsyXSA8PCAxNiB8IGd6bGVu WzFdIDw8IDggfCBnemxlblswXTsKLSAgICBpZiAoICh1bnppcGxlbiA8IDAp IHx8ICh1bnppcGxlbiA+ICgxMDI0KjEwMjQqMTAyNCkpICkgLyogMUdCIGxp bWl0ICovCisgICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBsZW4g PiBYQ19ET01fREVDT01QUkVTU19NQVgpICkKICAgICB7CiAgICAgICAgIHhj X2RvbV9wcmludGYKICAgICAgICAgICAgICh4Y2gsCkBAIC0yODgsNiArMzMw LDkgQEAgaW50IHhjX2RvbV90cnlfZ3VuemlwKHN0cnVjdCB4Y19kb21faW1h Z2UgKmRvbSwgdm9pZCAqKmJsb2IsIHNpemVfdCAqIHNpemUpCiAgICAgaWYg KCB1bnppcGxlbiA9PSAwICkKICAgICAgICAgcmV0dXJuIDA7CiAKKyAgICBp ZiAoIHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAp CisgICAgICAgIHJldHVybiAwOworCiAgICAgdW56aXAgPSB4Y19kb21fbWFs bG9jKGRvbSwgdW56aXBsZW4pOwogICAgIGlmICggdW56aXAgPT0gTlVMTCAp CiAgICAgICAgIHJldHVybiAtMTsKQEAgLTU4OCw2ICs2MzMsOSBAQCBzdHJ1 Y3QgeGNfZG9tX2ltYWdlICp4Y19kb21fYWxsb2NhdGUoeGNfaW50ZXJmYWNl ICp4Y2gsCiAgICAgbWVtc2V0KGRvbSwgMCwgc2l6ZW9mKCpkb20pKTsKICAg ICBkb20tPnhjaCA9IHhjaDsKIAorICAgIGRvbS0+bWF4X2tlcm5lbF9zaXpl ID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworICAgIGRvbS0+bWF4X3JhbWRp c2tfc2l6ZSA9IFhDX0RPTV9ERUNPTVBSRVNTX01BWDsKKwogICAgIGlmICgg Y21kbGluZSApCiAgICAgICAgIGRvbS0+Y21kbGluZSA9IHhjX2RvbV9zdHJk dXAoZG9tLCBjbWRsaW5lKTsKICAgICBpZiAoIGZlYXR1cmVzICkKQEAgLTYw OCwxMCArNjU2LDI1IEBAIHN0cnVjdCB4Y19kb21faW1hZ2UgKnhjX2RvbV9h bGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhjaCwKICAgICByZXR1cm4gTlVMTDsK IH0KIAoraW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgRE9NUFJJTlRGKCIl czoga2VybmVsX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3opOwor ICAgIGRvbS0+bWF4X2tlcm5lbF9zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYo IiVzOiByYW1kaXNrX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3op OworICAgIGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSA9IHN6OworICAgIHJldHVy biAwOworfQorCiBpbnQgeGNfZG9tX2tlcm5lbF9maWxlKHN0cnVjdCB4Y19k b21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqZmlsZW5hbWUpCiB7CiAgICAg RE9NUFJJTlRGKCIlczogZmlsZW5hbWU9XCIlc1wiIiwgX19GVU5DVElPTl9f LCBmaWxlbmFtZSk7Ci0gICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9t YWxsb2NfZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6 ZSk7CisgICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9tYWxsb2NfZmls ZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6ZSwKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvbS0+ bWF4X2tlcm5lbF9zaXplKTsKICAgICBpZiAoIGRvbS0+a2VybmVsX2Jsb2Ig PT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKICAgICByZXR1cm4geGNf ZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5rZXJuZWxfYmxvYiwgJmRvbS0+ a2VybmVsX3NpemUpOwpAQCAtNjIxLDcgKzY4NCw5IEBAIGludCB4Y19kb21f cmFtZGlza19maWxlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3Qg Y2hhciAqZmlsZW5hbWUpCiB7CiAgICAgRE9NUFJJTlRGKCIlczogZmlsZW5h bWU9XCIlc1wiIiwgX19GVU5DVElPTl9fLCBmaWxlbmFtZSk7CiAgICAgZG9t LT5yYW1kaXNrX2Jsb2IgPQotICAgICAgICB4Y19kb21fbWFsbG9jX2ZpbGVt YXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFtZGlza19zaXplKTsKKyAgICAg ICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20t PnJhbWRpc2tfc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSk7CisKICAgICBpZiAoIGRvbS0+cmFt ZGlza19ibG9iID09IE5VTEwgKQogICAgICAgICByZXR1cm4gLTE7CiAvLyAg ICByZXR1cm4geGNfZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5yYW1kaXNr X2Jsb2IsICZkb20tPnJhbWRpc2tfc2l6ZSk7CkBAIC03ODEsNyArODQ2LDEx IEBAIGludCB4Y19kb21fYnVpbGRfaW1hZ2Uoc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tKQogICAgICAgICB2b2lkICpyYW1kaXNrbWFwOwogCiAgICAgICAg IHVuemlwbGVuID0geGNfZG9tX2NoZWNrX2d6aXAoZG9tLT54Y2gsIGRvbS0+ cmFtZGlza19ibG9iLCBkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIGlm ICggeGNfZG9tX3JhbWRpc2tfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAh PSAwICkKKyAgICAgICAgICAgIHVuemlwbGVuID0gMDsKKwogICAgICAgICBy YW1kaXNrbGVuID0gdW56aXBsZW4gPyB1bnppcGxlbiA6IGRvbS0+cmFtZGlz a19zaXplOworCiAgICAgICAgIGlmICggeGNfZG9tX2FsbG9jX3NlZ21lbnQo ZG9tLCAmZG9tLT5yYW1kaXNrX3NlZywgInJhbWRpc2siLCAwLAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJhbWRpc2tsZW4pICE9IDAg KQogICAgICAgICAgICAgZ290byBlcnI7CmRpZmYgLS1naXQgYS90b29scy9w eWdydWIvc3JjL3B5Z3J1YiBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCmlu ZGV4IDE3YzAwODMuLjFhM2MxYzMgMTAwNjQ0Ci0tLSBhL3Rvb2xzL3B5Z3J1 Yi9zcmMvcHlncnViCisrKyBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCkBA IC0yOCw2ICsyOCw3IEBAIGltcG9ydCBncnViLkxpbG9Db25mCiBpbXBvcnQg Z3J1Yi5FeHRMaW51eENvbmYKIAogUFlHUlVCX1ZFUiA9IDAuNgorRlNfUkVB RF9NQVggPSAxMDI0ICogMTAyNAogCiBkZWYgZW5hYmxlX2N1cnNvcihpc29u KToKICAgICBpZiBpc29uOgpAQCAtNDIxLDcgKzQyMiw4IEBAIGNsYXNzIEdy dWI6CiAgICAgICAgIGlmIHNlbGYuX19kaWN0X18uZ2V0KCdjZicsIE5vbmUp IGlzIE5vbmU6CiAgICAgICAgICAgICByYWlzZSBSdW50aW1lRXJyb3IsICJj b3VsZG4ndCBmaW5kIGJvb3Rsb2FkZXIgY29uZmlnIGZpbGUgaW4gdGhlIGlt YWdlIHByb3ZpZGVkLiIKICAgICAgICAgZiA9IGZzLm9wZW5fZmlsZShzZWxm LmNmLmZpbGVuYW1lKQotICAgICAgICBidWYgPSBmLnJlYWQoKQorICAgICAg ICAjIGxpbWl0IHJlYWQgc2l6ZSB0byBhdm9pZCBwYXRob2xvZ2ljYWwgY2Fz ZXMKKyAgICAgICAgYnVmID0gZi5yZWFkKEZTX1JFQURfTUFYKQogICAgICAg ICBkZWwgZgogICAgICAgICBzZWxmLmNmLnBhcnNlKGJ1ZikKIApAQCAtNjcw LDYgKzY3MiwzNyBAQCBpZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAg IGRlZiB1c2FnZSgpOgogICAgICAgICBwcmludCA+PiBzeXMuc3RkZXJyLCAi VXNhZ2U6ICVzIFstcXwtLXF1aWV0XSBbLWl8LS1pbnRlcmFjdGl2ZV0gWy1u fC0tbm90LXJlYWxseV0gWy0tb3V0cHV0PV0gWy0ta2VybmVsPV0gWy0tcmFt ZGlzaz1dIFstLWFyZ3M9XSBbLS1lbnRyeT1dIFstLW91dHB1dC1kaXJlY3Rv cnk9XSBbLS1vdXRwdXQtZm9ybWF0PXN4cHxzaW1wbGV8c2ltcGxlMF0gPGlt YWdlPiIgJShzeXMuYXJndlswXSwpCiAKKyAgICBkZWYgY29weV9mcm9tX2lt YWdlKGZzLCBmaWxlX3RvX3JlYWQsIGZpbGVfdHlwZSwgb3V0cHV0X2RpcmVj dG9yeSwKKyAgICAgICAgICAgICAgICAgICAgICAgIG5vdF9yZWFsbHkpOgor ICAgICAgICBpZiBub3RfcmVhbGx5OgorICAgICAgICAgICAgaWYgZnMuZmls ZV9leGlzdHMoZmlsZV90b19yZWFkKToKKyAgICAgICAgICAgICAgICByZXR1 cm4gIjwlczolcz4iICUgKGZpbGVfdHlwZSwgZmlsZV90b19yZWFkKQorICAg ICAgICAgICAgZWxzZToKKyAgICAgICAgICAgICAgICBzeXMuZXhpdCgiVGhl IHJlcXVlc3RlZCAlcyBmaWxlIGRvZXMgbm90IGV4aXN0IiAlIGZpbGVfdHlw ZSkKKyAgICAgICAgdHJ5OgorICAgICAgICAgICAgZGF0YWZpbGUgPSBmcy5v cGVuX2ZpbGUoZmlsZV90b19yZWFkKQorICAgICAgICBleGNlcHQgRXhjZXB0 aW9uLCBlOgorICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBlCisg ICAgICAgICAgICBzeXMuZXhpdCgiRXJyb3Igb3BlbmluZyAlcyBpbiBndWVz dCIgJSBmaWxlX3RvX3JlYWQpCisgICAgICAgICh0ZmQsIHJldCkgPSB0ZW1w ZmlsZS5ta3N0ZW1wKHByZWZpeD0iYm9vdF8iK2ZpbGVfdHlwZSsiLiIsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRpcj1vdXRw dXRfZGlyZWN0b3J5KQorICAgICAgICBkYXRhb2ZmID0gMAorICAgICAgICB3 aGlsZSBUcnVlOgorICAgICAgICAgICAgZGF0YSA9IGRhdGFmaWxlLnJlYWQo RlNfUkVBRF9NQVgsIGRhdGFvZmYpCisgICAgICAgICAgICBpZiBsZW4oZGF0 YSkgPT0gMDoKKyAgICAgICAgICAgICAgICBvcy5jbG9zZSh0ZmQpCisgICAg ICAgICAgICAgICAgZGVsIGRhdGFmaWxlCisgICAgICAgICAgICAgICAgcmV0 dXJuIHJldAorICAgICAgICAgICAgdHJ5OgorICAgICAgICAgICAgICAgIG9z LndyaXRlKHRmZCwgZGF0YSkKKyAgICAgICAgICAgIGV4Y2VwdCBFeGNlcHRp b24sIGU6CisgICAgICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBl CisgICAgICAgICAgICAgICAgb3MuY2xvc2UodGZkKQorICAgICAgICAgICAg ICAgIG9zLnVubGluayhyZXQpCisgICAgICAgICAgICAgICAgZGVsIGRhdGFm aWxlCisgICAgICAgICAgICAgICAgc3lzLmV4aXQoIkVycm9yIHdyaXRpbmcg dGVtcG9yYXJ5IGNvcHkgb2YgIitmaWxlX3R5cGUpCisgICAgICAgICAgICBk YXRhb2ZmICs9IGxlbihkYXRhKQorCiAgICAgdHJ5OgogICAgICAgICBvcHRz LCBhcmdzID0gZ2V0b3B0LmdudV9nZXRvcHQoc3lzLmFyZ3ZbMTpdLCAncWlu aDo6JywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWyJx dWlldCIsICJpbnRlcmFjdGl2ZSIsICJub3QtcmVhbGx5IiwgImhlbHAiLCAK QEAgLTc4NiwyNCArODE5LDE4IEBAIGlmIF9fbmFtZV9fID09ICJfX21haW5f XyI6CiAgICAgaWYgbm90IGZzOgogICAgICAgICByYWlzZSBSdW50aW1lRXJy b3IsICJVbmFibGUgdG8gZmluZCBwYXJ0aXRpb24gY29udGFpbmluZyBrZXJu ZWwiCiAKLSAgICBpZiBub3RfcmVhbGx5OgotICAgICAgICBib290Y2ZnWyJr ZXJuZWwiXSA9ICI8a2VybmVsOiVzPiIgJSBjaG9zZW5jZmdbImtlcm5lbCJd Ci0gICAgZWxzZToKLSAgICAgICAgZGF0YSA9IGZzLm9wZW5fZmlsZShjaG9z ZW5jZmdbImtlcm5lbCJdKS5yZWFkKCkKLSAgICAgICAgKHRmZCwgYm9vdGNm Z1sia2VybmVsIl0pID0gdGVtcGZpbGUubWtzdGVtcChwcmVmaXg9ImJvb3Rf a2VybmVsLiIsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgZGlyPW91dHB1dF9kaXJlY3RvcnkpCi0gICAg ICAgIG9zLndyaXRlKHRmZCwgZGF0YSkKLSAgICAgICAgb3MuY2xvc2UodGZk KQorICAgIGJvb3RjZmdbImtlcm5lbCJdID0gY29weV9mcm9tX2ltYWdlKGZz LCBjaG9zZW5jZmdbImtlcm5lbCJdLCAia2VybmVsIiwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvdXRwdXRfZGlyZWN0b3J5 LCBub3RfcmVhbGx5KQogCiAgICAgaWYgY2hvc2VuY2ZnWyJyYW1kaXNrIl06 Ci0gICAgICAgIGlmIG5vdF9yZWFsbHk6Ci0gICAgICAgICAgICBib290Y2Zn WyJyYW1kaXNrIl0gPSAiPHJhbWRpc2s6JXM+IiAlIGNob3NlbmNmZ1sicmFt ZGlzayJdCi0gICAgICAgIGVsc2U6Ci0gICAgICAgICAgICBkYXRhID0gZnMu b3Blbl9maWxlKGNob3NlbmNmZ1sicmFtZGlzayJdLCkucmVhZCgpCi0gICAg ICAgICAgICAodGZkLCBib290Y2ZnWyJyYW1kaXNrIl0pID0gdGVtcGZpbGUu bWtzdGVtcCgKLSAgICAgICAgICAgICAgICBwcmVmaXg9ImJvb3RfcmFtZGlz ay4iLCBkaXI9b3V0cHV0X2RpcmVjdG9yeSkKLSAgICAgICAgICAgIG9zLndy aXRlKHRmZCwgZGF0YSkKLSAgICAgICAgICAgIG9zLmNsb3NlKHRmZCkKKyAg ICAgICAgdHJ5OgorICAgICAgICAgICAgYm9vdGNmZ1sicmFtZGlzayJdID0g Y29weV9mcm9tX2ltYWdlKGZzLCBjaG9zZW5jZmdbInJhbWRpc2siXSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAicmFtZGlzayIsIG91dHB1dF9kaXJlY3RvcnksCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbm90X3JlYWxs eSkKKyAgICAgICAgZXhjZXB0OgorICAgICAgICAgICAgaWYgbm90IG5vdF9y ZWFsbHk6CisgICAgICAgICAgICAgICAgb3MudW5saW5rKGJvb3RjZmdbImtl cm5lbCJdKQorICAgICAgICAgICAgcmFpc2UKICAgICBlbHNlOgogICAgICAg ICBpbml0cmQgPSBOb25lCiAK --=separator Content-Type: application/octet-stream; name="xsa25-4.2.patch" Content-Disposition: attachment; filename="xsa25-4.2.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtLWdpdCBh L3N0dWJkb20vZ3J1Yi9rZXhlYy5jIGIvc3R1YmRvbS9ncnViL2tleGVjLmMK aW5kZXggMDZiZWY1Mi4uYjIxYzkxYSAxMDA2NDQKLS0tIGEvc3R1YmRvbS9n cnViL2tleGVjLmMKKysrIGIvc3R1YmRvbS9ncnViL2tleGVjLmMKQEAgLTEz Nyw2ICsxMzcsMTAgQEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcg a2VybmVsX3NpemUsIHZvaWQgKm1vZHVsZSwgbG9uZyBtb2R1bGVfc2l6ZSwg Y2hhcgogICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNt ZGxpbmUsIGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNf YWxsb2NhdGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQg bWVtb3J5LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9r ZXJuZWxfbWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19t YXhfc2l6ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtl cm5lbDsKICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAK ZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oIGIvdG9vbHMvbGli eGMveGNfZG9tLmgKaW5kZXggMmFlZjY0YS4uNmE3MmFhOSAxMDA2NDQKLS0t IGEvdG9vbHMvbGlieGMveGNfZG9tLmgKKysrIGIvdG9vbHMvbGlieGMveGNf ZG9tLmgKQEAgLTU1LDYgKzU1LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7 CiAgICAgdm9pZCAqcmFtZGlza19ibG9iOwogICAgIHNpemVfdCByYW1kaXNr X3NpemU7CiAKKyAgICBzaXplX3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNp emVfdCBtYXhfcmFtZGlza19zaXplOworCiAgICAgLyogYXJndW1lbnRzIGFu ZCBwYXJhbWV0ZXJzICovCiAgICAgY2hhciAqY21kbGluZTsKICAgICB1aW50 MzJfdCBmX3JlcXVlc3RlZFtYRU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTgw LDYgKzE4MywyMyBAQCB2b2lkIHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0 IHhjX2RvbV9pbWFnZSAqZG9tKTsKIHZvaWQgeGNfZG9tX3JlbGVhc2Uoc3Ry dWN0IHhjX2RvbV9pbWFnZSAqZG9tKTsKIGludCB4Y19kb21fbWVtX2luaXQo c3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCB1bnNpZ25lZCBpbnQgbWVtX21i KTsKIAorLyogU2V0IHRoaXMgbGFyZ2VyIGlmIHlvdSBoYXZlIGVub3Jtb3Vz IHJhbWRpc2tzL2tlcm5lbHMuIE5vdGUgdGhhdAorICogeW91IHNob3VsZCB0 cnVzdCBhbGwga2VybmVscyBub3QgdG8gYmUgbWFsaWNpb3VzbHkgbGFyZ2Ug KGUuZy4gdG8KKyAqIGV4aGF1c3QgYWxsIGRvbTAgbWVtb3J5KSBpZiB5b3Ug ZG8gdGhpcyAoc2VlIENWRS0yMDEyLTQ1NDQgLworICogWFNBLTI1KS4gWW91 IGNhbiBhbHNvIHNldCB0aGUgZGVmYXVsdCBpbmRlcGVuZGVudGx5IGZvcgor ICogcmFtZGlza3Mva2VybmVscyBpbiB4Y19kb21fYWxsb2NhdGUoKSBvciBj YWxsCisgKiB4Y19kb21fe2tlcm5lbCxyYW1kaXNrfV9tYXhfc2l6ZS4KKyAq LworI2lmbmRlZiBYQ19ET01fREVDT01QUkVTU19NQVgKKyNkZWZpbmUgWENf RE9NX0RFQ09NUFJFU1NfTUFYICgxMDI0KjEwMjQqMTAyNCkgLyogMUdCICov CisjZW5kaWYKKworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1 Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeik7CitpbnQgeGNfZG9t X2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNp emVfdCBzeik7CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4Y19k b21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20s IHNpemVfdCBzeik7CisKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwKICAgICAgICAgICAgICAgICAgICAgIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pOwogaW50IHhjX2RvbV9kb19ndW56aXAoeGNf aW50ZXJmYWNlICp4Y2gsCkBAIC0yNDAsNyArMjYwLDggQEAgdm9pZCB4Y19k b21fbG9nX21lbW9yeV9mb290cHJpbnQoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBz aXplKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBz aXplX3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNv bnN0IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAog LyogLS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMgYi90b29scy9saWJ4Yy94 Y19kb21fYnppbWFnZWxvYWRlci5jCmluZGV4IDExM2Q0MGYuLmIxYjJlYjAg MTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVy LmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwpA QCAtNDcsMTMgKzQ3LDE5IEBAIHN0YXRpYyBpbnQgeGNfdHJ5X2J6aXAyX2Rl Y29kZSgKICAgICBjaGFyICpvdXRfYnVmOwogICAgIGNoYXIgKnRtcF9idWY7 CiAgICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAg IHVuc2lnbmVkIGludCBvdXRzaXplOwogICAgIHVpbnQ2NF90IHRvdGFsOwog CiAgICAgc3RyZWFtLmJ6YWxsb2MgPSBOVUxMOwogICAgIHN0cmVhbS5iemZy ZWUgPSBOVUxMOwogICAgIHN0cmVhbS5vcGFxdWUgPSBOVUxMOwogCisgICAg aWYgKCBkb20tPmtlcm5lbF9zaXplID09IDApCisgICAgeworICAgICAgICBE T01QUklOVEYoIkJaSVAyOiBJbnB1dCBpcyAwIHNpemUiKTsKKyAgICAgICAg cmV0dXJuIC0xOworICAgIH0KKwogICAgIHJldCA9IEJaMl9iekRlY29tcHJl c3NJbml0KCZzdHJlYW0sIDAsIDApOwogICAgIGlmICggcmV0ICE9IEJaX09L ICkKICAgICB7CkBAIC02Niw2ICs3MiwxNyBAQCBzdGF0aWMgaW50IHhjX3Ry eV9iemlwMl9kZWNvZGUoCiAgICAgICogdGhlIGlucHV0IGJ1ZmZlciB0byBz dGFydCwgYW5kIHdlJ2xsIHJlYWxsb2MgYXMgbmVlZGVkLgogICAgICAqLwog ICAgIG91dHNpemUgPSBkb20tPmtlcm5lbF9zaXplOworCisgICAgLyoKKyAg ICAgKiBzdHJlYW0uYXZhaWxfaW4gYW5kIG91dHNpemUgYXJlIHVuc2lnbmVk IGludCwgd2hpbGUga2VybmVsX3NpemUKKyAgICAgKiBpcyBhIHNpemVfdC4g Q2hlY2sgd2UgYXJlbid0IG92ZXJmbG93aW5nLgorICAgICAqLworICAgIGlm ICggb3V0c2l6ZSAhPSBkb20tPmtlcm5lbF9zaXplICkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IHRvbyBsYXJnZSIpOworICAg ICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAgfQorCiAgICAgb3V0X2J1 ZiA9IG1hbGxvYyhvdXRzaXplKTsKICAgICBpZiAoIG91dF9idWYgPT0gTlVM TCApCiAgICAgewpAQCAtOTgsMTMgKzExNSwyMCBAQCBzdGF0aWMgaW50IHhj X3RyeV9iemlwMl9kZWNvZGUoCiAgICAgICAgIGlmICggc3RyZWFtLmF2YWls X291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVj dCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAg ICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IFVJTlRfTUFYIC8gMiApCiAgICAgICAgICAgICB7 CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IGJ1 ZmZlciBvdmVyZmxvdyIpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOwogICAg ICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAoIHhjX2RvbV9rZXJuZWxf Y2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSApCisgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IHRv byBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1Zik7Cisg ICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAgICAgICAg ICAgfQorCiAgICAgICAgICAgICB0bXBfYnVmID0gcmVhbGxvYyhvdXRfYnVm LCBvdXRzaXplICogMik7CiAgICAgICAgICAgICBpZiAoIHRtcF9idWYgPT0g TlVMTCApCiAgICAgICAgICAgICB7CkBAIC0xNzIsOSArMTk2LDE1IEBAIHN0 YXRpYyBpbnQgX3hjX3RyeV9sem1hX2RlY29kZSgKICAgICB1bnNpZ25lZCBj aGFyICpvdXRfYnVmOwogICAgIHVuc2lnbmVkIGNoYXIgKnRtcF9idWY7CiAg ICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAgIHNp emVfdCBvdXRzaXplOwogICAgIGNvbnN0IGNoYXIgKm1zZzsKIAorICAgIGlm ICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQorICAgIHsKKyAgICAgICAgRE9N UFJJTlRGKCIlczogSW5wdXQgaXMgMCBzaXplIiwgd2hhdCk7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICAvKiBzaWdoLiAgV2UgZG9uJ3Qg a25vdyB1cC1mcm9udCBob3cgbXVjaCBtZW1vcnkgd2UgYXJlIGdvaW5nIHRv IG5lZWQKICAgICAgKiBmb3IgdGhlIG91dHB1dCBidWZmZXIuICBBbGxvY2F0 ZSB0aGUgb3V0cHV0IGJ1ZmZlciB0byBiZSBlcXVhbAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KQEAgLTI0NCwxMyArMjc0LDIwIEBAIHN0YXRpYyBpbnQgX3hjX3Ry eV9sem1hX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0tPmF2YWlsX291 dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVjdCBh Z2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAgIGlm ICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIlczogb3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyIsIHdoYXQpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CiAgICAg ICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tlcm5lbF9j aGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAgICAgIHsK KyAgICAgICAgICAgICAgICBET01QUklOVEYoIiVzOiBvdXRwdXQgdG9vIGxh cmdlIiwgd2hhdCk7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVmKTsK KyAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51cDsKKyAgICAgICAg ICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9IHJlYWxsb2Mob3V0X2J1 Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAgaWYgKCB0bXBfYnVmID09 IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMzU5LDYgKzM5NiwxMiBAQCBz dGF0aWMgaW50IHhjX3RyeV9sem8xeF9kZWNvZGUoCiAgICAgICAgIDB4ODks IDB4NGMsIDB4NWEsIDB4NGYsIDB4MDAsIDB4MGQsIDB4MGEsIDB4MWEsIDB4 MGEKICAgICB9OwogCisgICAgLyoKKyAgICAgKiBsem9fdWludCBzaG91bGQg bWF0Y2ggc2l6ZV90LiBDaGVjayB0aGF0IHRoaXMgaXMgdGhlIGNhc2UgdG8g YmUKKyAgICAgKiBzdXJlIHdlIHdvbid0IG92ZXJmbG93IHZhcmlvdXMgbHpv X3VpbnQgZmllbGRzLgorICAgICAqLworICAgIFhDX0JVSUxEX0JVR19PTihz aXplb2YobHpvX3VpbnQpICE9IHNpemVvZihzaXplX3QpKTsKKwogICAgIHJl dCA9IGx6b19pbml0KCk7CiAgICAgaWYgKCByZXQgIT0gTFpPX0VfT0sgKQog ICAgIHsKQEAgLTQzOCw2ICs0ODEsMTQgQEAgc3RhdGljIGludCB4Y190cnlf bHpvMXhfZGVjb2RlKAogICAgICAgICBpZiAoIHNyY19sZW4gPD0gMCB8fCBz cmNfbGVuID4gZHN0X2xlbiB8fCBzcmNfbGVuID4gbGVmdCApCiAgICAgICAg ICAgICBicmVhazsKIAorICAgICAgICBtc2cgPSAiT3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyI7CisgICAgICAgIGlmICggKnNpemUgPiBTSVpFX01BWCAtIGRz dF9sZW4gKQorICAgICAgICAgICAgYnJlYWs7CisKKyAgICAgICAgbXNnID0g IkRlY29tcHJlc3NlZCBpbWFnZSB0b28gbGFyZ2UiOworICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sICpzaXplICsgZHN0X2xl bikgKQorICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAgbXNnID0gIkZh aWxlZCB0byAocmUpYWxsb2MgbWVtb3J5IjsKICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1ZiwgKnNpemUgKyBkc3RfbGVuKTsKICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQpkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYyBiL3Rvb2xzL2xpYnhjL3hjX2RvbV9jb3JlLmMK aW5kZXggZmVhOWRlNS4uMmEwMWQ3YyAxMDA2NDQKLS0tIGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCkBAIC0xNTksNyArMTU5LDggQEAgdm9pZCAqeGNfZG9tX21hbGxvY19w YWdlX2FsaWduZWQoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c2l6ZSkKIH0KIAogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSkKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFyICpmaWxlbmFt ZSwgc2l6ZV90ICogc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb25zdCBzaXplX3QgbWF4X3NpemUpCiB7CiAgICAgc3RydWN0IHhjX2Rv bV9tZW0gKmJsb2NrID0gTlVMTDsKICAgICBpbnQgZmQgPSAtMTsKQEAgLTE3 MSw2ICsxNzIsMTMgQEAgdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwKICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIGNvbnN0IGNoYXIgKnN0cikKIH0K IAogLyogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tICovCisvKiBkZWNv bXByZXNzaW9uIGJ1ZmZlciBzaXppbmcgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKi8KK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opCit7CisgICAgLyogTm8gbGltaXQgKi8KKyAgICBpZiAoICFkb20tPm1h eF9rZXJuZWxfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAgaWYg KCBzeiA+IGRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICB7CisgICAgICAg IHhjX2RvbV9wYW5pYyhkb20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisg ICAgICAgICAgICAgICAgICAgICAia2VybmVsIGltYWdlIHRvbyBsYXJnZSIp OworICAgICAgICByZXR1cm4gMTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsK K30KKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgLyogTm8gbGlt aXQgKi8KKyAgICBpZiAoICFkb20tPm1heF9yYW1kaXNrX3NpemUgKQorICAg ICAgICByZXR1cm4gMDsKKworICAgIGlmICggc3ogPiBkb20tPm1heF9yYW1k aXNrX3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+ eGNoLCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAg ICJyYW1kaXNrIGltYWdlIHRvbyBsYXJnZSIpOworICAgICAgICByZXR1cm4g MTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKworLyogLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tICovCiAvKiByZWFkIGZpbGVzLCBjb3B5IG1l bW9yeSBibG9ja3MsIHdpdGggdHJhbnNwYXJlbnQgZ3VuemlwICAgICAgICAg ICAgICAgICAgKi8KIAogc2l6ZV90IHhjX2RvbV9jaGVja19nemlwKHhjX2lu dGVyZmFjZSAqeGNoLCB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKQpAQCAt MjM1LDcgKzI3Nyw3IEBAIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikKIAog ICAgIGd6bGVuID0gYmxvYiArIHppcGxlbiAtIDQ7CiAgICAgdW56aXBsZW4g PSBnemxlblszXSA8PCAyNCB8IGd6bGVuWzJdIDw8IDE2IHwgZ3psZW5bMV0g PDwgOCB8IGd6bGVuWzBdOwotICAgIGlmICggKHVuemlwbGVuIDwgMCkgfHwg KHVuemlwbGVuID4gKDEwMjQqMTAyNCoxMDI0KSkgKSAvKiAxR0IgbGltaXQg Ki8KKyAgICBpZiAoICh1bnppcGxlbiA8IDApIHx8ICh1bnppcGxlbiA+IFhD X0RPTV9ERUNPTVBSRVNTX01BWCkgKQogICAgIHsKICAgICAgICAgeGNfZG9t X3ByaW50ZgogICAgICAgICAgICAgKHhjaCwKQEAgLTI4OCw2ICszMzAsOSBA QCBpbnQgeGNfZG9tX3RyeV9ndW56aXAoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCB2b2lkICoqYmxvYiwgc2l6ZV90ICogc2l6ZSkKICAgICBpZiAoIHVu emlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlmICgg eGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkKKyAg ICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxsb2Mo ZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkKICAg ICAgICAgcmV0dXJuIC0xOwpAQCAtNTg4LDYgKzYzMyw5IEBAIHN0cnVjdCB4 Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhj aCwKICAgICBtZW1zZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRv bS0+eGNoID0geGNoOwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBY Q19ET01fREVDT01QUkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19z aXplID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRs aW5lICkKICAgICAgICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChk b20sIGNtZGxpbmUpOwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjA4LDEw ICs2NTYsMjUgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9j YXRlKHhjX2ludGVyZmFjZSAqeGNoLAogICAgIHJldHVybiBOVUxMOwogfQog CitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYoIiVzOiBr ZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7CisgICAg ZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsKKyAgICByZXR1cm4gMDsKK30K KworaW50IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21f aW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIERPTVBSSU5URigiJXM6 IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7Cisg ICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKIGludCB4Y19kb21fa2VybmVsX2ZpbGUoc3RydWN0IHhjX2RvbV9p bWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxlbmFtZSkKIHsKICAgICBET01Q UklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZp bGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxv Y19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplKTsK KyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxvY19maWxlbWFw KGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplLAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9tLT5tYXhf a2VybmVsX3NpemUpOwogICAgIGlmICggZG9tLT5rZXJuZWxfYmxvYiA9PSBO VUxMICkKICAgICAgICAgcmV0dXJuIC0xOwogICAgIHJldHVybiB4Y19kb21f dHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5lbF9ibG9iLCAmZG9tLT5rZXJu ZWxfc2l6ZSk7CkBAIC02MjEsNyArNjg0LDkgQEAgaW50IHhjX2RvbV9yYW1k aXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFy ICpmaWxlbmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1c IiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKICAgICBkb20tPnJh bWRpc2tfYmxvYiA9Ci0gICAgICAgIHhjX2RvbV9tYWxsb2NfZmlsZW1hcChk b20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUpOworICAgICAgICB4 Y19kb21fbWFsbG9jX2ZpbGVtYXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFt ZGlza19zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9t LT5tYXhfcmFtZGlza19zaXplKTsKKwogICAgIGlmICggZG9tLT5yYW1kaXNr X2Jsb2IgPT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKIC8vICAgIHJl dHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPnJhbWRpc2tfYmxv YiwgJmRvbS0+cmFtZGlza19zaXplKTsKQEAgLTc4MSw3ICs4NDYsMTEgQEAg aW50IHhjX2RvbV9idWlsZF9pbWFnZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpk b20pCiAgICAgICAgIHZvaWQgKnJhbWRpc2ttYXA7CiAKICAgICAgICAgdW56 aXBsZW4gPSB4Y19kb21fY2hlY2tfZ3ppcChkb20tPnhjaCwgZG9tLT5yYW1k aXNrX2Jsb2IsIGRvbS0+cmFtZGlza19zaXplKTsKKyAgICAgICAgaWYgKCB4 Y19kb21fcmFtZGlza19jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICE9IDAg KQorICAgICAgICAgICAgdW56aXBsZW4gPSAwOworCiAgICAgICAgIHJhbWRp c2tsZW4gPSB1bnppcGxlbiA/IHVuemlwbGVuIDogZG9tLT5yYW1kaXNrX3Np emU7CisKICAgICAgICAgaWYgKCB4Y19kb21fYWxsb2Nfc2VnbWVudChkb20s ICZkb20tPnJhbWRpc2tfc2VnLCAicmFtZGlzayIsIDAsCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgcmFtZGlza2xlbikgIT0gMCApCiAg ICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: application/octet-stream; name="xsa25-unstable.patch" Content-Disposition: attachment; filename="xsa25-unstable.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBiOWMx ZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHN0dWJkb20vZ3J1Yi9rZXhlYy5j Ci0tLSBhL3N0dWJkb20vZ3J1Yi9rZXhlYy5jCVdlZCBPY3QgMjQgMTU6NDk6 NDEgMjAxMiArMDEwMAorKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwlGcmkg T2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTEzNyw2ICsxMzcsMTAg QEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcga2VybmVsX3Npegog ICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNtZGxpbmUs IGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNfYWxsb2Nh dGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQgbWVtb3J5 LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9rZXJuZWxf bWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19tYXhfc2l6 ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtlcm5lbDsK ICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbS5oCi0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oCVdlZCBPY3QgMjQg MTU6NDk6NDEgMjAxMiArMDEwMAorKysgYi90b29scy9saWJ4Yy94Y19kb20u aAlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTU1LDYgKzU1 LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7CiAgICAgdm9pZCAqcmFtZGlz a19ibG9iOwogICAgIHNpemVfdCByYW1kaXNrX3NpemU7CiAKKyAgICBzaXpl X3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNpemVfdCBtYXhfcmFtZGlza19z aXplOworCiAgICAgLyogYXJndW1lbnRzIGFuZCBwYXJhbWV0ZXJzICovCiAg ICAgY2hhciAqY21kbGluZTsKICAgICB1aW50MzJfdCBmX3JlcXVlc3RlZFtY RU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTk0LDYgKzE5NywyMyBAQCB2b2lk IHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0IHhjX2RvbV9pCiB2b2lkIHhj X2RvbV9yZWxlYXNlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSk7CiBpbnQg eGNfZG9tX21lbV9pbml0KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgdW5z aWduZWQgaW50IG1lbV9tYik7CiAKKy8qIFNldCB0aGlzIGxhcmdlciBpZiB5 b3UgaGF2ZSBlbm9ybW91cyByYW1kaXNrcy9rZXJuZWxzLiBOb3RlIHRoYXQK KyAqIHlvdSBzaG91bGQgdHJ1c3QgYWxsIGtlcm5lbHMgbm90IHRvIGJlIG1h bGljaW91c2x5IGxhcmdlIChlLmcuIHRvCisgKiBleGhhdXN0IGFsbCBkb20w IG1lbW9yeSkgaWYgeW91IGRvIHRoaXMgKHNlZSBDVkUtMjAxMi00NTQ0IC8K KyAqIFhTQS0yNSkuIFlvdSBjYW4gYWxzbyBzZXQgdGhlIGRlZmF1bHQgaW5k ZXBlbmRlbnRseSBmb3IKKyAqIHJhbWRpc2tzL2tlcm5lbHMgaW4geGNfZG9t X2FsbG9jYXRlKCkgb3IgY2FsbAorICogeGNfZG9tX3trZXJuZWwscmFtZGlz a31fbWF4X3NpemUuCisgKi8KKyNpZm5kZWYgWENfRE9NX0RFQ09NUFJFU1Nf TUFYCisjZGVmaW5lIFhDX0RPTV9ERUNPTVBSRVNTX01BWCAoMTAyNCoxMDI0 KjEwMjQpIC8qIDFHQiAqLworI2VuZGlmCisKK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opOworaW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeik7CitpbnQgeGNfZG9tX3JhbWRpc2tfbWF4X3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCiBzaXplX3QgeGNfZG9t X2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsCiAgICAgICAgICAgICAg ICAgICAgICB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKTsKIGludCB4Y19k b21fZG9fZ3VuemlwKHhjX2ludGVyZmFjZSAqeGNoLApAQCAtMjU0LDcgKzI3 NCw4IEBAIHZvaWQgeGNfZG9tX2xvZ19tZW1vcnlfZm9vdHByaW50KHN0cnVj dCAKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3BhZ2Vf YWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzaXpl KTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgY29u c3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBzaXpl X3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0 IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAogLyog LS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtciBiOWMxZTA4NmQ5Yjcg LXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9h ZGVyLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIu YwlXZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMv bGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwlGcmkgT2N0IDI2IDA5OjE5 OjIyIDIwMTIgKzAxMDAKQEAgLTQ3LDEzICs0NywxOSBAQCBzdGF0aWMgaW50 IHhjX3RyeV9iemlwMl9kZWNvZGUoCiAgICAgY2hhciAqb3V0X2J1ZjsKICAg ICBjaGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBp bnQgb3V0c2l6ZTsKKyAgICB1bnNpZ25lZCBpbnQgb3V0c2l6ZTsKICAgICB1 aW50NjRfdCB0b3RhbDsKIAogICAgIHN0cmVhbS5iemFsbG9jID0gTlVMTDsK ICAgICBzdHJlYW0uYnpmcmVlID0gTlVMTDsKICAgICBzdHJlYW0ub3BhcXVl ID0gTlVMTDsKIAorICAgIGlmICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQor ICAgIHsKKyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgaXMgMCBz aXplIik7CisgICAgICAgIHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQg PSBCWjJfYnpEZWNvbXByZXNzSW5pdCgmc3RyZWFtLCAwLCAwKTsKICAgICBp ZiAoIHJldCAhPSBCWl9PSyApCiAgICAgewpAQCAtNjYsNiArNzIsMTcgQEAg c3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KICAgICAgKi8KICAgICBvdXRzaXplID0gZG9tLT5rZXJuZWxfc2l6 ZTsKKworICAgIC8qCisgICAgICogc3RyZWFtLmF2YWlsX2luIGFuZCBvdXRz aXplIGFyZSB1bnNpZ25lZCBpbnQsIHdoaWxlIGtlcm5lbF9zaXplCisgICAg ICogaXMgYSBzaXplX3QuIENoZWNrIHdlIGFyZW4ndCBvdmVyZmxvd2luZy4K KyAgICAgKi8KKyAgICBpZiAoIG91dHNpemUgIT0gZG9tLT5rZXJuZWxfc2l6 ZSApCisgICAgeworICAgICAgICBET01QUklOVEYoIkJaSVAyOiBJbnB1dCB0 b28gbGFyZ2UiKTsKKyAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAg IH0KKwogICAgIG91dF9idWYgPSBtYWxsb2Mob3V0c2l6ZSk7CiAgICAgaWYg KCBvdXRfYnVmID09IE5VTEwgKQogICAgIHsKQEAgLTk4LDEzICsxMTUsMjAg QEAgc3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAgICBp ZiAoIHN0cmVhbS5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAg ICAgICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJm bG93ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8g MiApCisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBVSU5UX01BWCAvIDIg KQogICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciKTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gYnpp cDJfY2xlYW51cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYg KCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikg KQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCB0b28gbGFyZ2UiKTsKKyAgICAgICAgICAgICAgICBm cmVlKG91dF9idWYpOworICAgICAgICAgICAgICAgIGdvdG8gYnppcDJfY2xl YW51cDsKKyAgICAgICAgICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMTcy LDkgKzE5NiwxNSBAQCBzdGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUo CiAgICAgdW5zaWduZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBj aGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQg b3V0c2l6ZTsKKyAgICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFy ICptc2c7CiAKKyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAg ICB7CisgICAgICAgIERPTVBSSU5URigiJXM6IElucHV0IGlzIDAgc2l6ZSIs IHdoYXQpOworICAgICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgLyog c2lnaC4gIFdlIGRvbid0IGtub3cgdXAtZnJvbnQgaG93IG11Y2ggbWVtb3J5 IHdlIGFyZSBnb2luZyB0byBuZWVkCiAgICAgICogZm9yIHRoZSBvdXRwdXQg YnVmZmVyLiAgQWxsb2NhdGUgdGhlIG91dHB1dCBidWZmZXIgdG8gYmUgZXF1 YWwKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVyIHRvIHN0YXJ0LCBhbmQgd2Un bGwgcmVhbGxvYyBhcyBuZWVkZWQuCkBAIC0yNDQsMTMgKzI3NCwyMCBAQCBz dGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICgg c3RyZWFtLT5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAgICAg ICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJmbG93 ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8gMiAp CisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBTSVpFX01BWCAvIDIgKQog ICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigiJXM6 IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciLCB3aGF0KTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gbHpt YV9jbGVhbnVwOwogICAgICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSAp CisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIl czogb3V0cHV0IHRvbyBsYXJnZSIsIHdoYXQpOworICAgICAgICAgICAgICAg IGZyZWUob3V0X2J1Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2Ns ZWFudXA7CisgICAgICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYg PSByZWFsbG9jKG91dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAg IGlmICggdG1wX2J1ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTM1 OSw2ICszOTYsMTIgQEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2Rl KAogICAgICAgICAweDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBk LCAweDBhLCAweDFhLCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICog bHpvX3VpbnQgc2hvdWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlz IGlzIHRoZSBjYXNlIHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVy ZmxvdyB2YXJpb3VzIGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBY Q19CVUlMRF9CVUdfT04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6 ZV90KSk7CisKICAgICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0 ICE9IExaT19FX09LICkKICAgICB7CkBAIC00MzgsNiArNDgxLDE0IEBAIHN0 YXRpYyBpbnQgeGNfdHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBz cmNfbGVuIDw9IDAgfHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+ IGxlZnQgKQogICAgICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0g Ik91dHB1dCBidWZmZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXpl ID4gU0laRV9NQVggLSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOwor CisgICAgICAgIG1zZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdl IjsKKyAgICAgICAgaWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9t LCAqc2l6ZSArIGRzdF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAg ICAgICAgIG1zZyA9ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAg ICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0 X2xlbik7CiAgICAgICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbV9jb3JlLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2NvcmUuYwlX ZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYwlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAx MDAKQEAgLTE1OSw3ICsxNTksOCBAQCB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVf dCAqIHNpemUpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3Qg Y2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAg IHN0cnVjdCB4Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZk ID0gLTE7CkBAIC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG8KICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlIAogfQogCiAvKiAtLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0gKi8KKy8qIGRlY29tcHJlc3Npb24gYnVmZmVyIHNpemlu ZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAqLworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICAvKiBObyBsaW1p dCAqLworICAgIGlmICggIWRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICAg ICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhfa2VybmVs X3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNo LCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAgICJr ZXJuZWwgaW1hZ2UgdG9vIGxhcmdlIik7CisgICAgICAgIHJldHVybiAxOwor ICAgIH0KKworICAgIHJldHVybiAwOworfQorCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeikKK3sKKyAgICAvKiBObyBsaW1pdCAqLworICAgIGlmICggIWRvbS0+ bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAg aWYgKCBzeiA+IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgInJhbWRpc2sgaW1hZ2UgdG9vIGxh cmdlIik7CisgICAgICAgIHJldHVybiAxOworICAgIH0KKworICAgIHJldHVy biAwOworfQorCisvKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8K IC8qIHJlYWQgZmlsZXMsIGNvcHkgbWVtb3J5IGJsb2Nrcywgd2l0aCB0cmFu c3BhcmVudCBndW56aXAgICAgICAgICAgICAgICAgICAqLwogCiBzaXplX3Qg eGNfZG9tX2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pCkBAIC0yMzUsNyArMjc3LDcgQEAgc2l6ZV90 IHhjX2RvbV9jaGVja19nemlwKHhjX2ludGVyZmFjZSAqeAogCiAgICAgZ3ps ZW4gPSBibG9iICsgemlwbGVuIC0gNDsKICAgICB1bnppcGxlbiA9IGd6bGVu WzNdIDw8IDI0IHwgZ3psZW5bMl0gPDwgMTYgfCBnemxlblsxXSA8PCA4IHwg Z3psZW5bMF07Ci0gICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBs ZW4gPiAoMTAyNCoxMDI0KjEwMjQpKSApIC8qIDFHQiBsaW1pdCAqLworICAg IGlmICggKHVuemlwbGVuIDwgMCkgfHwgKHVuemlwbGVuID4gWENfRE9NX0RF Q09NUFJFU1NfTUFYKSApCiAgICAgewogICAgICAgICB4Y19kb21fcHJpbnRm CiAgICAgICAgICAgICAoeGNoLApAQCAtMjg4LDYgKzMzMCw5IEBAIGludCB4 Y19kb21fdHJ5X2d1bnppcChzdHJ1Y3QgeGNfZG9tX2ltYWcKICAgICBpZiAo IHVuemlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlm ICggeGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkK KyAgICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxs b2MoZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkK ICAgICAgICAgcmV0dXJuIC0xOwpAQCAtNTkwLDYgKzYzNSw5IEBAIHN0cnVj dCB4Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y18KICAgICBtZW1z ZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRvbS0+eGNoID0geGNo OwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBYQ19ET01fREVDT01Q UkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gWENfRE9N X0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRsaW5lICkKICAgICAg ICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChkb20sIGNtZGxpbmUp OwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjEwLDEwICs2NTgsMjUgQEAg c3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9jYXRlKHhjXwogICAg IHJldHVybiBOVUxMOwogfQogCitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6 ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAg ICBET01QUklOVEYoIiVzOiBrZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5D VElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsK KyAgICByZXR1cm4gMDsKK30KKworaW50IHhjX2RvbV9yYW1kaXNrX21heF9z aXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQorewor ICAgIERPTVBSSU5URigiJXM6IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19G VU5DVElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0g c3o7CisgICAgcmV0dXJuIDA7Cit9CisKIGludCB4Y19kb21fa2VybmVsX2Zp bGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxl bmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIi LCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9i bG9iID0geGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZk b20tPmtlcm5lbF9zaXplKTsKKyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNf ZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5l bF9zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZG9tLT5tYXhfa2VybmVsX3NpemUpOwogICAgIGlmICggZG9t LT5rZXJuZWxfYmxvYiA9PSBOVUxMICkKICAgICAgICAgcmV0dXJuIC0xOwog ICAgIHJldHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5l bF9ibG9iLCAmZG9tLT5rZXJuZWxfc2l6ZSk7CkBAIC02MjMsNyArNjg2LDkg QEAgaW50IHhjX2RvbV9yYW1kaXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbQog ewogICAgIERPTVBSSU5URigiJXM6IGZpbGVuYW1lPVwiJXNcIiIsIF9fRlVO Q1RJT05fXywgZmlsZW5hbWUpOwogICAgIGRvbS0+cmFtZGlza19ibG9iID0K LSAgICAgICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUs ICZkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIHhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb20tPm1heF9yYW1kaXNr X3NpemUpOworCiAgICAgaWYgKCBkb20tPnJhbWRpc2tfYmxvYiA9PSBOVUxM ICkKICAgICAgICAgcmV0dXJuIC0xOwogLy8gICAgcmV0dXJuIHhjX2RvbV90 cnlfZ3VuemlwKGRvbSwgJmRvbS0+cmFtZGlza19ibG9iLCAmZG9tLT5yYW1k aXNrX3NpemUpOwpAQCAtNzgzLDcgKzg0OCwxMSBAQCBpbnQgeGNfZG9tX2J1 aWxkX2ltYWdlKHN0cnVjdCB4Y19kb21faW1hCiAgICAgICAgIHZvaWQgKnJh bWRpc2ttYXA7CiAKICAgICAgICAgdW56aXBsZW4gPSB4Y19kb21fY2hlY2tf Z3ppcChkb20tPnhjaCwgZG9tLT5yYW1kaXNrX2Jsb2IsIGRvbS0+cmFtZGlz a19zaXplKTsKKyAgICAgICAgaWYgKCB4Y19kb21fcmFtZGlza19jaGVja19z aXplKGRvbSwgdW56aXBsZW4pICE9IDAgKQorICAgICAgICAgICAgdW56aXBs ZW4gPSAwOworCiAgICAgICAgIHJhbWRpc2tsZW4gPSB1bnppcGxlbiA/IHVu emlwbGVuIDogZG9tLT5yYW1kaXNrX3NpemU7CisKICAgICAgICAgaWYgKCB4 Y19kb21fYWxsb2Nfc2VnbWVudChkb20sICZkb20tPnJhbWRpc2tfc2VnLCAi cmFtZGlzayIsIDAsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgcmFtZGlza2xlbikgIT0gMCApCiAgICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Mon Nov 12 10:53:50 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Mon, 12 Nov 2012 10:53:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TXrbn-0006NB-1P; Mon, 12 Nov 2012 10:51:15 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TRhfr-0001f2-T8; Fri, 26 Oct 2012 11:02:00 +0000 Received: from [85.158.139.83:61094] by server-4.bemta-5.messagelabs.com id 3D/F1-01455-6AD6A805; Fri, 26 Oct 2012 11:01:58 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-3.tower-182.messagelabs.com!1351249316!27438188!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 22601 invoked from network); 26 Oct 2012 11:01:57 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-3.tower-182.messagelabs.com with AES256-SHA encrypted SMTP; 26 Oct 2012 11:01:57 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TRhfg-0003oA-7z; Fri, 26 Oct 2012 11:01:48 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TRhff-0004iR-Vi; Fri, 26 Oct 2012 11:01:48 +0000 Date: Fri, 26 Oct 2012 11:01:47 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Mon, 12 Nov 2012 10:51:13 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. IMPACT ====== A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0 leading to a denial of service attack. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== Running only trusted kernels and ramdisks will avoid this vulnerability. Using pvgrub also avoids this vulnerability since the builder will run in guest context. (nb: use of pygrub *is* vulnerable). Running only HVM guests will avoid this vulnerability. RELATED ISSUE ============= CVE-2012-2625 covers a bug in pygrub which caused that process to consume excessive amount of memory under similar circumstances to the above. This was fixed in xen-unstable (and the fix inherited by Xen 4.2.x) in revision 25589:60f09d1ab1fe but not called out as a security problem. This fix is also included, where relevant, in the patches below. RESOLUTION ========== Applying the appropriate attached patch resolves this issue, including the related pygrub fix where neccesary. xsa25-unstable.patch Xen unstable xsa25-4.2.patch Xen 4.2.x xsa25-4.1.patch Xen 4.1.x $ sha256sum xsa25*.patch 613e4b82cdc9cabf9cbd52076118887b298c47e680c2066a28a77f12e9f90606 xsa25-4.1.patch 135bc089d003f9b97991764c37b1ab8d37e9cbcfa1b9bd7429b4503abe00c8f5 xsa25-4.2.patch 534495b7eef6e599f5814f0a67fc84fbe2e8eee9d223a09ad178ff63bdcda3dd xsa25-unstable.patch Note that these patches impose a new size limit of 1Gby on both the compressed and uncompressed sizes of ramdisks. On some systems it may be desirable to relax these limits and risk virtual address or memory exhaustion in the toolstack. This can be achieved by setting XC_DOM_DECOMPRESS_MAX to the desired limit (in bytes). This can be done by building with "APPEND_CFLAGS=-DXC_DOM_DECOMPRESS_MAX=" or by editing tools/libxc/xc_dom.h directly. NOTE REGARDING LACK OF EMBARGO ============================== These issues have already been discussed in public in various places, including https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 and http://bugs.debian.org/688125. This advisory is therefore not subject to an embargo. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQim1nAAoJEIP+FMlX6CvZgw0IAKTyGbRlt5N2i8YbRdAj0+wF OA4X5G1GlAEf0iGVjYi92/HnVyjWxLSNCKJK4YSWAUrlnkAC2IEUU6vqQOkxN/ic 88D1VS8tEtQwRGa9jNxf4RTCLvdGxrVK4lnSDu7OplgwMDT7O/X+Dq89xKN2VCYw /iqpzlAndmC0Lqz0U8VlV71JryS5uwg980GWimQaIEinyOWFS5cuImvBamptl+zU aoU3JxERd3YWASrspm8dBOtwc75DucWY1hOjz52uloodKcJha55Objcm8dn76xwN JV7sHGFRrQyxHnQJ9GeSuV0RHkxB6VhMXTGWKFaynOLjtUUoidkawgs1ld+Qsms= =Vj6Q -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa25-4.1.patch" Content-Disposition: attachment; filename="xsa25-4.1.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgpbIEluY2x1ZGVzIDI1 NTg5OjYwZjA5ZDFhYjFmZSBmb3IgQ1ZFLTIwMTItMjYyNSBdCgpkaWZmIC0t Z2l0IGEvc3R1YmRvbS9ncnViL2tleGVjLmMgYi9zdHViZG9tL2dydWIva2V4 ZWMuYwppbmRleCAwNmJlZjUyLi5iMjFjOTFhIDEwMDY0NAotLS0gYS9zdHVi ZG9tL2dydWIva2V4ZWMuYworKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwpA QCAtMTM3LDYgKzEzNywxMCBAQCB2b2lkIGtleGVjKHZvaWQgKmtlcm5lbCwg bG9uZyBrZXJuZWxfc2l6ZSwgdm9pZCAqbW9kdWxlLCBsb25nIG1vZHVsZV9z aXplLCBjaGFyCiAgICAgZG9tID0geGNfZG9tX2FsbG9jYXRlKHhjX2hhbmRs ZSwgY21kbGluZSwgZmVhdHVyZXMpOwogICAgIGRvbS0+YWxsb2NhdGUgPSBr ZXhlY19hbGxvY2F0ZTsKIAorICAgIC8qIFdlIGFyZSB1c2luZyBndWVzdCBv d25lZCBtZW1vcnksIHRoZXJlZm9yZSBubyBsaW1pdHMuICovCisgICAgeGNf ZG9tX2tlcm5lbF9tYXhfc2l6ZShkb20sIDApOworICAgIHhjX2RvbV9yYW1k aXNrX21heF9zaXplKGRvbSwgMCk7CisKICAgICBkb20tPmtlcm5lbF9ibG9i ID0ga2VybmVsOwogICAgIGRvbS0+a2VybmVsX3NpemUgPSBrZXJuZWxfc2l6 ZTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGMveGNfZG9tLmggYi90b29s cy9saWJ4Yy94Y19kb20uaAppbmRleCBlNzJmMDY2Li43MDQzZjk2IDEwMDY0 NAotLS0gYS90b29scy9saWJ4Yy94Y19kb20uaAorKysgYi90b29scy9saWJ4 Yy94Y19kb20uaApAQCAtNTIsNiArNTIsOSBAQCBzdHJ1Y3QgeGNfZG9tX2lt YWdlIHsKICAgICB2b2lkICpyYW1kaXNrX2Jsb2I7CiAgICAgc2l6ZV90IHJh bWRpc2tfc2l6ZTsKIAorICAgIHNpemVfdCBtYXhfa2VybmVsX3NpemU7Cisg ICAgc2l6ZV90IG1heF9yYW1kaXNrX3NpemU7CisKICAgICAvKiBhcmd1bWVu dHMgYW5kIHBhcmFtZXRlcnMgKi8KICAgICBjaGFyICpjbWRsaW5lOwogICAg IHVpbnQzMl90IGZfcmVxdWVzdGVkW1hFTkZFQVRfTlJfU1VCTUFQU107CkBA IC0xNzUsNiArMTc4LDIzIEBAIHZvaWQgeGNfZG9tX3JlbGVhc2VfcGh5cyhz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogdm9pZCB4Y19kb21fcmVsZWFz ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogaW50IHhjX2RvbV9tZW1f aW5pdChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHVuc2lnbmVkIGludCBt ZW1fbWIpOwogCisvKiBTZXQgdGhpcyBsYXJnZXIgaWYgeW91IGhhdmUgZW5v cm1vdXMgcmFtZGlza3Mva2VybmVscy4gTm90ZSB0aGF0CisgKiB5b3Ugc2hv dWxkIHRydXN0IGFsbCBrZXJuZWxzIG5vdCB0byBiZSBtYWxpY2lvdXNseSBs YXJnZSAoZS5nLiB0bworICogZXhoYXVzdCBhbGwgZG9tMCBtZW1vcnkpIGlm IHlvdSBkbyB0aGlzIChzZWUgQ1ZFLTIwMTItNDU0NCAvCisgKiBYU0EtMjUp LiBZb3UgY2FuIGFsc28gc2V0IHRoZSBkZWZhdWx0IGluZGVwZW5kZW50bHkg Zm9yCisgKiByYW1kaXNrcy9rZXJuZWxzIGluIHhjX2RvbV9hbGxvY2F0ZSgp IG9yIGNhbGwKKyAqIHhjX2RvbV97a2VybmVsLHJhbWRpc2t9X21heF9zaXpl LgorICovCisjaWZuZGVmIFhDX0RPTV9ERUNPTVBSRVNTX01BWAorI2RlZmlu ZSBYQ19ET01fREVDT01QUkVTU19NQVggKDEwMjQqMTAyNCoxMDI0KSAvKiAx R0IgKi8KKyNlbmRpZgorCitpbnQgeGNfZG9tX2tlcm5lbF9jaGVja19zaXpl KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4 Y19kb21fa2VybmVsX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRv bSwgc2l6ZV90IHN6KTsKKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3Np emUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworaW50 IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2Ug KmRvbSwgc2l6ZV90IHN6KTsKKwogc2l6ZV90IHhjX2RvbV9jaGVja19nemlw KHhjX2ludGVyZmFjZSAqeGNoLAogICAgICAgICAgICAgICAgICAgICAgdm9p ZCAqYmxvYiwgc2l6ZV90IHppcGxlbik7CiBpbnQgeGNfZG9tX2RvX2d1bnpp cCh4Y19pbnRlcmZhY2UgKnhjaCwKQEAgLTIyNCw3ICsyNDQsOCBAQCB2b2lk IHhjX2RvbV9sb2dfbWVtb3J5X2Zvb3RwcmludChzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20pOwogdm9pZCAqeGNfZG9tX21hbGxvYyhzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sIHNpemVfdCBzaXplKTsKIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpOwogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSk7Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5h bWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKTsKIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp OwogCiAvKiAtLS0gYWxsb2MgbWVtb3J5IHBvb2wgLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwpkaWZmIC0tZ2l0IGEv dG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYyBiL3Rvb2xzL2xp YnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMKaW5kZXggOTg1MmU2Ny4uNzNj ZmFkMSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vs b2FkZXIuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fYnppbWFnZWxvYWRl ci5jCkBAIC00NywxMyArNDcsMTkgQEAgc3RhdGljIGludCB4Y190cnlfYnpp cDJfZGVjb2RlKAogICAgIGNoYXIgKm91dF9idWY7CiAgICAgY2hhciAqdG1w X2J1ZjsKICAgICBpbnQgcmV0dmFsID0gLTE7Ci0gICAgaW50IG91dHNpemU7 CisgICAgdW5zaWduZWQgaW50IG91dHNpemU7CiAgICAgdWludDY0X3QgdG90 YWw7CiAKICAgICBzdHJlYW0uYnphbGxvYyA9IE5VTEw7CiAgICAgc3RyZWFt LmJ6ZnJlZSA9IE5VTEw7CiAgICAgc3RyZWFtLm9wYXF1ZSA9IE5VTEw7CiAK KyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IGlzIDAgc2l6ZSIpOworICAg ICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgcmV0ID0gQloyX2J6RGVj b21wcmVzc0luaXQoJnN0cmVhbSwgMCwgMCk7CiAgICAgaWYgKCByZXQgIT0g QlpfT0sgKQogICAgIHsKQEAgLTY2LDYgKzcyLDE3IEBAIHN0YXRpYyBpbnQg eGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVy IHRvIHN0YXJ0LCBhbmQgd2UnbGwgcmVhbGxvYyBhcyBuZWVkZWQuCiAgICAg ICovCiAgICAgb3V0c2l6ZSA9IGRvbS0+a2VybmVsX3NpemU7CisKKyAgICAv KgorICAgICAqIHN0cmVhbS5hdmFpbF9pbiBhbmQgb3V0c2l6ZSBhcmUgdW5z aWduZWQgaW50LCB3aGlsZSBrZXJuZWxfc2l6ZQorICAgICAqIGlzIGEgc2l6 ZV90LiBDaGVjayB3ZSBhcmVuJ3Qgb3ZlcmZsb3dpbmcuCisgICAgICovCisg ICAgaWYgKCBvdXRzaXplICE9IGRvbS0+a2VybmVsX3NpemUgKQorICAgIHsK KyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgdG9vIGxhcmdlIik7 CisgICAgICAgIGdvdG8gYnppcDJfY2xlYW51cDsKKyAgICB9CisKICAgICBv dXRfYnVmID0gbWFsbG9jKG91dHNpemUpOwogICAgIGlmICggb3V0X2J1ZiA9 PSBOVUxMICkKICAgICB7CkBAIC05OCwxMyArMTE1LDIwIEBAIHN0YXRpYyBp bnQgeGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0u YXZhaWxfb3V0ID09IDAgKQogICAgICAgICB7CiAgICAgICAgICAgICAvKiBQ cm90ZWN0IGFnYWluc3Qgb3V0cHV0IGJ1ZmZlciBvdmVyZmxvdyAqLwotICAg ICAgICAgICAgaWYgKCBvdXRzaXplID4gSU5UX01BWCAvIDIgKQorICAgICAg ICAgICAgaWYgKCBvdXRzaXplID4gVUlOVF9NQVggLyAyICkKICAgICAgICAg ICAgIHsKICAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJlZShv dXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7 CiAgICAgICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAg ICAgIHsKKyAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgdG9vIGxhcmdlIik7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVm KTsKKyAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTE3Miw5ICsxOTYsMTUg QEAgc3RhdGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgdW5zaWdu ZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBjaGFyICp0bXBfYnVm OwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQgb3V0c2l6ZTsKKyAg ICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFyICptc2c7CiAKKyAg ICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAgICAg IERPTVBSSU5URigiTFpNQTogSW5wdXQgaXMgMCBzaXplIik7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQgPSBsem1hX2Fsb25lX2Rl Y29kZXIoJnN0cmVhbSwgMTI4KjEwMjQqMTAyNCk7CiAgICAgaWYgKCByZXQg IT0gTFpNQV9PSyApCiAgICAgewpAQCAtMjUxLDEzICsyODEsMjAgQEAgc3Rh dGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICggc3Ry ZWFtLmF2YWlsX291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAg LyogUHJvdGVjdCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8K LSAgICAgICAgICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAg ICAgICAgICAgIGlmICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAg ICAgICAgICB7CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJMWk1BOiBv dXRwdXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJl ZShvdXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51 cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYgKCB4Y19kb21f a2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikgKQorICAgICAg ICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigiTFpNQTogb3V0 cHV0IHRvbyBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTMyNyw2ICszNjQsMTIg QEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2RlKAogICAgICAgICAw eDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBkLCAweDBhLCAweDFh LCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICogbHpvX3VpbnQgc2hv dWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlzIGlzIHRoZSBjYXNl IHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVyZmxvdyB2YXJpb3Vz IGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBYQ19CVUlMRF9CVUdf T04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6ZV90KSk7CisKICAg ICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0ICE9IExaT19FX09L ICkKICAgICB7CkBAIC00MDYsNiArNDQ5LDE0IEBAIHN0YXRpYyBpbnQgeGNf dHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBzcmNfbGVuIDw9IDAg fHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+IGxlZnQgKQogICAg ICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0gIk91dHB1dCBidWZm ZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXplID4gU0laRV9NQVgg LSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOworCisgICAgICAgIG1z ZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdlIjsKKyAgICAgICAg aWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCAqc2l6ZSArIGRz dF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAgICAgICAgIG1zZyA9 ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAgICAgICAgIHRtcF9i dWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0X2xlbik7CiAgICAg ICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCmluZGV4IGZlYTlkZTUuLjJhMDFkN2MgMTAwNjQ0Ci0tLSBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9t X2NvcmUuYwpAQCAtMTU5LDcgKzE1OSw4IEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUp CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmls ZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAgIHN0cnVjdCB4 Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZkID0gLTE7CkBA IC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1h cChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCiAgICAgbHNlZWsoZmQsIDAs IFNFRUtfU0VUKTsKICAgICAqc2l6ZSA9IGxzZWVrKGZkLCAwLCBTRUVLX0VO RCk7CiAKKyAgICBpZiAoIG1heF9zaXplICYmICpzaXplID4gbWF4X3NpemUg KQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNoLCBYQ19P VVRfT0ZfTUVNT1JZLAorICAgICAgICAgICAgICAgICAgICAgInRyaWVkIHRv IG1hcCBmaWxlIHdoaWNoIGlzIHRvbyBsYXJnZSIpOworICAgICAgICBnb3Rv IGVycjsKKyAgICB9CisKICAgICBibG9jayA9IG1hbGxvYyhzaXplb2YoKmJs b2NrKSk7CiAgICAgaWYgKCBibG9jayA9PSBOVUxMICkKICAgICAgICAgZ290 byBlcnI7CkBAIC0yMjIsNiArMjMwLDQwIEBAIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp CiB9CiAKIC8qIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLworLyog ZGVjb21wcmVzc2lvbiBidWZmZXIgc2l6aW5nICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICovCitpbnQgeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHN6KQoreworICAgIC8qIE5vIGxpbWl0ICovCisgICAgaWYgKCAhZG9t LT5tYXhfa2VybmVsX3NpemUgKQorICAgICAgICByZXR1cm4gMDsKKworICAg IGlmICggc3ogPiBkb20tPm1heF9rZXJuZWxfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgImtlcm5lbCBpbWFnZSB0b28gbGFy Z2UiKTsKKyAgICAgICAgcmV0dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJu IDA7Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIC8qIE5v IGxpbWl0ICovCisgICAgaWYgKCAhZG9tLT5tYXhfcmFtZGlza19zaXplICkK KyAgICAgICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhf cmFtZGlza19zaXplICkKKyAgICB7CisgICAgICAgIHhjX2RvbV9wYW5pYyhk b20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisgICAgICAgICAgICAgICAg ICAgICAicmFtZGlzayBpbWFnZSB0b28gbGFyZ2UiKTsKKyAgICAgICAgcmV0 dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9CisKKy8qIC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwogLyogcmVhZCBmaWxlcywgY29w eSBtZW1vcnkgYmxvY2tzLCB3aXRoIHRyYW5zcGFyZW50IGd1bnppcCAgICAg ICAgICAgICAgICAgICovCiAKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4 Y19pbnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikK QEAgLTIzNSw3ICsyNzcsNyBAQCBzaXplX3QgeGNfZG9tX2NoZWNrX2d6aXAo eGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJsb2IsIHNpemVfdCB6aXBsZW4p CiAKICAgICBnemxlbiA9IGJsb2IgKyB6aXBsZW4gLSA0OwogICAgIHVuemlw bGVuID0gZ3psZW5bM10gPDwgMjQgfCBnemxlblsyXSA8PCAxNiB8IGd6bGVu WzFdIDw8IDggfCBnemxlblswXTsKLSAgICBpZiAoICh1bnppcGxlbiA8IDAp IHx8ICh1bnppcGxlbiA+ICgxMDI0KjEwMjQqMTAyNCkpICkgLyogMUdCIGxp bWl0ICovCisgICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBsZW4g PiBYQ19ET01fREVDT01QUkVTU19NQVgpICkKICAgICB7CiAgICAgICAgIHhj X2RvbV9wcmludGYKICAgICAgICAgICAgICh4Y2gsCkBAIC0yODgsNiArMzMw LDkgQEAgaW50IHhjX2RvbV90cnlfZ3VuemlwKHN0cnVjdCB4Y19kb21faW1h Z2UgKmRvbSwgdm9pZCAqKmJsb2IsIHNpemVfdCAqIHNpemUpCiAgICAgaWYg KCB1bnppcGxlbiA9PSAwICkKICAgICAgICAgcmV0dXJuIDA7CiAKKyAgICBp ZiAoIHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAp CisgICAgICAgIHJldHVybiAwOworCiAgICAgdW56aXAgPSB4Y19kb21fbWFs bG9jKGRvbSwgdW56aXBsZW4pOwogICAgIGlmICggdW56aXAgPT0gTlVMTCAp CiAgICAgICAgIHJldHVybiAtMTsKQEAgLTU4OCw2ICs2MzMsOSBAQCBzdHJ1 Y3QgeGNfZG9tX2ltYWdlICp4Y19kb21fYWxsb2NhdGUoeGNfaW50ZXJmYWNl ICp4Y2gsCiAgICAgbWVtc2V0KGRvbSwgMCwgc2l6ZW9mKCpkb20pKTsKICAg ICBkb20tPnhjaCA9IHhjaDsKIAorICAgIGRvbS0+bWF4X2tlcm5lbF9zaXpl ID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworICAgIGRvbS0+bWF4X3JhbWRp c2tfc2l6ZSA9IFhDX0RPTV9ERUNPTVBSRVNTX01BWDsKKwogICAgIGlmICgg Y21kbGluZSApCiAgICAgICAgIGRvbS0+Y21kbGluZSA9IHhjX2RvbV9zdHJk dXAoZG9tLCBjbWRsaW5lKTsKICAgICBpZiAoIGZlYXR1cmVzICkKQEAgLTYw OCwxMCArNjU2LDI1IEBAIHN0cnVjdCB4Y19kb21faW1hZ2UgKnhjX2RvbV9h bGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhjaCwKICAgICByZXR1cm4gTlVMTDsK IH0KIAoraW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgRE9NUFJJTlRGKCIl czoga2VybmVsX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3opOwor ICAgIGRvbS0+bWF4X2tlcm5lbF9zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYo IiVzOiByYW1kaXNrX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3op OworICAgIGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSA9IHN6OworICAgIHJldHVy biAwOworfQorCiBpbnQgeGNfZG9tX2tlcm5lbF9maWxlKHN0cnVjdCB4Y19k b21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqZmlsZW5hbWUpCiB7CiAgICAg RE9NUFJJTlRGKCIlczogZmlsZW5hbWU9XCIlc1wiIiwgX19GVU5DVElPTl9f LCBmaWxlbmFtZSk7Ci0gICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9t YWxsb2NfZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6 ZSk7CisgICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9tYWxsb2NfZmls ZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6ZSwKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvbS0+ bWF4X2tlcm5lbF9zaXplKTsKICAgICBpZiAoIGRvbS0+a2VybmVsX2Jsb2Ig PT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKICAgICByZXR1cm4geGNf ZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5rZXJuZWxfYmxvYiwgJmRvbS0+ a2VybmVsX3NpemUpOwpAQCAtNjIxLDcgKzY4NCw5IEBAIGludCB4Y19kb21f cmFtZGlza19maWxlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3Qg Y2hhciAqZmlsZW5hbWUpCiB7CiAgICAgRE9NUFJJTlRGKCIlczogZmlsZW5h bWU9XCIlc1wiIiwgX19GVU5DVElPTl9fLCBmaWxlbmFtZSk7CiAgICAgZG9t LT5yYW1kaXNrX2Jsb2IgPQotICAgICAgICB4Y19kb21fbWFsbG9jX2ZpbGVt YXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFtZGlza19zaXplKTsKKyAgICAg ICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20t PnJhbWRpc2tfc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSk7CisKICAgICBpZiAoIGRvbS0+cmFt ZGlza19ibG9iID09IE5VTEwgKQogICAgICAgICByZXR1cm4gLTE7CiAvLyAg ICByZXR1cm4geGNfZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5yYW1kaXNr X2Jsb2IsICZkb20tPnJhbWRpc2tfc2l6ZSk7CkBAIC03ODEsNyArODQ2LDEx IEBAIGludCB4Y19kb21fYnVpbGRfaW1hZ2Uoc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tKQogICAgICAgICB2b2lkICpyYW1kaXNrbWFwOwogCiAgICAgICAg IHVuemlwbGVuID0geGNfZG9tX2NoZWNrX2d6aXAoZG9tLT54Y2gsIGRvbS0+ cmFtZGlza19ibG9iLCBkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIGlm ICggeGNfZG9tX3JhbWRpc2tfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAh PSAwICkKKyAgICAgICAgICAgIHVuemlwbGVuID0gMDsKKwogICAgICAgICBy YW1kaXNrbGVuID0gdW56aXBsZW4gPyB1bnppcGxlbiA6IGRvbS0+cmFtZGlz a19zaXplOworCiAgICAgICAgIGlmICggeGNfZG9tX2FsbG9jX3NlZ21lbnQo ZG9tLCAmZG9tLT5yYW1kaXNrX3NlZywgInJhbWRpc2siLCAwLAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJhbWRpc2tsZW4pICE9IDAg KQogICAgICAgICAgICAgZ290byBlcnI7CmRpZmYgLS1naXQgYS90b29scy9w eWdydWIvc3JjL3B5Z3J1YiBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCmlu ZGV4IDE3YzAwODMuLjFhM2MxYzMgMTAwNjQ0Ci0tLSBhL3Rvb2xzL3B5Z3J1 Yi9zcmMvcHlncnViCisrKyBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCkBA IC0yOCw2ICsyOCw3IEBAIGltcG9ydCBncnViLkxpbG9Db25mCiBpbXBvcnQg Z3J1Yi5FeHRMaW51eENvbmYKIAogUFlHUlVCX1ZFUiA9IDAuNgorRlNfUkVB RF9NQVggPSAxMDI0ICogMTAyNAogCiBkZWYgZW5hYmxlX2N1cnNvcihpc29u KToKICAgICBpZiBpc29uOgpAQCAtNDIxLDcgKzQyMiw4IEBAIGNsYXNzIEdy dWI6CiAgICAgICAgIGlmIHNlbGYuX19kaWN0X18uZ2V0KCdjZicsIE5vbmUp IGlzIE5vbmU6CiAgICAgICAgICAgICByYWlzZSBSdW50aW1lRXJyb3IsICJj b3VsZG4ndCBmaW5kIGJvb3Rsb2FkZXIgY29uZmlnIGZpbGUgaW4gdGhlIGlt YWdlIHByb3ZpZGVkLiIKICAgICAgICAgZiA9IGZzLm9wZW5fZmlsZShzZWxm LmNmLmZpbGVuYW1lKQotICAgICAgICBidWYgPSBmLnJlYWQoKQorICAgICAg ICAjIGxpbWl0IHJlYWQgc2l6ZSB0byBhdm9pZCBwYXRob2xvZ2ljYWwgY2Fz ZXMKKyAgICAgICAgYnVmID0gZi5yZWFkKEZTX1JFQURfTUFYKQogICAgICAg ICBkZWwgZgogICAgICAgICBzZWxmLmNmLnBhcnNlKGJ1ZikKIApAQCAtNjcw LDYgKzY3MiwzNyBAQCBpZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAg IGRlZiB1c2FnZSgpOgogICAgICAgICBwcmludCA+PiBzeXMuc3RkZXJyLCAi VXNhZ2U6ICVzIFstcXwtLXF1aWV0XSBbLWl8LS1pbnRlcmFjdGl2ZV0gWy1u fC0tbm90LXJlYWxseV0gWy0tb3V0cHV0PV0gWy0ta2VybmVsPV0gWy0tcmFt ZGlzaz1dIFstLWFyZ3M9XSBbLS1lbnRyeT1dIFstLW91dHB1dC1kaXJlY3Rv cnk9XSBbLS1vdXRwdXQtZm9ybWF0PXN4cHxzaW1wbGV8c2ltcGxlMF0gPGlt YWdlPiIgJShzeXMuYXJndlswXSwpCiAKKyAgICBkZWYgY29weV9mcm9tX2lt YWdlKGZzLCBmaWxlX3RvX3JlYWQsIGZpbGVfdHlwZSwgb3V0cHV0X2RpcmVj dG9yeSwKKyAgICAgICAgICAgICAgICAgICAgICAgIG5vdF9yZWFsbHkpOgor ICAgICAgICBpZiBub3RfcmVhbGx5OgorICAgICAgICAgICAgaWYgZnMuZmls ZV9leGlzdHMoZmlsZV90b19yZWFkKToKKyAgICAgICAgICAgICAgICByZXR1 cm4gIjwlczolcz4iICUgKGZpbGVfdHlwZSwgZmlsZV90b19yZWFkKQorICAg ICAgICAgICAgZWxzZToKKyAgICAgICAgICAgICAgICBzeXMuZXhpdCgiVGhl IHJlcXVlc3RlZCAlcyBmaWxlIGRvZXMgbm90IGV4aXN0IiAlIGZpbGVfdHlw ZSkKKyAgICAgICAgdHJ5OgorICAgICAgICAgICAgZGF0YWZpbGUgPSBmcy5v cGVuX2ZpbGUoZmlsZV90b19yZWFkKQorICAgICAgICBleGNlcHQgRXhjZXB0 aW9uLCBlOgorICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBlCisg ICAgICAgICAgICBzeXMuZXhpdCgiRXJyb3Igb3BlbmluZyAlcyBpbiBndWVz dCIgJSBmaWxlX3RvX3JlYWQpCisgICAgICAgICh0ZmQsIHJldCkgPSB0ZW1w ZmlsZS5ta3N0ZW1wKHByZWZpeD0iYm9vdF8iK2ZpbGVfdHlwZSsiLiIsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRpcj1vdXRw dXRfZGlyZWN0b3J5KQorICAgICAgICBkYXRhb2ZmID0gMAorICAgICAgICB3 aGlsZSBUcnVlOgorICAgICAgICAgICAgZGF0YSA9IGRhdGFmaWxlLnJlYWQo RlNfUkVBRF9NQVgsIGRhdGFvZmYpCisgICAgICAgICAgICBpZiBsZW4oZGF0 YSkgPT0gMDoKKyAgICAgICAgICAgICAgICBvcy5jbG9zZSh0ZmQpCisgICAg ICAgICAgICAgICAgZGVsIGRhdGFmaWxlCisgICAgICAgICAgICAgICAgcmV0 dXJuIHJldAorICAgICAgICAgICAgdHJ5OgorICAgICAgICAgICAgICAgIG9z LndyaXRlKHRmZCwgZGF0YSkKKyAgICAgICAgICAgIGV4Y2VwdCBFeGNlcHRp b24sIGU6CisgICAgICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBl CisgICAgICAgICAgICAgICAgb3MuY2xvc2UodGZkKQorICAgICAgICAgICAg ICAgIG9zLnVubGluayhyZXQpCisgICAgICAgICAgICAgICAgZGVsIGRhdGFm aWxlCisgICAgICAgICAgICAgICAgc3lzLmV4aXQoIkVycm9yIHdyaXRpbmcg dGVtcG9yYXJ5IGNvcHkgb2YgIitmaWxlX3R5cGUpCisgICAgICAgICAgICBk YXRhb2ZmICs9IGxlbihkYXRhKQorCiAgICAgdHJ5OgogICAgICAgICBvcHRz LCBhcmdzID0gZ2V0b3B0LmdudV9nZXRvcHQoc3lzLmFyZ3ZbMTpdLCAncWlu aDo6JywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWyJx dWlldCIsICJpbnRlcmFjdGl2ZSIsICJub3QtcmVhbGx5IiwgImhlbHAiLCAK QEAgLTc4NiwyNCArODE5LDE4IEBAIGlmIF9fbmFtZV9fID09ICJfX21haW5f XyI6CiAgICAgaWYgbm90IGZzOgogICAgICAgICByYWlzZSBSdW50aW1lRXJy b3IsICJVbmFibGUgdG8gZmluZCBwYXJ0aXRpb24gY29udGFpbmluZyBrZXJu ZWwiCiAKLSAgICBpZiBub3RfcmVhbGx5OgotICAgICAgICBib290Y2ZnWyJr ZXJuZWwiXSA9ICI8a2VybmVsOiVzPiIgJSBjaG9zZW5jZmdbImtlcm5lbCJd Ci0gICAgZWxzZToKLSAgICAgICAgZGF0YSA9IGZzLm9wZW5fZmlsZShjaG9z ZW5jZmdbImtlcm5lbCJdKS5yZWFkKCkKLSAgICAgICAgKHRmZCwgYm9vdGNm Z1sia2VybmVsIl0pID0gdGVtcGZpbGUubWtzdGVtcChwcmVmaXg9ImJvb3Rf a2VybmVsLiIsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgZGlyPW91dHB1dF9kaXJlY3RvcnkpCi0gICAg ICAgIG9zLndyaXRlKHRmZCwgZGF0YSkKLSAgICAgICAgb3MuY2xvc2UodGZk KQorICAgIGJvb3RjZmdbImtlcm5lbCJdID0gY29weV9mcm9tX2ltYWdlKGZz LCBjaG9zZW5jZmdbImtlcm5lbCJdLCAia2VybmVsIiwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvdXRwdXRfZGlyZWN0b3J5 LCBub3RfcmVhbGx5KQogCiAgICAgaWYgY2hvc2VuY2ZnWyJyYW1kaXNrIl06 Ci0gICAgICAgIGlmIG5vdF9yZWFsbHk6Ci0gICAgICAgICAgICBib290Y2Zn WyJyYW1kaXNrIl0gPSAiPHJhbWRpc2s6JXM+IiAlIGNob3NlbmNmZ1sicmFt ZGlzayJdCi0gICAgICAgIGVsc2U6Ci0gICAgICAgICAgICBkYXRhID0gZnMu b3Blbl9maWxlKGNob3NlbmNmZ1sicmFtZGlzayJdLCkucmVhZCgpCi0gICAg ICAgICAgICAodGZkLCBib290Y2ZnWyJyYW1kaXNrIl0pID0gdGVtcGZpbGUu bWtzdGVtcCgKLSAgICAgICAgICAgICAgICBwcmVmaXg9ImJvb3RfcmFtZGlz ay4iLCBkaXI9b3V0cHV0X2RpcmVjdG9yeSkKLSAgICAgICAgICAgIG9zLndy aXRlKHRmZCwgZGF0YSkKLSAgICAgICAgICAgIG9zLmNsb3NlKHRmZCkKKyAg ICAgICAgdHJ5OgorICAgICAgICAgICAgYm9vdGNmZ1sicmFtZGlzayJdID0g Y29weV9mcm9tX2ltYWdlKGZzLCBjaG9zZW5jZmdbInJhbWRpc2siXSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAicmFtZGlzayIsIG91dHB1dF9kaXJlY3RvcnksCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbm90X3JlYWxs eSkKKyAgICAgICAgZXhjZXB0OgorICAgICAgICAgICAgaWYgbm90IG5vdF9y ZWFsbHk6CisgICAgICAgICAgICAgICAgb3MudW5saW5rKGJvb3RjZmdbImtl cm5lbCJdKQorICAgICAgICAgICAgcmFpc2UKICAgICBlbHNlOgogICAgICAg ICBpbml0cmQgPSBOb25lCiAK --=separator Content-Type: application/octet-stream; name="xsa25-4.2.patch" Content-Disposition: attachment; filename="xsa25-4.2.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtLWdpdCBh L3N0dWJkb20vZ3J1Yi9rZXhlYy5jIGIvc3R1YmRvbS9ncnViL2tleGVjLmMK aW5kZXggMDZiZWY1Mi4uYjIxYzkxYSAxMDA2NDQKLS0tIGEvc3R1YmRvbS9n cnViL2tleGVjLmMKKysrIGIvc3R1YmRvbS9ncnViL2tleGVjLmMKQEAgLTEz Nyw2ICsxMzcsMTAgQEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcg a2VybmVsX3NpemUsIHZvaWQgKm1vZHVsZSwgbG9uZyBtb2R1bGVfc2l6ZSwg Y2hhcgogICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNt ZGxpbmUsIGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNf YWxsb2NhdGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQg bWVtb3J5LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9r ZXJuZWxfbWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19t YXhfc2l6ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtl cm5lbDsKICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAK ZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oIGIvdG9vbHMvbGli eGMveGNfZG9tLmgKaW5kZXggMmFlZjY0YS4uNmE3MmFhOSAxMDA2NDQKLS0t IGEvdG9vbHMvbGlieGMveGNfZG9tLmgKKysrIGIvdG9vbHMvbGlieGMveGNf ZG9tLmgKQEAgLTU1LDYgKzU1LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7 CiAgICAgdm9pZCAqcmFtZGlza19ibG9iOwogICAgIHNpemVfdCByYW1kaXNr X3NpemU7CiAKKyAgICBzaXplX3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNp emVfdCBtYXhfcmFtZGlza19zaXplOworCiAgICAgLyogYXJndW1lbnRzIGFu ZCBwYXJhbWV0ZXJzICovCiAgICAgY2hhciAqY21kbGluZTsKICAgICB1aW50 MzJfdCBmX3JlcXVlc3RlZFtYRU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTgw LDYgKzE4MywyMyBAQCB2b2lkIHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0 IHhjX2RvbV9pbWFnZSAqZG9tKTsKIHZvaWQgeGNfZG9tX3JlbGVhc2Uoc3Ry dWN0IHhjX2RvbV9pbWFnZSAqZG9tKTsKIGludCB4Y19kb21fbWVtX2luaXQo c3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCB1bnNpZ25lZCBpbnQgbWVtX21i KTsKIAorLyogU2V0IHRoaXMgbGFyZ2VyIGlmIHlvdSBoYXZlIGVub3Jtb3Vz IHJhbWRpc2tzL2tlcm5lbHMuIE5vdGUgdGhhdAorICogeW91IHNob3VsZCB0 cnVzdCBhbGwga2VybmVscyBub3QgdG8gYmUgbWFsaWNpb3VzbHkgbGFyZ2Ug KGUuZy4gdG8KKyAqIGV4aGF1c3QgYWxsIGRvbTAgbWVtb3J5KSBpZiB5b3Ug ZG8gdGhpcyAoc2VlIENWRS0yMDEyLTQ1NDQgLworICogWFNBLTI1KS4gWW91 IGNhbiBhbHNvIHNldCB0aGUgZGVmYXVsdCBpbmRlcGVuZGVudGx5IGZvcgor ICogcmFtZGlza3Mva2VybmVscyBpbiB4Y19kb21fYWxsb2NhdGUoKSBvciBj YWxsCisgKiB4Y19kb21fe2tlcm5lbCxyYW1kaXNrfV9tYXhfc2l6ZS4KKyAq LworI2lmbmRlZiBYQ19ET01fREVDT01QUkVTU19NQVgKKyNkZWZpbmUgWENf RE9NX0RFQ09NUFJFU1NfTUFYICgxMDI0KjEwMjQqMTAyNCkgLyogMUdCICov CisjZW5kaWYKKworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1 Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeik7CitpbnQgeGNfZG9t X2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNp emVfdCBzeik7CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4Y19k b21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20s IHNpemVfdCBzeik7CisKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwKICAgICAgICAgICAgICAgICAgICAgIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pOwogaW50IHhjX2RvbV9kb19ndW56aXAoeGNf aW50ZXJmYWNlICp4Y2gsCkBAIC0yNDAsNyArMjYwLDggQEAgdm9pZCB4Y19k b21fbG9nX21lbW9yeV9mb290cHJpbnQoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBz aXplKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBz aXplX3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNv bnN0IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAog LyogLS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMgYi90b29scy9saWJ4Yy94 Y19kb21fYnppbWFnZWxvYWRlci5jCmluZGV4IDExM2Q0MGYuLmIxYjJlYjAg MTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVy LmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwpA QCAtNDcsMTMgKzQ3LDE5IEBAIHN0YXRpYyBpbnQgeGNfdHJ5X2J6aXAyX2Rl Y29kZSgKICAgICBjaGFyICpvdXRfYnVmOwogICAgIGNoYXIgKnRtcF9idWY7 CiAgICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAg IHVuc2lnbmVkIGludCBvdXRzaXplOwogICAgIHVpbnQ2NF90IHRvdGFsOwog CiAgICAgc3RyZWFtLmJ6YWxsb2MgPSBOVUxMOwogICAgIHN0cmVhbS5iemZy ZWUgPSBOVUxMOwogICAgIHN0cmVhbS5vcGFxdWUgPSBOVUxMOwogCisgICAg aWYgKCBkb20tPmtlcm5lbF9zaXplID09IDApCisgICAgeworICAgICAgICBE T01QUklOVEYoIkJaSVAyOiBJbnB1dCBpcyAwIHNpemUiKTsKKyAgICAgICAg cmV0dXJuIC0xOworICAgIH0KKwogICAgIHJldCA9IEJaMl9iekRlY29tcHJl c3NJbml0KCZzdHJlYW0sIDAsIDApOwogICAgIGlmICggcmV0ICE9IEJaX09L ICkKICAgICB7CkBAIC02Niw2ICs3MiwxNyBAQCBzdGF0aWMgaW50IHhjX3Ry eV9iemlwMl9kZWNvZGUoCiAgICAgICogdGhlIGlucHV0IGJ1ZmZlciB0byBz dGFydCwgYW5kIHdlJ2xsIHJlYWxsb2MgYXMgbmVlZGVkLgogICAgICAqLwog ICAgIG91dHNpemUgPSBkb20tPmtlcm5lbF9zaXplOworCisgICAgLyoKKyAg ICAgKiBzdHJlYW0uYXZhaWxfaW4gYW5kIG91dHNpemUgYXJlIHVuc2lnbmVk IGludCwgd2hpbGUga2VybmVsX3NpemUKKyAgICAgKiBpcyBhIHNpemVfdC4g Q2hlY2sgd2UgYXJlbid0IG92ZXJmbG93aW5nLgorICAgICAqLworICAgIGlm ICggb3V0c2l6ZSAhPSBkb20tPmtlcm5lbF9zaXplICkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IHRvbyBsYXJnZSIpOworICAg ICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAgfQorCiAgICAgb3V0X2J1 ZiA9IG1hbGxvYyhvdXRzaXplKTsKICAgICBpZiAoIG91dF9idWYgPT0gTlVM TCApCiAgICAgewpAQCAtOTgsMTMgKzExNSwyMCBAQCBzdGF0aWMgaW50IHhj X3RyeV9iemlwMl9kZWNvZGUoCiAgICAgICAgIGlmICggc3RyZWFtLmF2YWls X291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVj dCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAg ICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IFVJTlRfTUFYIC8gMiApCiAgICAgICAgICAgICB7 CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IGJ1 ZmZlciBvdmVyZmxvdyIpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOwogICAg ICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAoIHhjX2RvbV9rZXJuZWxf Y2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSApCisgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IHRv byBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1Zik7Cisg ICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAgICAgICAg ICAgfQorCiAgICAgICAgICAgICB0bXBfYnVmID0gcmVhbGxvYyhvdXRfYnVm LCBvdXRzaXplICogMik7CiAgICAgICAgICAgICBpZiAoIHRtcF9idWYgPT0g TlVMTCApCiAgICAgICAgICAgICB7CkBAIC0xNzIsOSArMTk2LDE1IEBAIHN0 YXRpYyBpbnQgX3hjX3RyeV9sem1hX2RlY29kZSgKICAgICB1bnNpZ25lZCBj aGFyICpvdXRfYnVmOwogICAgIHVuc2lnbmVkIGNoYXIgKnRtcF9idWY7CiAg ICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAgIHNp emVfdCBvdXRzaXplOwogICAgIGNvbnN0IGNoYXIgKm1zZzsKIAorICAgIGlm ICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQorICAgIHsKKyAgICAgICAgRE9N UFJJTlRGKCIlczogSW5wdXQgaXMgMCBzaXplIiwgd2hhdCk7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICAvKiBzaWdoLiAgV2UgZG9uJ3Qg a25vdyB1cC1mcm9udCBob3cgbXVjaCBtZW1vcnkgd2UgYXJlIGdvaW5nIHRv IG5lZWQKICAgICAgKiBmb3IgdGhlIG91dHB1dCBidWZmZXIuICBBbGxvY2F0 ZSB0aGUgb3V0cHV0IGJ1ZmZlciB0byBiZSBlcXVhbAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KQEAgLTI0NCwxMyArMjc0LDIwIEBAIHN0YXRpYyBpbnQgX3hjX3Ry eV9sem1hX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0tPmF2YWlsX291 dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVjdCBh Z2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAgIGlm ICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIlczogb3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyIsIHdoYXQpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CiAgICAg ICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tlcm5lbF9j aGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAgICAgIHsK KyAgICAgICAgICAgICAgICBET01QUklOVEYoIiVzOiBvdXRwdXQgdG9vIGxh cmdlIiwgd2hhdCk7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVmKTsK KyAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51cDsKKyAgICAgICAg ICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9IHJlYWxsb2Mob3V0X2J1 Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAgaWYgKCB0bXBfYnVmID09 IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMzU5LDYgKzM5NiwxMiBAQCBz dGF0aWMgaW50IHhjX3RyeV9sem8xeF9kZWNvZGUoCiAgICAgICAgIDB4ODks IDB4NGMsIDB4NWEsIDB4NGYsIDB4MDAsIDB4MGQsIDB4MGEsIDB4MWEsIDB4 MGEKICAgICB9OwogCisgICAgLyoKKyAgICAgKiBsem9fdWludCBzaG91bGQg bWF0Y2ggc2l6ZV90LiBDaGVjayB0aGF0IHRoaXMgaXMgdGhlIGNhc2UgdG8g YmUKKyAgICAgKiBzdXJlIHdlIHdvbid0IG92ZXJmbG93IHZhcmlvdXMgbHpv X3VpbnQgZmllbGRzLgorICAgICAqLworICAgIFhDX0JVSUxEX0JVR19PTihz aXplb2YobHpvX3VpbnQpICE9IHNpemVvZihzaXplX3QpKTsKKwogICAgIHJl dCA9IGx6b19pbml0KCk7CiAgICAgaWYgKCByZXQgIT0gTFpPX0VfT0sgKQog ICAgIHsKQEAgLTQzOCw2ICs0ODEsMTQgQEAgc3RhdGljIGludCB4Y190cnlf bHpvMXhfZGVjb2RlKAogICAgICAgICBpZiAoIHNyY19sZW4gPD0gMCB8fCBz cmNfbGVuID4gZHN0X2xlbiB8fCBzcmNfbGVuID4gbGVmdCApCiAgICAgICAg ICAgICBicmVhazsKIAorICAgICAgICBtc2cgPSAiT3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyI7CisgICAgICAgIGlmICggKnNpemUgPiBTSVpFX01BWCAtIGRz dF9sZW4gKQorICAgICAgICAgICAgYnJlYWs7CisKKyAgICAgICAgbXNnID0g IkRlY29tcHJlc3NlZCBpbWFnZSB0b28gbGFyZ2UiOworICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sICpzaXplICsgZHN0X2xl bikgKQorICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAgbXNnID0gIkZh aWxlZCB0byAocmUpYWxsb2MgbWVtb3J5IjsKICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1ZiwgKnNpemUgKyBkc3RfbGVuKTsKICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQpkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYyBiL3Rvb2xzL2xpYnhjL3hjX2RvbV9jb3JlLmMK aW5kZXggZmVhOWRlNS4uMmEwMWQ3YyAxMDA2NDQKLS0tIGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCkBAIC0xNTksNyArMTU5LDggQEAgdm9pZCAqeGNfZG9tX21hbGxvY19w YWdlX2FsaWduZWQoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c2l6ZSkKIH0KIAogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSkKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFyICpmaWxlbmFt ZSwgc2l6ZV90ICogc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb25zdCBzaXplX3QgbWF4X3NpemUpCiB7CiAgICAgc3RydWN0IHhjX2Rv bV9tZW0gKmJsb2NrID0gTlVMTDsKICAgICBpbnQgZmQgPSAtMTsKQEAgLTE3 MSw2ICsxNzIsMTMgQEAgdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwKICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIGNvbnN0IGNoYXIgKnN0cikKIH0K IAogLyogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tICovCisvKiBkZWNv bXByZXNzaW9uIGJ1ZmZlciBzaXppbmcgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKi8KK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opCit7CisgICAgLyogTm8gbGltaXQgKi8KKyAgICBpZiAoICFkb20tPm1h eF9rZXJuZWxfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAgaWYg KCBzeiA+IGRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICB7CisgICAgICAg IHhjX2RvbV9wYW5pYyhkb20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisg ICAgICAgICAgICAgICAgICAgICAia2VybmVsIGltYWdlIHRvbyBsYXJnZSIp OworICAgICAgICByZXR1cm4gMTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsK K30KKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgLyogTm8gbGlt aXQgKi8KKyAgICBpZiAoICFkb20tPm1heF9yYW1kaXNrX3NpemUgKQorICAg ICAgICByZXR1cm4gMDsKKworICAgIGlmICggc3ogPiBkb20tPm1heF9yYW1k aXNrX3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+ eGNoLCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAg ICJyYW1kaXNrIGltYWdlIHRvbyBsYXJnZSIpOworICAgICAgICByZXR1cm4g MTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKworLyogLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tICovCiAvKiByZWFkIGZpbGVzLCBjb3B5IG1l bW9yeSBibG9ja3MsIHdpdGggdHJhbnNwYXJlbnQgZ3VuemlwICAgICAgICAg ICAgICAgICAgKi8KIAogc2l6ZV90IHhjX2RvbV9jaGVja19nemlwKHhjX2lu dGVyZmFjZSAqeGNoLCB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKQpAQCAt MjM1LDcgKzI3Nyw3IEBAIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikKIAog ICAgIGd6bGVuID0gYmxvYiArIHppcGxlbiAtIDQ7CiAgICAgdW56aXBsZW4g PSBnemxlblszXSA8PCAyNCB8IGd6bGVuWzJdIDw8IDE2IHwgZ3psZW5bMV0g PDwgOCB8IGd6bGVuWzBdOwotICAgIGlmICggKHVuemlwbGVuIDwgMCkgfHwg KHVuemlwbGVuID4gKDEwMjQqMTAyNCoxMDI0KSkgKSAvKiAxR0IgbGltaXQg Ki8KKyAgICBpZiAoICh1bnppcGxlbiA8IDApIHx8ICh1bnppcGxlbiA+IFhD X0RPTV9ERUNPTVBSRVNTX01BWCkgKQogICAgIHsKICAgICAgICAgeGNfZG9t X3ByaW50ZgogICAgICAgICAgICAgKHhjaCwKQEAgLTI4OCw2ICszMzAsOSBA QCBpbnQgeGNfZG9tX3RyeV9ndW56aXAoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCB2b2lkICoqYmxvYiwgc2l6ZV90ICogc2l6ZSkKICAgICBpZiAoIHVu emlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlmICgg eGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkKKyAg ICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxsb2Mo ZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkKICAg ICAgICAgcmV0dXJuIC0xOwpAQCAtNTg4LDYgKzYzMyw5IEBAIHN0cnVjdCB4 Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhj aCwKICAgICBtZW1zZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRv bS0+eGNoID0geGNoOwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBY Q19ET01fREVDT01QUkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19z aXplID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRs aW5lICkKICAgICAgICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChk b20sIGNtZGxpbmUpOwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjA4LDEw ICs2NTYsMjUgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9j YXRlKHhjX2ludGVyZmFjZSAqeGNoLAogICAgIHJldHVybiBOVUxMOwogfQog CitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYoIiVzOiBr ZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7CisgICAg ZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsKKyAgICByZXR1cm4gMDsKK30K KworaW50IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21f aW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIERPTVBSSU5URigiJXM6 IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7Cisg ICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKIGludCB4Y19kb21fa2VybmVsX2ZpbGUoc3RydWN0IHhjX2RvbV9p bWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxlbmFtZSkKIHsKICAgICBET01Q UklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZp bGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxv Y19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplKTsK KyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxvY19maWxlbWFw KGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplLAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9tLT5tYXhf a2VybmVsX3NpemUpOwogICAgIGlmICggZG9tLT5rZXJuZWxfYmxvYiA9PSBO VUxMICkKICAgICAgICAgcmV0dXJuIC0xOwogICAgIHJldHVybiB4Y19kb21f dHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5lbF9ibG9iLCAmZG9tLT5rZXJu ZWxfc2l6ZSk7CkBAIC02MjEsNyArNjg0LDkgQEAgaW50IHhjX2RvbV9yYW1k aXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFy ICpmaWxlbmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1c IiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKICAgICBkb20tPnJh bWRpc2tfYmxvYiA9Ci0gICAgICAgIHhjX2RvbV9tYWxsb2NfZmlsZW1hcChk b20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUpOworICAgICAgICB4 Y19kb21fbWFsbG9jX2ZpbGVtYXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFt ZGlza19zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9t LT5tYXhfcmFtZGlza19zaXplKTsKKwogICAgIGlmICggZG9tLT5yYW1kaXNr X2Jsb2IgPT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKIC8vICAgIHJl dHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPnJhbWRpc2tfYmxv YiwgJmRvbS0+cmFtZGlza19zaXplKTsKQEAgLTc4MSw3ICs4NDYsMTEgQEAg aW50IHhjX2RvbV9idWlsZF9pbWFnZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpk b20pCiAgICAgICAgIHZvaWQgKnJhbWRpc2ttYXA7CiAKICAgICAgICAgdW56 aXBsZW4gPSB4Y19kb21fY2hlY2tfZ3ppcChkb20tPnhjaCwgZG9tLT5yYW1k aXNrX2Jsb2IsIGRvbS0+cmFtZGlza19zaXplKTsKKyAgICAgICAgaWYgKCB4 Y19kb21fcmFtZGlza19jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICE9IDAg KQorICAgICAgICAgICAgdW56aXBsZW4gPSAwOworCiAgICAgICAgIHJhbWRp c2tsZW4gPSB1bnppcGxlbiA/IHVuemlwbGVuIDogZG9tLT5yYW1kaXNrX3Np emU7CisKICAgICAgICAgaWYgKCB4Y19kb21fYWxsb2Nfc2VnbWVudChkb20s ICZkb20tPnJhbWRpc2tfc2VnLCAicmFtZGlzayIsIDAsCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgcmFtZGlza2xlbikgIT0gMCApCiAg ICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: application/octet-stream; name="xsa25-unstable.patch" Content-Disposition: attachment; filename="xsa25-unstable.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBiOWMx ZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHN0dWJkb20vZ3J1Yi9rZXhlYy5j Ci0tLSBhL3N0dWJkb20vZ3J1Yi9rZXhlYy5jCVdlZCBPY3QgMjQgMTU6NDk6 NDEgMjAxMiArMDEwMAorKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwlGcmkg T2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTEzNyw2ICsxMzcsMTAg QEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcga2VybmVsX3Npegog ICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNtZGxpbmUs IGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNfYWxsb2Nh dGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQgbWVtb3J5 LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9rZXJuZWxf bWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19tYXhfc2l6 ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtlcm5lbDsK ICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbS5oCi0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oCVdlZCBPY3QgMjQg MTU6NDk6NDEgMjAxMiArMDEwMAorKysgYi90b29scy9saWJ4Yy94Y19kb20u aAlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTU1LDYgKzU1 LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7CiAgICAgdm9pZCAqcmFtZGlz a19ibG9iOwogICAgIHNpemVfdCByYW1kaXNrX3NpemU7CiAKKyAgICBzaXpl X3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNpemVfdCBtYXhfcmFtZGlza19z aXplOworCiAgICAgLyogYXJndW1lbnRzIGFuZCBwYXJhbWV0ZXJzICovCiAg ICAgY2hhciAqY21kbGluZTsKICAgICB1aW50MzJfdCBmX3JlcXVlc3RlZFtY RU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTk0LDYgKzE5NywyMyBAQCB2b2lk IHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0IHhjX2RvbV9pCiB2b2lkIHhj X2RvbV9yZWxlYXNlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSk7CiBpbnQg eGNfZG9tX21lbV9pbml0KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgdW5z aWduZWQgaW50IG1lbV9tYik7CiAKKy8qIFNldCB0aGlzIGxhcmdlciBpZiB5 b3UgaGF2ZSBlbm9ybW91cyByYW1kaXNrcy9rZXJuZWxzLiBOb3RlIHRoYXQK KyAqIHlvdSBzaG91bGQgdHJ1c3QgYWxsIGtlcm5lbHMgbm90IHRvIGJlIG1h bGljaW91c2x5IGxhcmdlIChlLmcuIHRvCisgKiBleGhhdXN0IGFsbCBkb20w IG1lbW9yeSkgaWYgeW91IGRvIHRoaXMgKHNlZSBDVkUtMjAxMi00NTQ0IC8K KyAqIFhTQS0yNSkuIFlvdSBjYW4gYWxzbyBzZXQgdGhlIGRlZmF1bHQgaW5k ZXBlbmRlbnRseSBmb3IKKyAqIHJhbWRpc2tzL2tlcm5lbHMgaW4geGNfZG9t X2FsbG9jYXRlKCkgb3IgY2FsbAorICogeGNfZG9tX3trZXJuZWwscmFtZGlz a31fbWF4X3NpemUuCisgKi8KKyNpZm5kZWYgWENfRE9NX0RFQ09NUFJFU1Nf TUFYCisjZGVmaW5lIFhDX0RPTV9ERUNPTVBSRVNTX01BWCAoMTAyNCoxMDI0 KjEwMjQpIC8qIDFHQiAqLworI2VuZGlmCisKK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opOworaW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeik7CitpbnQgeGNfZG9tX3JhbWRpc2tfbWF4X3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCiBzaXplX3QgeGNfZG9t X2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsCiAgICAgICAgICAgICAg ICAgICAgICB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKTsKIGludCB4Y19k b21fZG9fZ3VuemlwKHhjX2ludGVyZmFjZSAqeGNoLApAQCAtMjU0LDcgKzI3 NCw4IEBAIHZvaWQgeGNfZG9tX2xvZ19tZW1vcnlfZm9vdHByaW50KHN0cnVj dCAKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3BhZ2Vf YWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzaXpl KTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgY29u c3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBzaXpl X3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0 IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAogLyog LS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtciBiOWMxZTA4NmQ5Yjcg LXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9h ZGVyLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIu YwlXZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMv bGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwlGcmkgT2N0IDI2IDA5OjE5 OjIyIDIwMTIgKzAxMDAKQEAgLTQ3LDEzICs0NywxOSBAQCBzdGF0aWMgaW50 IHhjX3RyeV9iemlwMl9kZWNvZGUoCiAgICAgY2hhciAqb3V0X2J1ZjsKICAg ICBjaGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBp bnQgb3V0c2l6ZTsKKyAgICB1bnNpZ25lZCBpbnQgb3V0c2l6ZTsKICAgICB1 aW50NjRfdCB0b3RhbDsKIAogICAgIHN0cmVhbS5iemFsbG9jID0gTlVMTDsK ICAgICBzdHJlYW0uYnpmcmVlID0gTlVMTDsKICAgICBzdHJlYW0ub3BhcXVl ID0gTlVMTDsKIAorICAgIGlmICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQor ICAgIHsKKyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgaXMgMCBz aXplIik7CisgICAgICAgIHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQg PSBCWjJfYnpEZWNvbXByZXNzSW5pdCgmc3RyZWFtLCAwLCAwKTsKICAgICBp ZiAoIHJldCAhPSBCWl9PSyApCiAgICAgewpAQCAtNjYsNiArNzIsMTcgQEAg c3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KICAgICAgKi8KICAgICBvdXRzaXplID0gZG9tLT5rZXJuZWxfc2l6 ZTsKKworICAgIC8qCisgICAgICogc3RyZWFtLmF2YWlsX2luIGFuZCBvdXRz aXplIGFyZSB1bnNpZ25lZCBpbnQsIHdoaWxlIGtlcm5lbF9zaXplCisgICAg ICogaXMgYSBzaXplX3QuIENoZWNrIHdlIGFyZW4ndCBvdmVyZmxvd2luZy4K KyAgICAgKi8KKyAgICBpZiAoIG91dHNpemUgIT0gZG9tLT5rZXJuZWxfc2l6 ZSApCisgICAgeworICAgICAgICBET01QUklOVEYoIkJaSVAyOiBJbnB1dCB0 b28gbGFyZ2UiKTsKKyAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAg IH0KKwogICAgIG91dF9idWYgPSBtYWxsb2Mob3V0c2l6ZSk7CiAgICAgaWYg KCBvdXRfYnVmID09IE5VTEwgKQogICAgIHsKQEAgLTk4LDEzICsxMTUsMjAg QEAgc3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAgICBp ZiAoIHN0cmVhbS5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAg ICAgICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJm bG93ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8g MiApCisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBVSU5UX01BWCAvIDIg KQogICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciKTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gYnpp cDJfY2xlYW51cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYg KCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikg KQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCB0b28gbGFyZ2UiKTsKKyAgICAgICAgICAgICAgICBm cmVlKG91dF9idWYpOworICAgICAgICAgICAgICAgIGdvdG8gYnppcDJfY2xl YW51cDsKKyAgICAgICAgICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMTcy LDkgKzE5NiwxNSBAQCBzdGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUo CiAgICAgdW5zaWduZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBj aGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQg b3V0c2l6ZTsKKyAgICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFy ICptc2c7CiAKKyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAg ICB7CisgICAgICAgIERPTVBSSU5URigiJXM6IElucHV0IGlzIDAgc2l6ZSIs IHdoYXQpOworICAgICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgLyog c2lnaC4gIFdlIGRvbid0IGtub3cgdXAtZnJvbnQgaG93IG11Y2ggbWVtb3J5 IHdlIGFyZSBnb2luZyB0byBuZWVkCiAgICAgICogZm9yIHRoZSBvdXRwdXQg YnVmZmVyLiAgQWxsb2NhdGUgdGhlIG91dHB1dCBidWZmZXIgdG8gYmUgZXF1 YWwKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVyIHRvIHN0YXJ0LCBhbmQgd2Un bGwgcmVhbGxvYyBhcyBuZWVkZWQuCkBAIC0yNDQsMTMgKzI3NCwyMCBAQCBz dGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICgg c3RyZWFtLT5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAgICAg ICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJmbG93 ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8gMiAp CisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBTSVpFX01BWCAvIDIgKQog ICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigiJXM6 IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciLCB3aGF0KTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gbHpt YV9jbGVhbnVwOwogICAgICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSAp CisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIl czogb3V0cHV0IHRvbyBsYXJnZSIsIHdoYXQpOworICAgICAgICAgICAgICAg IGZyZWUob3V0X2J1Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2Ns ZWFudXA7CisgICAgICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYg PSByZWFsbG9jKG91dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAg IGlmICggdG1wX2J1ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTM1 OSw2ICszOTYsMTIgQEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2Rl KAogICAgICAgICAweDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBk LCAweDBhLCAweDFhLCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICog bHpvX3VpbnQgc2hvdWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlz IGlzIHRoZSBjYXNlIHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVy ZmxvdyB2YXJpb3VzIGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBY Q19CVUlMRF9CVUdfT04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6 ZV90KSk7CisKICAgICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0 ICE9IExaT19FX09LICkKICAgICB7CkBAIC00MzgsNiArNDgxLDE0IEBAIHN0 YXRpYyBpbnQgeGNfdHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBz cmNfbGVuIDw9IDAgfHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+ IGxlZnQgKQogICAgICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0g Ik91dHB1dCBidWZmZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXpl ID4gU0laRV9NQVggLSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOwor CisgICAgICAgIG1zZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdl IjsKKyAgICAgICAgaWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9t LCAqc2l6ZSArIGRzdF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAg ICAgICAgIG1zZyA9ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAg ICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0 X2xlbik7CiAgICAgICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbV9jb3JlLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2NvcmUuYwlX ZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYwlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAx MDAKQEAgLTE1OSw3ICsxNTksOCBAQCB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVf dCAqIHNpemUpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3Qg Y2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAg IHN0cnVjdCB4Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZk ID0gLTE7CkBAIC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG8KICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlIAogfQogCiAvKiAtLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0gKi8KKy8qIGRlY29tcHJlc3Npb24gYnVmZmVyIHNpemlu ZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAqLworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICAvKiBObyBsaW1p dCAqLworICAgIGlmICggIWRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICAg ICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhfa2VybmVs X3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNo LCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAgICJr ZXJuZWwgaW1hZ2UgdG9vIGxhcmdlIik7CisgICAgICAgIHJldHVybiAxOwor ICAgIH0KKworICAgIHJldHVybiAwOworfQorCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeikKK3sKKyAgICAvKiBObyBsaW1pdCAqLworICAgIGlmICggIWRvbS0+ bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAg aWYgKCBzeiA+IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgInJhbWRpc2sgaW1hZ2UgdG9vIGxh cmdlIik7CisgICAgICAgIHJldHVybiAxOworICAgIH0KKworICAgIHJldHVy biAwOworfQorCisvKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8K IC8qIHJlYWQgZmlsZXMsIGNvcHkgbWVtb3J5IGJsb2Nrcywgd2l0aCB0cmFu c3BhcmVudCBndW56aXAgICAgICAgICAgICAgICAgICAqLwogCiBzaXplX3Qg eGNfZG9tX2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pCkBAIC0yMzUsNyArMjc3LDcgQEAgc2l6ZV90 IHhjX2RvbV9jaGVja19nemlwKHhjX2ludGVyZmFjZSAqeAogCiAgICAgZ3ps ZW4gPSBibG9iICsgemlwbGVuIC0gNDsKICAgICB1bnppcGxlbiA9IGd6bGVu WzNdIDw8IDI0IHwgZ3psZW5bMl0gPDwgMTYgfCBnemxlblsxXSA8PCA4IHwg Z3psZW5bMF07Ci0gICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBs ZW4gPiAoMTAyNCoxMDI0KjEwMjQpKSApIC8qIDFHQiBsaW1pdCAqLworICAg IGlmICggKHVuemlwbGVuIDwgMCkgfHwgKHVuemlwbGVuID4gWENfRE9NX0RF Q09NUFJFU1NfTUFYKSApCiAgICAgewogICAgICAgICB4Y19kb21fcHJpbnRm CiAgICAgICAgICAgICAoeGNoLApAQCAtMjg4LDYgKzMzMCw5IEBAIGludCB4 Y19kb21fdHJ5X2d1bnppcChzdHJ1Y3QgeGNfZG9tX2ltYWcKICAgICBpZiAo IHVuemlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlm ICggeGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkK KyAgICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxs b2MoZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkK ICAgICAgICAgcmV0dXJuIC0xOwpAQCAtNTkwLDYgKzYzNSw5IEBAIHN0cnVj dCB4Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y18KICAgICBtZW1z ZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRvbS0+eGNoID0geGNo OwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBYQ19ET01fREVDT01Q UkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gWENfRE9N X0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRsaW5lICkKICAgICAg ICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChkb20sIGNtZGxpbmUp OwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjEwLDEwICs2NTgsMjUgQEAg c3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9jYXRlKHhjXwogICAg IHJldHVybiBOVUxMOwogfQogCitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6 ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAg ICBET01QUklOVEYoIiVzOiBrZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5D VElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsK KyAgICByZXR1cm4gMDsKK30KKworaW50IHhjX2RvbV9yYW1kaXNrX21heF9z aXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQorewor ICAgIERPTVBSSU5URigiJXM6IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19G VU5DVElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0g c3o7CisgICAgcmV0dXJuIDA7Cit9CisKIGludCB4Y19kb21fa2VybmVsX2Zp bGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxl bmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIi LCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9i bG9iID0geGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZk b20tPmtlcm5lbF9zaXplKTsKKyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNf ZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5l bF9zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZG9tLT5tYXhfa2VybmVsX3NpemUpOwogICAgIGlmICggZG9t LT5rZXJuZWxfYmxvYiA9PSBOVUxMICkKICAgICAgICAgcmV0dXJuIC0xOwog ICAgIHJldHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5l bF9ibG9iLCAmZG9tLT5rZXJuZWxfc2l6ZSk7CkBAIC02MjMsNyArNjg2LDkg QEAgaW50IHhjX2RvbV9yYW1kaXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbQog ewogICAgIERPTVBSSU5URigiJXM6IGZpbGVuYW1lPVwiJXNcIiIsIF9fRlVO Q1RJT05fXywgZmlsZW5hbWUpOwogICAgIGRvbS0+cmFtZGlza19ibG9iID0K LSAgICAgICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUs ICZkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIHhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb20tPm1heF9yYW1kaXNr X3NpemUpOworCiAgICAgaWYgKCBkb20tPnJhbWRpc2tfYmxvYiA9PSBOVUxM ICkKICAgICAgICAgcmV0dXJuIC0xOwogLy8gICAgcmV0dXJuIHhjX2RvbV90 cnlfZ3VuemlwKGRvbSwgJmRvbS0+cmFtZGlza19ibG9iLCAmZG9tLT5yYW1k aXNrX3NpemUpOwpAQCAtNzgzLDcgKzg0OCwxMSBAQCBpbnQgeGNfZG9tX2J1 aWxkX2ltYWdlKHN0cnVjdCB4Y19kb21faW1hCiAgICAgICAgIHZvaWQgKnJh bWRpc2ttYXA7CiAKICAgICAgICAgdW56aXBsZW4gPSB4Y19kb21fY2hlY2tf Z3ppcChkb20tPnhjaCwgZG9tLT5yYW1kaXNrX2Jsb2IsIGRvbS0+cmFtZGlz a19zaXplKTsKKyAgICAgICAgaWYgKCB4Y19kb21fcmFtZGlza19jaGVja19z aXplKGRvbSwgdW56aXBsZW4pICE9IDAgKQorICAgICAgICAgICAgdW56aXBs ZW4gPSAwOworCiAgICAgICAgIHJhbWRpc2tsZW4gPSB1bnppcGxlbiA/IHVu emlwbGVuIDogZG9tLT5yYW1kaXNrX3NpemU7CisKICAgICAgICAgaWYgKCB4 Y19kb21fYWxsb2Nfc2VnbWVudChkb20sICZkb20tPnJhbWRpc2tfc2VnLCAi cmFtZGlzayIsIDAsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgcmFtZGlza2xlbikgIT0gMCApCiAgICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG39-0001mp-PI; Tue, 13 Nov 2012 12:57:07 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2O-0001Hx-2h; Tue, 13 Nov 2012 12:56:20 +0000 Received: from [85.158.143.99:57901] by server-3.bemta-4.messagelabs.com id CD/54-06841-17342A05; Tue, 13 Nov 2012 12:56:17 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-8.tower-216.messagelabs.com!1352811375!18805688!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3583 invoked from network); 13 Nov 2012 12:56:16 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-8.tower-216.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:16 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2B-0008Tx-Gv; Tue, 13 Nov 2012 12:56:07 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2A-0000z4-Uh; Tue, 13 Nov 2012 12:56:06 +0000 Date: Tue, 13 Nov 2012 12:56:06 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4535 / XSA-20 version 2 Timer overflow DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely. IMPACT ====== A malicious guest administrator can trigger the bug. If the Xen watchdog is enabled, the whole system will crash. Otherwise the guest can cause the system to become completely unresponsive. VULNERABLE SYSTEMS ================== All versions of Xen from at least 3.4 onwards are vulnerable, to every kind of guest. Systems with only trusted guest kernels are not vulnerable. MITIGATION ========== There is no mitigation available other than to use a trusted guest kernel. RESOLUTION ========== The attached patch resolves this issue. The same patch is applicable to all affected versions. $ sha256sum xsa20.patch 954f43a3b912d551b6534d3962d0bab3db820222a3bff211b545e526f9161c71 xsa20.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGkAAoJEIP+FMlX6CvZzB0H/2H7Z/zxYOQtC2QLT77voNvI /dCGnO+tUxcn9zsPOTkQjTmd7XrSaCdV9IoKmssZCwTBlHzRiwvFWQBinqrU8SZb 8UCv4O1zxg4Ygv/9nlJVxI8Xq9+uyxc/RaMeKlMCsW2rSKut9zmHI9HU+FT5kqG9 0vEXhZW4/MwOFbH+03LoHgjXqW8LOLNZtBg9u5rF5iCDLnltdAC//3kFXA5UG391 JAzAdBUOOaf2OAnL4tEpEV6ksmeaxjckg63P5T61MUqiFJo/5AL5tu0kEKGHF7jH X4tDkSoV7Rbma4kNN3SbYjAkYGtsrGDeVS7HlhPbyZpKQVUJN+bSMYto3r8lVMM= =nj9Z -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa20.patch" Content-Disposition: attachment; filename="xsa20.patch" Content-Transfer-Encoding: base64 VkNQVS90aW1lcnM6IFByZXZlbnQgb3ZlcmZsb3cgaW4gY2FsY3VsYXRpb25z LCBsZWFkaW5nIHRvIERvUyB2dWxuZXJhYmlsaXR5CgpUaGUgdGltZXIgYWN0 aW9uIGZvciBhIHZjcHUgcGVyaW9kaWMgdGltZXIgaXMgdG8gY2FsY3VsYXRl IHRoZSBuZXh0CmV4cGlyeSB0aW1lLCBhbmQgdG8gcmVpbnNlcnQgaXRzZWxm IGludG8gdGhlIHRpbWVyIHF1ZXVlLiAgSWYgdGhlCmRlYWRsaW5lIGVuZHMg dXAgaW4gdGhlIHBhc3QsIFhlbiBuZXZlciBsZWF2ZXMgX19kb19zb2Z0aXJx KCkuICBUaGUKYWZmZWN0ZWQgUENQVSB3aWxsIHN0YXkgaW4gYW4gaW5maW5p dGUgbG9vcCB1bnRpbCBYZW4gaXMga2lsbGVkIGJ5IHRoZQp3YXRjaGRvZyAo aWYgZW5hYmxlZCkuCgpUaGlzIGlzIGEgc2VjdXJpdHkgcHJvYmxlbSwgWFNB LTIwIC8gQ1ZFLTIwMTItNDUzNS4KClNpZ25lZC1vZmYtYnk6IEFuZHJldyBD b29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CkFja2VkLWJ5OiBJ YW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgoKZGlmZiAt ciA0NzhiYTNmMTQ2ZGYgeGVuL2NvbW1vbi9kb21haW4uYwotLS0gYS94ZW4v Y29tbW9uL2RvbWFpbi5jCisrKyBiL3hlbi9jb21tb24vZG9tYWluLmMKQEAg LTkwMyw2ICs5MDMsOSBAQCBsb25nIGRvX3ZjcHVfb3AoaW50IGNtZCwgaW50 IHZjcHVpZCwgWEVOCiAgICAgICAgIGlmICggc2V0LnBlcmlvZF9ucyA8IE1J TExJU0VDUygxKSApCiAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKIAor ICAgICAgICBpZiAoIHNldC5wZXJpb2RfbnMgPiBTVElNRV9ERUxUQV9NQVgg KQorICAgICAgICAgICAgcmV0dXJuIC1FSU5WQUw7CisKICAgICAgICAgdi0+ cGVyaW9kaWNfcGVyaW9kID0gc2V0LnBlcmlvZF9uczsKICAgICAgICAgdmNw dV9mb3JjZV9yZXNjaGVkdWxlKHYpOwogCmRpZmYgLXIgNDc4YmEzZjE0NmRm IHhlbi9pbmNsdWRlL3hlbi90aW1lLmgKLS0tIGEveGVuL2luY2x1ZGUveGVu L3RpbWUuaAorKysgYi94ZW4vaW5jbHVkZS94ZW4vdGltZS5oCkBAIC01NSw2 ICs1NSw4IEBAIHN0cnVjdCB0bSBnbXRpbWUodW5zaWduZWQgbG9uZyB0KTsK ICNkZWZpbmUgTUlMTElTRUNTKF9tcykgICgoc190aW1lX3QpKChfbXMpICog MTAwMDAwMFVMTCkpCiAjZGVmaW5lIE1JQ1JPU0VDUyhfdXMpICAoKHNfdGlt ZV90KSgoX3VzKSAqIDEwMDBVTEwpKQogI2RlZmluZSBTVElNRV9NQVggKChz X3RpbWVfdCkoKHVpbnQ2NF90KX4wdWxsPj4xKSkKKy8qIENob3NlbiBzbyAo Tk9XKCkgKyBkZWx0YSkgd29udCBvdmVyZmxvdyB3aXRob3V0IGFuIHVwdGlt ZSBvZiAyMDAgeWVhcnMgKi8KKyNkZWZpbmUgU1RJTUVfREVMVEFfTUFYICgo c190aW1lX3QpKCh1aW50NjRfdCl+MHVsbD4+MikpCiAKIGV4dGVybiB2b2lk IHVwZGF0ZV92Y3B1X3N5c3RlbV90aW1lKHN0cnVjdCB2Y3B1ICp2KTsKIGV4 dGVybiB2b2lkIHVwZGF0ZV9kb21haW5fd2FsbGNsb2NrX3RpbWUoc3RydWN0 IGRvbWFpbiAqZCk7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG39-0001mp-PI; Tue, 13 Nov 2012 12:57:07 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2O-0001Hx-2h; Tue, 13 Nov 2012 12:56:20 +0000 Received: from [85.158.143.99:57901] by server-3.bemta-4.messagelabs.com id CD/54-06841-17342A05; Tue, 13 Nov 2012 12:56:17 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-8.tower-216.messagelabs.com!1352811375!18805688!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3583 invoked from network); 13 Nov 2012 12:56:16 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-8.tower-216.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:16 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2B-0008Tx-Gv; Tue, 13 Nov 2012 12:56:07 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2A-0000z4-Uh; Tue, 13 Nov 2012 12:56:06 +0000 Date: Tue, 13 Nov 2012 12:56:06 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4535 / XSA-20 version 2 Timer overflow DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely. IMPACT ====== A malicious guest administrator can trigger the bug. If the Xen watchdog is enabled, the whole system will crash. Otherwise the guest can cause the system to become completely unresponsive. VULNERABLE SYSTEMS ================== All versions of Xen from at least 3.4 onwards are vulnerable, to every kind of guest. Systems with only trusted guest kernels are not vulnerable. MITIGATION ========== There is no mitigation available other than to use a trusted guest kernel. RESOLUTION ========== The attached patch resolves this issue. The same patch is applicable to all affected versions. $ sha256sum xsa20.patch 954f43a3b912d551b6534d3962d0bab3db820222a3bff211b545e526f9161c71 xsa20.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGkAAoJEIP+FMlX6CvZzB0H/2H7Z/zxYOQtC2QLT77voNvI /dCGnO+tUxcn9zsPOTkQjTmd7XrSaCdV9IoKmssZCwTBlHzRiwvFWQBinqrU8SZb 8UCv4O1zxg4Ygv/9nlJVxI8Xq9+uyxc/RaMeKlMCsW2rSKut9zmHI9HU+FT5kqG9 0vEXhZW4/MwOFbH+03LoHgjXqW8LOLNZtBg9u5rF5iCDLnltdAC//3kFXA5UG391 JAzAdBUOOaf2OAnL4tEpEV6ksmeaxjckg63P5T61MUqiFJo/5AL5tu0kEKGHF7jH X4tDkSoV7Rbma4kNN3SbYjAkYGtsrGDeVS7HlhPbyZpKQVUJN+bSMYto3r8lVMM= =nj9Z -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa20.patch" Content-Disposition: attachment; filename="xsa20.patch" Content-Transfer-Encoding: base64 VkNQVS90aW1lcnM6IFByZXZlbnQgb3ZlcmZsb3cgaW4gY2FsY3VsYXRpb25z LCBsZWFkaW5nIHRvIERvUyB2dWxuZXJhYmlsaXR5CgpUaGUgdGltZXIgYWN0 aW9uIGZvciBhIHZjcHUgcGVyaW9kaWMgdGltZXIgaXMgdG8gY2FsY3VsYXRl IHRoZSBuZXh0CmV4cGlyeSB0aW1lLCBhbmQgdG8gcmVpbnNlcnQgaXRzZWxm IGludG8gdGhlIHRpbWVyIHF1ZXVlLiAgSWYgdGhlCmRlYWRsaW5lIGVuZHMg dXAgaW4gdGhlIHBhc3QsIFhlbiBuZXZlciBsZWF2ZXMgX19kb19zb2Z0aXJx KCkuICBUaGUKYWZmZWN0ZWQgUENQVSB3aWxsIHN0YXkgaW4gYW4gaW5maW5p dGUgbG9vcCB1bnRpbCBYZW4gaXMga2lsbGVkIGJ5IHRoZQp3YXRjaGRvZyAo aWYgZW5hYmxlZCkuCgpUaGlzIGlzIGEgc2VjdXJpdHkgcHJvYmxlbSwgWFNB LTIwIC8gQ1ZFLTIwMTItNDUzNS4KClNpZ25lZC1vZmYtYnk6IEFuZHJldyBD b29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+CkFja2VkLWJ5OiBJ YW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBjaXRyaXguY29tPgoKZGlmZiAt ciA0NzhiYTNmMTQ2ZGYgeGVuL2NvbW1vbi9kb21haW4uYwotLS0gYS94ZW4v Y29tbW9uL2RvbWFpbi5jCisrKyBiL3hlbi9jb21tb24vZG9tYWluLmMKQEAg LTkwMyw2ICs5MDMsOSBAQCBsb25nIGRvX3ZjcHVfb3AoaW50IGNtZCwgaW50 IHZjcHVpZCwgWEVOCiAgICAgICAgIGlmICggc2V0LnBlcmlvZF9ucyA8IE1J TExJU0VDUygxKSApCiAgICAgICAgICAgICByZXR1cm4gLUVJTlZBTDsKIAor ICAgICAgICBpZiAoIHNldC5wZXJpb2RfbnMgPiBTVElNRV9ERUxUQV9NQVgg KQorICAgICAgICAgICAgcmV0dXJuIC1FSU5WQUw7CisKICAgICAgICAgdi0+ cGVyaW9kaWNfcGVyaW9kID0gc2V0LnBlcmlvZF9uczsKICAgICAgICAgdmNw dV9mb3JjZV9yZXNjaGVkdWxlKHYpOwogCmRpZmYgLXIgNDc4YmEzZjE0NmRm IHhlbi9pbmNsdWRlL3hlbi90aW1lLmgKLS0tIGEveGVuL2luY2x1ZGUveGVu L3RpbWUuaAorKysgYi94ZW4vaW5jbHVkZS94ZW4vdGltZS5oCkBAIC01NSw2 ICs1NSw4IEBAIHN0cnVjdCB0bSBnbXRpbWUodW5zaWduZWQgbG9uZyB0KTsK ICNkZWZpbmUgTUlMTElTRUNTKF9tcykgICgoc190aW1lX3QpKChfbXMpICog MTAwMDAwMFVMTCkpCiAjZGVmaW5lIE1JQ1JPU0VDUyhfdXMpICAoKHNfdGlt ZV90KSgoX3VzKSAqIDEwMDBVTEwpKQogI2RlZmluZSBTVElNRV9NQVggKChz X3RpbWVfdCkoKHVpbnQ2NF90KX4wdWxsPj4xKSkKKy8qIENob3NlbiBzbyAo Tk9XKCkgKyBkZWx0YSkgd29udCBvdmVyZmxvdyB3aXRob3V0IGFuIHVwdGlt ZSBvZiAyMDAgeWVhcnMgKi8KKyNkZWZpbmUgU1RJTUVfREVMVEFfTUFYICgo c190aW1lX3QpKCh1aW50NjRfdCl+MHVsbD4+MikpCiAKIGV4dGVybiB2b2lk IHVwZGF0ZV92Y3B1X3N5c3RlbV90aW1lKHN0cnVjdCB2Y3B1ICp2KTsKIGV4 dGVybiB2b2lkIHVwZGF0ZV9kb21haW5fd2FsbGNsb2NrX3RpbWUoc3RydWN0 IGRvbWFpbiAqZCk7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3B-0001p0-Tu; Tue, 13 Nov 2012 12:57:09 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2a-0001LY-AX; Tue, 13 Nov 2012 12:56:32 +0000 Received: from [85.158.137.99:35613] by server-10.bemta-3.messagelabs.com id 7C/58-19806-D7342A05; Tue, 13 Nov 2012 12:56:29 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-2.tower-217.messagelabs.com!1352811387!18804571!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 6375 invoked from network); 13 Nov 2012 12:56:28 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-2.tower-217.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:28 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2O-0008V2-S8; Tue, 13 Nov 2012 12:56:20 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2O-000103-Oo; Tue, 13 Nov 2012 12:56:20 +0000 Date: Tue, 13 Nov 2012 12:56:20 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4539 / XSA-24 version 2 Grant table hypercall infinite loop DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Due to inappropriate duplicate use of the same loop control variable, passing bad arguments to GNTTABOP_get_status_frames can cause an infinite loop in the compat hypercall handler. IMPACT ====== A malicious guest administrator can trigger the bug. If the Xen watchdog is enabled, the whole system will crash. Otherwise the guest can cause the system to become completely unresponsive. VULNERABLE SYSTEMS ================== Xen versions 4.0 and onwards are vulnerable. Earlier released Xen versions are not vulnerable. Only 32-bit x86 PV guests, running on 64-bit Xen hypervisors, introduce the vulnerability. MITIGATION ========== Running only 64-bit guests, or (in previous Xen versions) running a 32-bit hypervisor (which supports only 32-bit guests), will avoid this vulnerability. Note however that if in a 64-bit Xen system the guest kernel image file is under the control of the guest administrator, the guest administrator will normally be able to control whether the guest is 32-bit or 64-bit by supplying a different kernel image. Running only HVM guests will avoid this vulnerability. RESOLUTION ========== The attached patch resolves this issue. The same patch is applicable to all affected versions. $ sha256sum xsa24.patch 2963dff4dbc08aab4278215d74c2cce365972f213453bb7c513d097a838de196 xsa24.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGvAAoJEIP+FMlX6CvZ0HAH/jy7Id9Ai1ZJSou6xu6USdQP QyaT6BnWzIA8ziatcnRzq5YHW+Occ4g4+9fU92zHpVsFGF5mAN9/aq83xLHoFHkb TPH/+xNCRz50zfQ21VTejr6jFlfiO6S1y/4bxVYfohtoevijo5tpRo+OYdFZXMM8 psagcYXHgOsUy95pFsPBbwg6bh0S/ffDfZnyK3LZCP3J/Xx82kj7Du/HgKcM9lDx gk/q0VjFM6M/utxyn2gQlFGbX8YFfoytb9WzcrQdcPf4Ubu/jGUykm1BS/+IrXHs C9BtBa6w+k2T6dZgRmseeOjy0PgiEYKrqYhwAG1VC8F+RMLpAmtNGJS3gatwFHE= =IoWx -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa24.patch" Content-Disposition: attachment; filename="xsa24.patch" Content-Transfer-Encoding: base64 Y29tcGF0L2dudHRhYjogUHJldmVudCBpbmZpbml0ZSBsb29wIGluIGNvbXBh dCBjb2RlCgpjL3MgMjAyODE6OTVlYTIwNTJiNDFiLCB3aGljaCBpbnRyb2R1 Y2VzIEdyYW50IFRhYmxlIHZlcnNpb24gMgpoeXBlcmNhbGxzIGludHJvZHVj ZXMgYSB2dWxuZXJhYmlsaXR5IHdoZXJlYnkgdGhlIGNvbXBhdCBoeXBlcmNh bGwKaGFuZGxlciBjYW4gZmFsbCBpbnRvIGFuIGluZmluaXRlIGxvb3AuCgpJ ZiB0aGUgd2F0Y2hkb2cgaXMgZW5hYmxlZCwgWGVuIHdpbGwgZGllIGFmdGVy IHRoZSB0aW1lb3V0LgoKVGhpcyBpcyBhIHNlY3VyaXR5IHByb2JsZW0sIFhT QS0yNCAvIENWRS0yMDEyLTQ1MzkuCgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcg Q29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpBY2tlZC1ieTog SmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogSWFu IEphY2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+CgpkaWZmIC1y IGJhYzg4M2NmODA1YSB4ZW4vY29tbW9uL2NvbXBhdC9ncmFudF90YWJsZS5j Ci0tLSBhL3hlbi9jb21tb24vY29tcGF0L2dyYW50X3RhYmxlLmMKKysrIGIv eGVuL2NvbW1vbi9jb21wYXQvZ3JhbnRfdGFibGUuYwpAQCAtMzE4LDYgKzMx OCw4IEBAIGludCBjb21wYXRfZ3JhbnRfdGFibGVfb3AodW5zaWduZWQgaW50 IGMKICN1bmRlZiBYTEFUX2dudHRhYl9nZXRfc3RhdHVzX2ZyYW1lc19ITkRM X2ZyYW1lX2xpc3QKICAgICAgICAgICAgICAgICBpZiAoIHVubGlrZWx5KF9f Y29weV90b19ndWVzdChjbXBfdW9wLCAmY21wLmdldF9zdGF0dXMsIDEpKSAp CiAgICAgICAgICAgICAgICAgICAgIHJjID0gLUVGQVVMVDsKKyAgICAgICAg ICAgICAgICBlbHNlCisgICAgICAgICAgICAgICAgICAgIGkgPSAxOwogICAg ICAgICAgICAgfQogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIH0K --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3B-0001p0-Tu; Tue, 13 Nov 2012 12:57:09 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2a-0001LY-AX; Tue, 13 Nov 2012 12:56:32 +0000 Received: from [85.158.137.99:35613] by server-10.bemta-3.messagelabs.com id 7C/58-19806-D7342A05; Tue, 13 Nov 2012 12:56:29 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-2.tower-217.messagelabs.com!1352811387!18804571!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 6375 invoked from network); 13 Nov 2012 12:56:28 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-2.tower-217.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:28 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2O-0008V2-S8; Tue, 13 Nov 2012 12:56:20 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2O-000103-Oo; Tue, 13 Nov 2012 12:56:20 +0000 Date: Tue, 13 Nov 2012 12:56:20 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4539 / XSA-24 version 2 Grant table hypercall infinite loop DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= Due to inappropriate duplicate use of the same loop control variable, passing bad arguments to GNTTABOP_get_status_frames can cause an infinite loop in the compat hypercall handler. IMPACT ====== A malicious guest administrator can trigger the bug. If the Xen watchdog is enabled, the whole system will crash. Otherwise the guest can cause the system to become completely unresponsive. VULNERABLE SYSTEMS ================== Xen versions 4.0 and onwards are vulnerable. Earlier released Xen versions are not vulnerable. Only 32-bit x86 PV guests, running on 64-bit Xen hypervisors, introduce the vulnerability. MITIGATION ========== Running only 64-bit guests, or (in previous Xen versions) running a 32-bit hypervisor (which supports only 32-bit guests), will avoid this vulnerability. Note however that if in a 64-bit Xen system the guest kernel image file is under the control of the guest administrator, the guest administrator will normally be able to control whether the guest is 32-bit or 64-bit by supplying a different kernel image. Running only HVM guests will avoid this vulnerability. RESOLUTION ========== The attached patch resolves this issue. The same patch is applicable to all affected versions. $ sha256sum xsa24.patch 2963dff4dbc08aab4278215d74c2cce365972f213453bb7c513d097a838de196 xsa24.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGvAAoJEIP+FMlX6CvZ0HAH/jy7Id9Ai1ZJSou6xu6USdQP QyaT6BnWzIA8ziatcnRzq5YHW+Occ4g4+9fU92zHpVsFGF5mAN9/aq83xLHoFHkb TPH/+xNCRz50zfQ21VTejr6jFlfiO6S1y/4bxVYfohtoevijo5tpRo+OYdFZXMM8 psagcYXHgOsUy95pFsPBbwg6bh0S/ffDfZnyK3LZCP3J/Xx82kj7Du/HgKcM9lDx gk/q0VjFM6M/utxyn2gQlFGbX8YFfoytb9WzcrQdcPf4Ubu/jGUykm1BS/+IrXHs C9BtBa6w+k2T6dZgRmseeOjy0PgiEYKrqYhwAG1VC8F+RMLpAmtNGJS3gatwFHE= =IoWx -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa24.patch" Content-Disposition: attachment; filename="xsa24.patch" Content-Transfer-Encoding: base64 Y29tcGF0L2dudHRhYjogUHJldmVudCBpbmZpbml0ZSBsb29wIGluIGNvbXBh dCBjb2RlCgpjL3MgMjAyODE6OTVlYTIwNTJiNDFiLCB3aGljaCBpbnRyb2R1 Y2VzIEdyYW50IFRhYmxlIHZlcnNpb24gMgpoeXBlcmNhbGxzIGludHJvZHVj ZXMgYSB2dWxuZXJhYmlsaXR5IHdoZXJlYnkgdGhlIGNvbXBhdCBoeXBlcmNh bGwKaGFuZGxlciBjYW4gZmFsbCBpbnRvIGFuIGluZmluaXRlIGxvb3AuCgpJ ZiB0aGUgd2F0Y2hkb2cgaXMgZW5hYmxlZCwgWGVuIHdpbGwgZGllIGFmdGVy IHRoZSB0aW1lb3V0LgoKVGhpcyBpcyBhIHNlY3VyaXR5IHByb2JsZW0sIFhT QS0yNCAvIENWRS0yMDEyLTQ1MzkuCgpTaWduZWQtb2ZmLWJ5OiBBbmRyZXcg Q29vcGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPgpBY2tlZC1ieTog SmFuIEJldWxpY2ggPGpiZXVsaWNoQHN1c2UuY29tPgpBY2tlZC1ieTogSWFu IEphY2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+CgpkaWZmIC1y IGJhYzg4M2NmODA1YSB4ZW4vY29tbW9uL2NvbXBhdC9ncmFudF90YWJsZS5j Ci0tLSBhL3hlbi9jb21tb24vY29tcGF0L2dyYW50X3RhYmxlLmMKKysrIGIv eGVuL2NvbW1vbi9jb21wYXQvZ3JhbnRfdGFibGUuYwpAQCAtMzE4LDYgKzMx OCw4IEBAIGludCBjb21wYXRfZ3JhbnRfdGFibGVfb3AodW5zaWduZWQgaW50 IGMKICN1bmRlZiBYTEFUX2dudHRhYl9nZXRfc3RhdHVzX2ZyYW1lc19ITkRM X2ZyYW1lX2xpc3QKICAgICAgICAgICAgICAgICBpZiAoIHVubGlrZWx5KF9f Y29weV90b19ndWVzdChjbXBfdW9wLCAmY21wLmdldF9zdGF0dXMsIDEpKSAp CiAgICAgICAgICAgICAgICAgICAgIHJjID0gLUVGQVVMVDsKKyAgICAgICAg ICAgICAgICBlbHNlCisgICAgICAgICAgICAgICAgICAgIGkgPSAxOwogICAg ICAgICAgICAgfQogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIH0K --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3A-0001nd-Hi; Tue, 13 Nov 2012 12:57:08 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2P-0001I8-HV; Tue, 13 Nov 2012 12:56:21 +0000 Received: from [85.158.137.99:57042] by server-6.bemta-3.messagelabs.com id A2/CA-28265-47342A05; Tue, 13 Nov 2012 12:56:20 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-11.tower-217.messagelabs.com!1352811378!18030909!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 15563 invoked from network); 13 Nov 2012 12:56:19 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-11.tower-217.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:19 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2F-0008U6-4A; Tue, 13 Nov 2012 12:56:11 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2E-0000zH-Ug; Tue, 13 Nov 2012 12:56:10 +0000 Date: Tue, 13 Nov 2012 12:56:10 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4536 / XSA-21 version 2 pirq range check DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= domain_pirq_to_emuirq() uses the guest provided pirq value before range checking it, and physdev_unmap_pirq uses domain_pirq_to_emuirq without checking the pirq value either. Invalid pirq values can cause Xen to read out of array bounds, usually resulting in a fatal page fault. IMPACT ====== A malicious guest administrator can cause Xen to crash. If the out of array bounds access does not crash, the arbitrary value read will be ignored due to later error checking, so there is no privilege escalation and no exploitable information leak. VULNERABLE SYSTEMS ================== Only Xen version 4.1 is vulnerable. Other released versions, and xen-unstable, are not vulnerable. The vulnerability is only exposed to HVM guests. MITIGATION ========== Running only PV guests, or ensuring that HVM guests only use trusted kernels, will avoid this vulnerability. RESOLUTION ========== The attached patch resolves this issue. $ sha256sum xsa21.patch 34c4bef71d0ad08ee7c337c77af47aa77bb19081a13fc13beaff7d4b37b6b35a xsa21.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGnAAoJEIP+FMlX6CvZ1lQH/jdovmPuphnocdrkWGR8FE3+ OqM3JIpOZTDPFfLO7pen/P5e/0fCBs7cF7FGvM1Uua54/M0HrVS93E1m9baornkh vEIV5c9TRTfUR3IGmVFs1l+ddJcfULOuhfE2IOrbcYaWBL89D9sQYrL/A1j4LTEh umsz6fh4XgINkt/tpneEcE4ckYd0YkkOm3zUK3HaGshNXoOGVyGeaNqKr/YuhEfc XWOkCUoZTxKz50Tg12pdtjX8CX0njJaKeAs0MLkyTL1cj+Sf89YzNuXLwx5ffpMu //VEe2tbyRzPj2JYzUOrV8E5W1fPZmfCSgMvJEtwmMbMXMb7sIUPMBh3yBcXQQU= =yPnD -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa21.patch" Content-Disposition: attachment; filename="xsa21.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNkZXY6IFJhbmdlIGNoZWNrIHBpcnEgcGFyYW1ldGVyIGZyb20g Z3Vlc3RzCgpPdGhlcndpc2UgWGVuIHdpbGwgcmVhZCBiZXlvbmQgZWl0aGVy IGVuZCBvZiB0aGUgc3RydWN0CmRvbWFpbi5hcmNoLnBpcnFfZW11aXJxIGFy cmF5LCB1c3VhbGx5IHJlc3VsdGluZyBpbiBhIGZhdGFsIHBhZ2UgZmF1bHQu CgpUaGlzIHZ1bG5lcmFiaWxpdHkgd2FzIGludHJvZHVjZWQgYnkgYy9zIDIz MjQxOmQyMTEwMGYxZDAwZSwgd2hpY2ggYWRkcwphIGNhbGwgdG8gZG9tYWlu X3BpcnFfdG9fZW11aXJxKCkgd2hpY2ggdXNlcyB0aGUgZ3Vlc3QgcHJvdmlk ZWQgcGlycQp2YWx1ZSBiZWZvcmUgcmFuZ2UgY2hlY2tpbmcgaXQsIGFuZCB3 YXMgZml4ZWQgYnkgYy9zIDIzNTczOjU4NGMyZTVlMDNkOQp3aGljaCBjaGFu Z2VkIHRoZSBiZWhhdmlvdXIgb2YgdGhlIGRvbWFpbl9waXJxX3RvX2VtdWly cSgpIG1hY3JvIHRvIHVzZQpyYWRpeCB0cmVlcyBpbnN0ZWFkIG9mIGEgZmxh dCBhcnJheS4KClRoaXMgaXMgWFNBLTIxIC8gQ1ZFLTIwMTItNDUzNi4KClNp Z25lZC1vZmYtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNp dHJpeC5jb20+CkFja2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3Vz ZS5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgoKZGlmZiAtciA3YTQwMWE3M2Q4NmQgeGVuL2FyY2gveDg2 L3BoeXNkZXYuYwotLS0gYS94ZW4vYXJjaC94ODYvcGh5c2Rldi5jCisrKyBi L3hlbi9hcmNoL3g4Ni9waHlzZGV2LmMKQEAgLTIzNCw2ICsyMzQsMTAgQEAg c3RhdGljIGludCBwaHlzZGV2X3VubWFwX3BpcnEoc3RydWN0IHBoeQogICAg IGlmICggcmV0ICkKICAgICAgICAgcmV0dXJuIHJldDsKIAorICAgIHJldCA9 IC1FSU5WQUw7CisgICAgaWYgKCB1bm1hcC0+cGlycSA8IDAgfHwgdW5tYXAt PnBpcnEgPj0gZC0+bnJfcGlycXMgKQorICAgICAgICBnb3RvIGZyZWVfZG9t YWluOworCiAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpICkKICAgICB7CiAg ICAgICAgIHNwaW5fbG9jaygmZC0+ZXZlbnRfbG9jayk7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3A-0001nd-Hi; Tue, 13 Nov 2012 12:57:08 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2P-0001I8-HV; Tue, 13 Nov 2012 12:56:21 +0000 Received: from [85.158.137.99:57042] by server-6.bemta-3.messagelabs.com id A2/CA-28265-47342A05; Tue, 13 Nov 2012 12:56:20 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-11.tower-217.messagelabs.com!1352811378!18030909!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 15563 invoked from network); 13 Nov 2012 12:56:19 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-11.tower-217.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:19 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2F-0008U6-4A; Tue, 13 Nov 2012 12:56:11 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2E-0000zH-Ug; Tue, 13 Nov 2012 12:56:10 +0000 Date: Tue, 13 Nov 2012 12:56:10 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4536 / XSA-21 version 2 pirq range check DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= domain_pirq_to_emuirq() uses the guest provided pirq value before range checking it, and physdev_unmap_pirq uses domain_pirq_to_emuirq without checking the pirq value either. Invalid pirq values can cause Xen to read out of array bounds, usually resulting in a fatal page fault. IMPACT ====== A malicious guest administrator can cause Xen to crash. If the out of array bounds access does not crash, the arbitrary value read will be ignored due to later error checking, so there is no privilege escalation and no exploitable information leak. VULNERABLE SYSTEMS ================== Only Xen version 4.1 is vulnerable. Other released versions, and xen-unstable, are not vulnerable. The vulnerability is only exposed to HVM guests. MITIGATION ========== Running only PV guests, or ensuring that HVM guests only use trusted kernels, will avoid this vulnerability. RESOLUTION ========== The attached patch resolves this issue. $ sha256sum xsa21.patch 34c4bef71d0ad08ee7c337c77af47aa77bb19081a13fc13beaff7d4b37b6b35a xsa21.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGnAAoJEIP+FMlX6CvZ1lQH/jdovmPuphnocdrkWGR8FE3+ OqM3JIpOZTDPFfLO7pen/P5e/0fCBs7cF7FGvM1Uua54/M0HrVS93E1m9baornkh vEIV5c9TRTfUR3IGmVFs1l+ddJcfULOuhfE2IOrbcYaWBL89D9sQYrL/A1j4LTEh umsz6fh4XgINkt/tpneEcE4ckYd0YkkOm3zUK3HaGshNXoOGVyGeaNqKr/YuhEfc XWOkCUoZTxKz50Tg12pdtjX8CX0njJaKeAs0MLkyTL1cj+Sf89YzNuXLwx5ffpMu //VEe2tbyRzPj2JYzUOrV8E5W1fPZmfCSgMvJEtwmMbMXMb7sIUPMBh3yBcXQQU= =yPnD -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa21.patch" Content-Disposition: attachment; filename="xsa21.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNkZXY6IFJhbmdlIGNoZWNrIHBpcnEgcGFyYW1ldGVyIGZyb20g Z3Vlc3RzCgpPdGhlcndpc2UgWGVuIHdpbGwgcmVhZCBiZXlvbmQgZWl0aGVy IGVuZCBvZiB0aGUgc3RydWN0CmRvbWFpbi5hcmNoLnBpcnFfZW11aXJxIGFy cmF5LCB1c3VhbGx5IHJlc3VsdGluZyBpbiBhIGZhdGFsIHBhZ2UgZmF1bHQu CgpUaGlzIHZ1bG5lcmFiaWxpdHkgd2FzIGludHJvZHVjZWQgYnkgYy9zIDIz MjQxOmQyMTEwMGYxZDAwZSwgd2hpY2ggYWRkcwphIGNhbGwgdG8gZG9tYWlu X3BpcnFfdG9fZW11aXJxKCkgd2hpY2ggdXNlcyB0aGUgZ3Vlc3QgcHJvdmlk ZWQgcGlycQp2YWx1ZSBiZWZvcmUgcmFuZ2UgY2hlY2tpbmcgaXQsIGFuZCB3 YXMgZml4ZWQgYnkgYy9zIDIzNTczOjU4NGMyZTVlMDNkOQp3aGljaCBjaGFu Z2VkIHRoZSBiZWhhdmlvdXIgb2YgdGhlIGRvbWFpbl9waXJxX3RvX2VtdWly cSgpIG1hY3JvIHRvIHVzZQpyYWRpeCB0cmVlcyBpbnN0ZWFkIG9mIGEgZmxh dCBhcnJheS4KClRoaXMgaXMgWFNBLTIxIC8gQ1ZFLTIwMTItNDUzNi4KClNp Z25lZC1vZmYtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNp dHJpeC5jb20+CkFja2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3Vz ZS5jb20+CkFja2VkLWJ5OiBJYW4gQ2FtcGJlbGwgPGlhbi5jYW1wYmVsbEBj aXRyaXguY29tPgoKZGlmZiAtciA3YTQwMWE3M2Q4NmQgeGVuL2FyY2gveDg2 L3BoeXNkZXYuYwotLS0gYS94ZW4vYXJjaC94ODYvcGh5c2Rldi5jCisrKyBi L3hlbi9hcmNoL3g4Ni9waHlzZGV2LmMKQEAgLTIzNCw2ICsyMzQsMTAgQEAg c3RhdGljIGludCBwaHlzZGV2X3VubWFwX3BpcnEoc3RydWN0IHBoeQogICAg IGlmICggcmV0ICkKICAgICAgICAgcmV0dXJuIHJldDsKIAorICAgIHJldCA9 IC1FSU5WQUw7CisgICAgaWYgKCB1bm1hcC0+cGlycSA8IDAgfHwgdW5tYXAt PnBpcnEgPj0gZC0+bnJfcGlycXMgKQorICAgICAgICBnb3RvIGZyZWVfZG9t YWluOworCiAgICAgaWYgKCBpc19odm1fZG9tYWluKGQpICkKICAgICB7CiAg ICAgICAgIHNwaW5fbG9jaygmZC0+ZXZlbnRfbG9jayk7Cg== --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3B-0001oI-6h; Tue, 13 Nov 2012 12:57:09 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2V-0001KB-3Q; Tue, 13 Nov 2012 12:56:27 +0000 Received: from [85.158.138.51:16995] by server-13.bemta-3.messagelabs.com id A6/38-24887-A7342A05; Tue, 13 Nov 2012 12:56:26 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-174.messagelabs.com!1352811384!21908767!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29012 invoked from network); 13 Nov 2012 12:56:25 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:25 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2K-0008Ud-76; Tue, 13 Nov 2012 12:56:16 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2K-0000zq-49; Tue, 13 Nov 2012 12:56:16 +0000 Date: Tue, 13 Nov 2012 12:56:16 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4538 / XSA-23 version 2 Unhooking empty PAE entries DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The HVMOP_pagetable_dying hypercall does not correctly check the caller's pagetable state, leading to a hypervisor crash. IMPACT ====== An HVM guest running on shadow pagetables (that is, not HAP) can cause the hypervisor to crash. VULNERABLE SYSTEMS ================== All Xen versions from 4.0 onwards are vulnerable, except that: - systems that run only PV guests are not vulnerable - systems that run all HVM guests using HAP (which is the default on hardware that supports it) are not vulnerable. MITIGATION ========== This issue can be avoided by running only PV guests or by running all HVM guests using hardware-assisited paging (HAP, also called NPT, RVI and EPT). Xen will run guests using HAP by default on hardware that supports it, unless it is disbled by putting 'hap=0' either on the xen hypervisor command-line or in the VM's configuration. You can check whether a particular machine supports HAP by looking at xen's boot messages. On Xen 4.1, 4.2 and unstable, Xen will print "HVM: Hardware Assisted Paging (HAP) detected" during boot; on xen 4.0 the message is "HVM: Hardware Assisted Paging detected". RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa23-4.0-4.1.patch Xen 4.0.x, 4.1.x xsa23-4.2-unstable.patch Xen 4.2.x, xen-unstable $ sha256sum xsa23*.patch f696d597481595b14ac9577d1dad05fc97da68568f52db74d62f2e3dcb2c7a6e xsa23-4.0-4.1.patch 70ffea07e58e4a747bf3ec103f656ba2cd0d8986722e6a72023c57d802c65964 xsa23-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGsAAoJEIP+FMlX6CvZTagH/iyB7+Y5Ug2+3o0minW/xYe5 sVoRIxYhOuKIoRZFVHn3WvXc2PkL/sVCg8PoQnxCs1v4etALl6TTwE9CuJYVgbR7 9OiN6l/NAg2Qbcg3W1j5Har0syOFL5ZkrvIZ3xvER1lsSINKFJ/HBYf9Oe3KUAaD ffzgRupB/AcETIClv9qwhmSVgjDyNWEae4TS5MzvdUM5dDcCObg/OpyvCGx2MbA8 SF/s9bSwmUcEboy1wOm4wkTWfEJUCsE/ftpQRsEZPESOOXG5u2QB+EI1pbZ1SObx yhbDGE1Ex3T9u88t+7bSiFn2CwNS7eWQwg7nKQ6P/8PlSwm8BFg7KBC+HUxHNW4= =stq6 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa23-4.0-4.1.patch" Content-Disposition: attachment; filename="xsa23-4.0-4.1.patch" Content-Transfer-Encoding: base64 eGVuL21tL3NoYWRvdzogY2hlY2sgdG9wbGV2ZWwgcGFnZXRhYmxlcyBhcmUg cHJlc2VudCBiZWZvcmUgdW5ob29raW5nIHRoZW0uCgpJZiB0aGUgZ3Vlc3Qg aGFzIG5vdCBmdWxseSBwb3B1bGF0ZWQgaXRzIHRvcC1sZXZlbCBQQUUgZW50 cmllcyB3aGVuIGl0IGNhbGxzCkhWTU9QX3BhZ2V0YWJsZV9keWluZywgdGhl IHNoYWRvdyBjb2RlIGNvdWxkIHRyeSB0byB1bmhvb2sgZW50cmllcyBmcm9t Ck1GTiAwLiAgQWRkIGEgY2hlY2sgdG8gYXZvaWQgdGhhdCBjYXNlLgoKVGhp cyBpc3N1ZSB3YXMgaW50cm9kdWNlZCBieSBjL3MgMjEyMzk6YjlkMmRiMTA5 Y2Y1LgoKVGhpcyBpcyBhIHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMyAvIENW RS0yMDEyLTQ1MzguCgpTaWduZWQtb2ZmLWJ5OiBUaW0gRGVlZ2FuIDx0aW1A eGVuLm9yZz4KVGVzdGVkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29v cGVyM0BjaXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4u Y2FtcGJlbGxAY2l0cml4LmNvbT4KCmRpZmYgLXIgYmZkMjJkNDBkYjA2IHhl bi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwotLS0gYS94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L211bHRpLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9tdWx0aS5jCkBAIC00NzM3LDggKzQ3MzcsMTIgQEAgc3RhdGljIHZv aWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2YwogICAgIH0KICAgICBm b3IgKCBpID0gMDsgaSA8IDQ7IGkrKyApCiAgICAgewotICAgICAgICBpZiAo IGZhc3RfcGF0aCApCi0gICAgICAgICAgICBzbWZuID0gX21mbihwYWdldGFi bGVfZ2V0X3Bmbih2LT5hcmNoLnNoYWRvd190YWJsZVtpXSkpOworICAgICAg ICBpZiAoIGZhc3RfcGF0aCApIHsKKyAgICAgICAgICAgIGlmICggcGFnZXRh YmxlX2lzX251bGwodi0+YXJjaC5zaGFkb3dfdGFibGVbaV0pICkKKyAgICAg ICAgICAgICAgICBzbWZuID0gX21mbihJTlZBTElEX01GTik7CisgICAgICAg ICAgICBlbHNlCisgICAgICAgICAgICAgICAgc21mbiA9IF9tZm4ocGFnZXRh YmxlX2dldF9wZm4odi0+YXJjaC5zaGFkb3dfdGFibGVbaV0pKTsKKyAgICAg ICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKICAgICAgICAgICAgIC8q IHJldHJpZXZpbmcgdGhlIGwycyAqLwo= --=separator Content-Type: application/octet-stream; name="xsa23-4.2-unstable.patch" Content-Disposition: attachment; filename="xsa23-4.2-unstable.patch" Content-Transfer-Encoding: base64 eGVuL21tL3NoYWRvdzogY2hlY2sgdG9wbGV2ZWwgcGFnZXRhYmxlcyBhcmUg cHJlc2VudCBiZWZvcmUgdW5ob29raW5nIHRoZW0uCgpJZiB0aGUgZ3Vlc3Qg aGFzIG5vdCBmdWxseSBwb3B1bGF0ZWQgaXRzIHRvcC1sZXZlbCBQQUUgZW50 cmllcyB3aGVuIGl0IGNhbGxzCkhWTU9QX3BhZ2V0YWJsZV9keWluZywgdGhl IHNoYWRvdyBjb2RlIGNvdWxkIHRyeSB0byB1bmhvb2sgZW50cmllcyBmcm9t Ck1GTiAwLiAgQWRkIGEgY2hlY2sgdG8gYXZvaWQgdGhhdCBjYXNlLgoKVGhp cyBpc3N1ZSB3YXMgaW50cm9kdWNlZCBieSBjL3MgMjEyMzk6YjlkMmRiMTA5 Y2Y1LgoKVGhpcyBpcyBhIHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMyAvIENW RS0yMDEyLTQ1MzguCgpTaWduZWQtb2ZmLWJ5OiBUaW0gRGVlZ2FuIDx0aW1A eGVuLm9yZz4KVGVzdGVkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29v cGVyM0BjaXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4u Y2FtcGJlbGxAY2l0cml4LmNvbT4KCmRpZmYgLXIgY2M1NmMwMzk0ZGI3IHhl bi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwotLS0gYS94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L211bHRpLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9tdWx0aS5jCkBAIC00NzM0LDggKzQ3MzQsMTIgQEAgc3RhdGljIHZv aWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2YwogICAgICAgICB1bnNp Z25lZCBsb25nIGdmbjsKICAgICAgICAgbWZuX3Qgc21mbiwgZ21mbjsKIAot ICAgICAgICBpZiAoIGZhc3RfcGF0aCApCi0gICAgICAgICAgICBzbWZuID0g X21mbihwYWdldGFibGVfZ2V0X3Bmbih2LT5hcmNoLnNoYWRvd190YWJsZVtp XSkpOworICAgICAgICBpZiAoIGZhc3RfcGF0aCApIHsKKyAgICAgICAgICAg IGlmICggcGFnZXRhYmxlX2lzX251bGwodi0+YXJjaC5zaGFkb3dfdGFibGVb aV0pICkKKyAgICAgICAgICAgICAgICBzbWZuID0gX21mbihJTlZBTElEX01G Tik7CisgICAgICAgICAgICBlbHNlCisgICAgICAgICAgICAgICAgc21mbiA9 IF9tZm4ocGFnZXRhYmxlX2dldF9wZm4odi0+YXJjaC5zaGFkb3dfdGFibGVb aV0pKTsKKyAgICAgICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKICAg ICAgICAgICAgIC8qIHJldHJpZXZpbmcgdGhlIGwycyAqLwo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:05 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3B-0001oI-6h; Tue, 13 Nov 2012 12:57:09 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2V-0001KB-3Q; Tue, 13 Nov 2012 12:56:27 +0000 Received: from [85.158.138.51:16995] by server-13.bemta-3.messagelabs.com id A6/38-24887-A7342A05; Tue, 13 Nov 2012 12:56:26 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-12.tower-174.messagelabs.com!1352811384!21908767!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 29012 invoked from network); 13 Nov 2012 12:56:25 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-12.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:25 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2K-0008Ud-76; Tue, 13 Nov 2012 12:56:16 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2K-0000zq-49; Tue, 13 Nov 2012 12:56:16 +0000 Date: Tue, 13 Nov 2012 12:56:16 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4538 / XSA-23 version 2 Unhooking empty PAE entries DoS vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The HVMOP_pagetable_dying hypercall does not correctly check the caller's pagetable state, leading to a hypervisor crash. IMPACT ====== An HVM guest running on shadow pagetables (that is, not HAP) can cause the hypervisor to crash. VULNERABLE SYSTEMS ================== All Xen versions from 4.0 onwards are vulnerable, except that: - systems that run only PV guests are not vulnerable - systems that run all HVM guests using HAP (which is the default on hardware that supports it) are not vulnerable. MITIGATION ========== This issue can be avoided by running only PV guests or by running all HVM guests using hardware-assisited paging (HAP, also called NPT, RVI and EPT). Xen will run guests using HAP by default on hardware that supports it, unless it is disbled by putting 'hap=0' either on the xen hypervisor command-line or in the VM's configuration. You can check whether a particular machine supports HAP by looking at xen's boot messages. On Xen 4.1, 4.2 and unstable, Xen will print "HVM: Hardware Assisted Paging (HAP) detected" during boot; on xen 4.0 the message is "HVM: Hardware Assisted Paging detected". RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa23-4.0-4.1.patch Xen 4.0.x, 4.1.x xsa23-4.2-unstable.patch Xen 4.2.x, xen-unstable $ sha256sum xsa23*.patch f696d597481595b14ac9577d1dad05fc97da68568f52db74d62f2e3dcb2c7a6e xsa23-4.0-4.1.patch 70ffea07e58e4a747bf3ec103f656ba2cd0d8986722e6a72023c57d802c65964 xsa23-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGsAAoJEIP+FMlX6CvZTagH/iyB7+Y5Ug2+3o0minW/xYe5 sVoRIxYhOuKIoRZFVHn3WvXc2PkL/sVCg8PoQnxCs1v4etALl6TTwE9CuJYVgbR7 9OiN6l/NAg2Qbcg3W1j5Har0syOFL5ZkrvIZ3xvER1lsSINKFJ/HBYf9Oe3KUAaD ffzgRupB/AcETIClv9qwhmSVgjDyNWEae4TS5MzvdUM5dDcCObg/OpyvCGx2MbA8 SF/s9bSwmUcEboy1wOm4wkTWfEJUCsE/ftpQRsEZPESOOXG5u2QB+EI1pbZ1SObx yhbDGE1Ex3T9u88t+7bSiFn2CwNS7eWQwg7nKQ6P/8PlSwm8BFg7KBC+HUxHNW4= =stq6 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa23-4.0-4.1.patch" Content-Disposition: attachment; filename="xsa23-4.0-4.1.patch" Content-Transfer-Encoding: base64 eGVuL21tL3NoYWRvdzogY2hlY2sgdG9wbGV2ZWwgcGFnZXRhYmxlcyBhcmUg cHJlc2VudCBiZWZvcmUgdW5ob29raW5nIHRoZW0uCgpJZiB0aGUgZ3Vlc3Qg aGFzIG5vdCBmdWxseSBwb3B1bGF0ZWQgaXRzIHRvcC1sZXZlbCBQQUUgZW50 cmllcyB3aGVuIGl0IGNhbGxzCkhWTU9QX3BhZ2V0YWJsZV9keWluZywgdGhl IHNoYWRvdyBjb2RlIGNvdWxkIHRyeSB0byB1bmhvb2sgZW50cmllcyBmcm9t Ck1GTiAwLiAgQWRkIGEgY2hlY2sgdG8gYXZvaWQgdGhhdCBjYXNlLgoKVGhp cyBpc3N1ZSB3YXMgaW50cm9kdWNlZCBieSBjL3MgMjEyMzk6YjlkMmRiMTA5 Y2Y1LgoKVGhpcyBpcyBhIHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMyAvIENW RS0yMDEyLTQ1MzguCgpTaWduZWQtb2ZmLWJ5OiBUaW0gRGVlZ2FuIDx0aW1A eGVuLm9yZz4KVGVzdGVkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29v cGVyM0BjaXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4u Y2FtcGJlbGxAY2l0cml4LmNvbT4KCmRpZmYgLXIgYmZkMjJkNDBkYjA2IHhl bi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwotLS0gYS94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L211bHRpLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9tdWx0aS5jCkBAIC00NzM3LDggKzQ3MzcsMTIgQEAgc3RhdGljIHZv aWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2YwogICAgIH0KICAgICBm b3IgKCBpID0gMDsgaSA8IDQ7IGkrKyApCiAgICAgewotICAgICAgICBpZiAo IGZhc3RfcGF0aCApCi0gICAgICAgICAgICBzbWZuID0gX21mbihwYWdldGFi bGVfZ2V0X3Bmbih2LT5hcmNoLnNoYWRvd190YWJsZVtpXSkpOworICAgICAg ICBpZiAoIGZhc3RfcGF0aCApIHsKKyAgICAgICAgICAgIGlmICggcGFnZXRh YmxlX2lzX251bGwodi0+YXJjaC5zaGFkb3dfdGFibGVbaV0pICkKKyAgICAg ICAgICAgICAgICBzbWZuID0gX21mbihJTlZBTElEX01GTik7CisgICAgICAg ICAgICBlbHNlCisgICAgICAgICAgICAgICAgc21mbiA9IF9tZm4ocGFnZXRh YmxlX2dldF9wZm4odi0+YXJjaC5zaGFkb3dfdGFibGVbaV0pKTsKKyAgICAg ICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKICAgICAgICAgICAgIC8q IHJldHJpZXZpbmcgdGhlIGwycyAqLwo= --=separator Content-Type: application/octet-stream; name="xsa23-4.2-unstable.patch" Content-Disposition: attachment; filename="xsa23-4.2-unstable.patch" Content-Transfer-Encoding: base64 eGVuL21tL3NoYWRvdzogY2hlY2sgdG9wbGV2ZWwgcGFnZXRhYmxlcyBhcmUg cHJlc2VudCBiZWZvcmUgdW5ob29raW5nIHRoZW0uCgpJZiB0aGUgZ3Vlc3Qg aGFzIG5vdCBmdWxseSBwb3B1bGF0ZWQgaXRzIHRvcC1sZXZlbCBQQUUgZW50 cmllcyB3aGVuIGl0IGNhbGxzCkhWTU9QX3BhZ2V0YWJsZV9keWluZywgdGhl IHNoYWRvdyBjb2RlIGNvdWxkIHRyeSB0byB1bmhvb2sgZW50cmllcyBmcm9t Ck1GTiAwLiAgQWRkIGEgY2hlY2sgdG8gYXZvaWQgdGhhdCBjYXNlLgoKVGhp cyBpc3N1ZSB3YXMgaW50cm9kdWNlZCBieSBjL3MgMjEyMzk6YjlkMmRiMTA5 Y2Y1LgoKVGhpcyBpcyBhIHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMyAvIENW RS0yMDEyLTQ1MzguCgpTaWduZWQtb2ZmLWJ5OiBUaW0gRGVlZ2FuIDx0aW1A eGVuLm9yZz4KVGVzdGVkLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29v cGVyM0BjaXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4u Y2FtcGJlbGxAY2l0cml4LmNvbT4KCmRpZmYgLXIgY2M1NmMwMzk0ZGI3IHhl bi9hcmNoL3g4Ni9tbS9zaGFkb3cvbXVsdGkuYwotLS0gYS94ZW4vYXJjaC94 ODYvbW0vc2hhZG93L211bHRpLmMKKysrIGIveGVuL2FyY2gveDg2L21tL3No YWRvdy9tdWx0aS5jCkBAIC00NzM0LDggKzQ3MzQsMTIgQEAgc3RhdGljIHZv aWQgc2hfcGFnZXRhYmxlX2R5aW5nKHN0cnVjdCB2YwogICAgICAgICB1bnNp Z25lZCBsb25nIGdmbjsKICAgICAgICAgbWZuX3Qgc21mbiwgZ21mbjsKIAot ICAgICAgICBpZiAoIGZhc3RfcGF0aCApCi0gICAgICAgICAgICBzbWZuID0g X21mbihwYWdldGFibGVfZ2V0X3Bmbih2LT5hcmNoLnNoYWRvd190YWJsZVtp XSkpOworICAgICAgICBpZiAoIGZhc3RfcGF0aCApIHsKKyAgICAgICAgICAg IGlmICggcGFnZXRhYmxlX2lzX251bGwodi0+YXJjaC5zaGFkb3dfdGFibGVb aV0pICkKKyAgICAgICAgICAgICAgICBzbWZuID0gX21mbihJTlZBTElEX01G Tik7CisgICAgICAgICAgICBlbHNlCisgICAgICAgICAgICAgICAgc21mbiA9 IF9tZm4ocGFnZXRhYmxlX2dldF9wZm4odi0+YXJjaC5zaGFkb3dfdGFibGVb aV0pKTsKKyAgICAgICAgfQogICAgICAgICBlbHNlCiAgICAgICAgIHsKICAg ICAgICAgICAgIC8qIHJldHJpZXZpbmcgdGhlIGwycyAqLwo= --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:06 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3C-0001pf-JH; Tue, 13 Nov 2012 12:57:10 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2a-0001M3-RT; Tue, 13 Nov 2012 12:56:33 +0000 Received: from [85.158.139.83:49729] by server-14.bemta-5.messagelabs.com id 6B/EC-21768-F7342A05; Tue, 13 Nov 2012 12:56:31 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-2.tower-182.messagelabs.com!1352811383!30047820!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 28709 invoked from network); 13 Nov 2012 12:56:24 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-2.tower-182.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:24 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2H-0008UJ-Od; Tue, 13 Nov 2012 12:56:13 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2H-0000zc-Mt; Tue, 13 Nov 2012 12:56:13 +0000 Date: Tue, 13 Nov 2012 12:56:13 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4537 / XSA-22 version 4 Memory mapping failure DoS vulnerability UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= When set_p2m_entry fails, Xen's internal data structures (the p2m and m2p tables) can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen to fail an assertion and crash. IMPACT ====== A malicious guest administrator might be able to cause Xen to crash. VULNERABLE SYSTEMS ================== All versions of Xen since at least 3.4 are vulnerable. The vulnerability is only exposed to HVM guests. MITIGATION ========== There is no mitigation available other than to use a trusted guest kernel. RESOLUTION ========== The attached patch resolves this issue. Applying the appropriate attached patch resolves this issue. xsa22-4.2-unstable.patch Xen 4.2.x, xen-unstable xsa22-4.1.patch Xen 4.1.x xsa22-4.0.patch Xen 4.0.x xsa22-3.4.patch Xen 3.4.x $ sha256sum xsa22*.patch fe21558f098340451a275c468a7b2209915676f4f41ec394970c6aa0df3d93d3 xsa22-3.4.patch b7e635ae07f31ac8ecb8732152ba66897ea6d0f5e30468e35d7c37379c7369bb xsa22-4.0.patch e699e7af6b90e60531d98f04197141c4caf5eb4cdb312a43e736830eb17d32e1 xsa22-4.1.patch 8dbf850b903179807257febe12a15cb131968e65d2e90dbd3a5f72b83d2f931a xsa22-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGpAAoJEIP+FMlX6CvZUsEIAIL7FtUpAgYTG73BXIpIoJ1h L85yaAhizzuwWAHMwLBD/oMs+OPzIXsCp4rBHI8XPQ0rf3YeHSj8uI+ta17Th1Gb KuFFlDPujh5EiE0yel8u21hgsJ7rUpA04jPeYDbVbHPVC6bywf7pkChCEPos/Ze9 gAlRVptdBXH2nGmSyMFDfoby60lDXa7ZP0KoJUyuUG69zDMzlANLiEvk/+mN4YKB W4uiaYlCeDfrCn4T8Pk9rTMdDWmCsbQpZQRqwwNXdUa/EX0Ccv/QdcppPHoylYeK DQ9GPZOtDsm4s1M/J1oPVXZI7X/vLuBwje4/hhisFFiO4kLffcKCSopSizgLlO0= =82B5 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa22-3.4.patch" Content-Disposition: attachment; filename="xsa22-3.4.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgpbIEFkZCBiYWNrcG9ydCBvZiAyMDUxNjpj NGU2MjBhMmU2NWMgdG8gY29ycmVjdCBlcnJvciByZXR1cm4gZnJvbSBzZXRf cDJtX2VudHJ5IF0KCmRpZmYgLXIgMTQ3MDlkMTk2ZTQzIHhlbi9hcmNoL3g4 Ni9tbS9wMm0uYwotLS0gYS94ZW4vYXJjaC94ODYvbW0vcDJtLmMJV2VkIEp1 biAzMCAxODoyNjoxMyAyMDEwICswMTAwCisrKyBiL3hlbi9hcmNoL3g4Ni9t bS9wMm0uYwlGcmkgT2N0IDI2IDExOjI3OjQ0IDIwMTIgKzAxMDAKQEAgLTE1 MDAsMTQgKzE1MDAsMTUgQEAgaW50IHNldF9wMm1fZW50cnkoc3RydWN0IGRv bWFpbiAqZCwgdW5zaQogewogICAgIHVuc2lnbmVkIGxvbmcgdG9kbyA9IDF1 bCA8PCBwYWdlX29yZGVyOwogICAgIHVuc2lnbmVkIGludCBvcmRlcjsKLSAg ICBpbnQgcmMgPSAwOworICAgIGludCByYyA9IDE7CiAKICAgICB3aGlsZSAo IHRvZG8gKQogICAgIHsKICAgICAgICAgb3JkZXIgPSAoKCgoZ2ZuIHwgbWZu X3gobWZuKSB8IHRvZG8pICYgKFNVUEVSUEFHRV9QQUdFUyAtIDEpKSA9PSAw KSAmJgogICAgICAgICAgICAgICAgICBodm1faGFwX2hhc18ybWIoZCkpID8g OSA6IDA7CiAKLSAgICAgICAgcmMgPSBkLT5hcmNoLnAybS0+c2V0X2VudHJ5 KGQsIGdmbiwgbWZuLCBvcmRlciwgcDJtdCk7CisgICAgICAgIGlmICggIWQt PmFyY2gucDJtLT5zZXRfZW50cnkoZCwgZ2ZuLCBtZm4sIG9yZGVyLCBwMm10 KSApCisgICAgICAgICAgICByYyA9IDA7CiAgICAgICAgIGdmbiArPSAxdWwg PDwgb3JkZXI7CiAgICAgICAgIGlmICggbWZuX3gobWZuKSAhPSBJTlZBTElE X01GTiApCiAgICAgICAgICAgICBtZm4gPSBfbWZuKG1mbl94KG1mbikgKyAo MXVsIDw8IG9yZGVyKSk7CkBAIC0yMDU0LDcgKzIwNTUsMTAgQEAgZ3Vlc3Rf cGh5c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAqZAogICAgIGlmICgg bWZuX3ZhbGlkKF9tZm4obWZuKSkgKSAKICAgICB7CiAgICAgICAgIGlmICgg IXNldF9wMm1fZW50cnkoZCwgZ2ZuLCBfbWZuKG1mbiksIHBhZ2Vfb3JkZXIs IHQpICkKKyAgICAgICAgewogICAgICAgICAgICAgcmMgPSAtRUlOVkFMOwor ICAgICAgICAgICAgZ290byBvdXQ7IC8qIEZhaWxlZCB0byB1cGRhdGUgcDJt LCBiYWlsIHdpdGhvdXQgdXBkYXRpbmcgbTJwLiAqLworICAgICAgICB9CiAg ICAgICAgIGZvciAoIGkgPSAwOyBpIDwgKDFVTCA8PCBwYWdlX29yZGVyKTsg aSsrICkKICAgICAgICAgICAgIHNldF9ncGZuX2Zyb21fbWZuKG1mbitpLCBn Zm4raSk7CiAgICAgfQpAQCAtMjA3Miw2ICsyMDc2LDcgQEAgZ3Vlc3RfcGh5 c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAqZAogICAgICAgICB9CiAg ICAgfQogCitvdXQ6CiAgICAgYXVkaXRfcDJtKGQpOwogICAgIHAybV91bmxv Y2soZC0+YXJjaC5wMm0pOwogCg== --=separator Content-Type: application/octet-stream; name="xsa22-4.0.patch" Content-Disposition: attachment; filename="xsa22-4.0.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBiNDRjNzJmMThmOWYgeGVu L2FyY2gveDg2L21tL3AybS5jCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YworKysgYi94ZW4vYXJjaC94ODYvbW0vcDJtLmMKQEAgLTIyMDcsNyArMjIw NywxMCBAQCBndWVzdF9waHlzbWFwX2FkZF9lbnRyeShzdHJ1Y3QgZG9tYWlu ICpkCiAgICAgaWYgKCBtZm5fdmFsaWQoX21mbihtZm4pKSApIAogICAgIHsK ICAgICAgICAgaWYgKCAhc2V0X3AybV9lbnRyeShkLCBnZm4sIF9tZm4obWZu KSwgcGFnZV9vcmRlciwgdCkgKQorICAgICAgICB7CiAgICAgICAgICAgICBy YyA9IC1FSU5WQUw7CisgICAgICAgICAgICBnb3RvIG91dDsgLyogRmFpbGVk IHRvIHVwZGF0ZSBwMm0sIGJhaWwgd2l0aG91dCB1cGRhdGluZyBtMnAuICov CisgICAgICAgIH0KICAgICAgICAgaWYgKCAhcDJtX2lzX2dyYW50KHQpICkK ICAgICAgICAgewogICAgICAgICAgICAgZm9yICggaSA9IDA7IGkgPCAoMVVM IDw8IHBhZ2Vfb3JkZXIpOyBpKysgKQpAQCAtMjIyOCw2ICsyMjMxLDcgQEAg Z3Vlc3RfcGh5c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAqZAogICAg ICAgICB9CiAgICAgfQogCitvdXQ6CiAgICAgYXVkaXRfcDJtKGQpOwogICAg IHAybV91bmxvY2soZC0+YXJjaC5wMm0pOwogCg== --=separator Content-Type: application/octet-stream; name="xsa22-4.1.patch" Content-Disposition: attachment; filename="xsa22-4.1.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciAzYTI3ZjRlNDRiNmEgeGVu L2FyY2gveDg2L21tL3AybS5jCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YworKysgYi94ZW4vYXJjaC94ODYvbW0vcDJtLmMKQEAgLTI1NTgsNyArMjU1 OCwxMCBAQCBndWVzdF9waHlzbWFwX2FkZF9lbnRyeShzdHJ1Y3QgcDJtX2Rv bWFpCiAgICAgaWYgKCBtZm5fdmFsaWQoX21mbihtZm4pKSApIAogICAgIHsK ICAgICAgICAgaWYgKCAhc2V0X3AybV9lbnRyeShwMm0sIGdmbiwgX21mbiht Zm4pLCBwYWdlX29yZGVyLCB0LCBwMm0tPmRlZmF1bHRfYWNjZXNzKSApCisg ICAgICAgIHsKICAgICAgICAgICAgIHJjID0gLUVJTlZBTDsKKyAgICAgICAg ICAgIGdvdG8gb3V0OyAvKiBGYWlsZWQgdG8gdXBkYXRlIHAybSwgYmFpbCB3 aXRob3V0IHVwZGF0aW5nIG0ycC4gKi8KKyAgICAgICAgfQogICAgICAgICBp ZiAoICFwMm1faXNfZ3JhbnQodCkgKQogICAgICAgICB7CiAgICAgICAgICAg ICBmb3IgKCBpID0gMDsgaSA8ICgxVUwgPDwgcGFnZV9vcmRlcik7IGkrKyAp CkBAIC0yNTc5LDYgKzI1ODIsNyBAQCBndWVzdF9waHlzbWFwX2FkZF9lbnRy eShzdHJ1Y3QgcDJtX2RvbWFpCiAgICAgICAgIH0KICAgICB9CiAKK291dDoK ICAgICBhdWRpdF9wMm0ocDJtLCAxKTsKICAgICBwMm1fdW5sb2NrKHAybSk7 CiAK --=separator Content-Type: application/octet-stream; name="xsa22-4.2-unstable.patch" Content-Disposition: attachment; filename="xsa22-4.2-unstable.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBmNTNiOWY5MTVjM2QgeGVu L2FyY2gveDg2L21tL3AybS5jCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YworKysgYi94ZW4vYXJjaC94ODYvbW0vcDJtLmMKQEAgLTYzMyw3ICs2MzMs MTAgQEAgZ3Vlc3RfcGh5c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAq ZAogICAgIGlmICggbWZuX3ZhbGlkKF9tZm4obWZuKSkgKSAKICAgICB7CiAg ICAgICAgIGlmICggIXNldF9wMm1fZW50cnkocDJtLCBnZm4sIF9tZm4obWZu KSwgcGFnZV9vcmRlciwgdCwgcDJtLT5kZWZhdWx0X2FjY2VzcykgKQorICAg ICAgICB7CiAgICAgICAgICAgICByYyA9IC1FSU5WQUw7CisgICAgICAgICAg ICBnb3RvIG91dDsgLyogRmFpbGVkIHRvIHVwZGF0ZSBwMm0sIGJhaWwgd2l0 aG91dCB1cGRhdGluZyBtMnAuICovCisgICAgICAgIH0KICAgICAgICAgaWYg KCAhcDJtX2lzX2dyYW50KHQpICkKICAgICAgICAgewogICAgICAgICAgICAg Zm9yICggaSA9IDA7IGkgPCAoMVVMIDw8IHBhZ2Vfb3JkZXIpOyBpKysgKQpA QCAtNjU2LDYgKzY1OSw3IEBAIGd1ZXN0X3BoeXNtYXBfYWRkX2VudHJ5KHN0 cnVjdCBkb21haW4gKmQKICAgICAgICAgfQogICAgIH0KIAorb3V0OgogICAg IHAybV91bmxvY2socDJtKTsKIAogICAgIHJldHVybiByYzsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:06 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3C-0001pf-JH; Tue, 13 Nov 2012 12:57:10 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2a-0001M3-RT; Tue, 13 Nov 2012 12:56:33 +0000 Received: from [85.158.139.83:49729] by server-14.bemta-5.messagelabs.com id 6B/EC-21768-F7342A05; Tue, 13 Nov 2012 12:56:31 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-2.tower-182.messagelabs.com!1352811383!30047820!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 28709 invoked from network); 13 Nov 2012 12:56:24 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-2.tower-182.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:24 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2H-0008UJ-Od; Tue, 13 Nov 2012 12:56:13 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2H-0000zc-Mt; Tue, 13 Nov 2012 12:56:13 +0000 Date: Tue, 13 Nov 2012 12:56:13 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4537 / XSA-22 version 4 Memory mapping failure DoS vulnerability UPDATES IN VERSION 4 ==================== Public release. ISSUE DESCRIPTION ================= When set_p2m_entry fails, Xen's internal data structures (the p2m and m2p tables) can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen to fail an assertion and crash. IMPACT ====== A malicious guest administrator might be able to cause Xen to crash. VULNERABLE SYSTEMS ================== All versions of Xen since at least 3.4 are vulnerable. The vulnerability is only exposed to HVM guests. MITIGATION ========== There is no mitigation available other than to use a trusted guest kernel. RESOLUTION ========== The attached patch resolves this issue. Applying the appropriate attached patch resolves this issue. xsa22-4.2-unstable.patch Xen 4.2.x, xen-unstable xsa22-4.1.patch Xen 4.1.x xsa22-4.0.patch Xen 4.0.x xsa22-3.4.patch Xen 3.4.x $ sha256sum xsa22*.patch fe21558f098340451a275c468a7b2209915676f4f41ec394970c6aa0df3d93d3 xsa22-3.4.patch b7e635ae07f31ac8ecb8732152ba66897ea6d0f5e30468e35d7c37379c7369bb xsa22-4.0.patch e699e7af6b90e60531d98f04197141c4caf5eb4cdb312a43e736830eb17d32e1 xsa22-4.1.patch 8dbf850b903179807257febe12a15cb131968e65d2e90dbd3a5f72b83d2f931a xsa22-4.2-unstable.patch $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGpAAoJEIP+FMlX6CvZUsEIAIL7FtUpAgYTG73BXIpIoJ1h L85yaAhizzuwWAHMwLBD/oMs+OPzIXsCp4rBHI8XPQ0rf3YeHSj8uI+ta17Th1Gb KuFFlDPujh5EiE0yel8u21hgsJ7rUpA04jPeYDbVbHPVC6bywf7pkChCEPos/Ze9 gAlRVptdBXH2nGmSyMFDfoby60lDXa7ZP0KoJUyuUG69zDMzlANLiEvk/+mN4YKB W4uiaYlCeDfrCn4T8Pk9rTMdDWmCsbQpZQRqwwNXdUa/EX0Ccv/QdcppPHoylYeK DQ9GPZOtDsm4s1M/J1oPVXZI7X/vLuBwje4/hhisFFiO4kLffcKCSopSizgLlO0= =82B5 -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa22-3.4.patch" Content-Disposition: attachment; filename="xsa22-3.4.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgpbIEFkZCBiYWNrcG9ydCBvZiAyMDUxNjpj NGU2MjBhMmU2NWMgdG8gY29ycmVjdCBlcnJvciByZXR1cm4gZnJvbSBzZXRf cDJtX2VudHJ5IF0KCmRpZmYgLXIgMTQ3MDlkMTk2ZTQzIHhlbi9hcmNoL3g4 Ni9tbS9wMm0uYwotLS0gYS94ZW4vYXJjaC94ODYvbW0vcDJtLmMJV2VkIEp1 biAzMCAxODoyNjoxMyAyMDEwICswMTAwCisrKyBiL3hlbi9hcmNoL3g4Ni9t bS9wMm0uYwlGcmkgT2N0IDI2IDExOjI3OjQ0IDIwMTIgKzAxMDAKQEAgLTE1 MDAsMTQgKzE1MDAsMTUgQEAgaW50IHNldF9wMm1fZW50cnkoc3RydWN0IGRv bWFpbiAqZCwgdW5zaQogewogICAgIHVuc2lnbmVkIGxvbmcgdG9kbyA9IDF1 bCA8PCBwYWdlX29yZGVyOwogICAgIHVuc2lnbmVkIGludCBvcmRlcjsKLSAg ICBpbnQgcmMgPSAwOworICAgIGludCByYyA9IDE7CiAKICAgICB3aGlsZSAo IHRvZG8gKQogICAgIHsKICAgICAgICAgb3JkZXIgPSAoKCgoZ2ZuIHwgbWZu X3gobWZuKSB8IHRvZG8pICYgKFNVUEVSUEFHRV9QQUdFUyAtIDEpKSA9PSAw KSAmJgogICAgICAgICAgICAgICAgICBodm1faGFwX2hhc18ybWIoZCkpID8g OSA6IDA7CiAKLSAgICAgICAgcmMgPSBkLT5hcmNoLnAybS0+c2V0X2VudHJ5 KGQsIGdmbiwgbWZuLCBvcmRlciwgcDJtdCk7CisgICAgICAgIGlmICggIWQt PmFyY2gucDJtLT5zZXRfZW50cnkoZCwgZ2ZuLCBtZm4sIG9yZGVyLCBwMm10 KSApCisgICAgICAgICAgICByYyA9IDA7CiAgICAgICAgIGdmbiArPSAxdWwg PDwgb3JkZXI7CiAgICAgICAgIGlmICggbWZuX3gobWZuKSAhPSBJTlZBTElE X01GTiApCiAgICAgICAgICAgICBtZm4gPSBfbWZuKG1mbl94KG1mbikgKyAo MXVsIDw8IG9yZGVyKSk7CkBAIC0yMDU0LDcgKzIwNTUsMTAgQEAgZ3Vlc3Rf cGh5c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAqZAogICAgIGlmICgg bWZuX3ZhbGlkKF9tZm4obWZuKSkgKSAKICAgICB7CiAgICAgICAgIGlmICgg IXNldF9wMm1fZW50cnkoZCwgZ2ZuLCBfbWZuKG1mbiksIHBhZ2Vfb3JkZXIs IHQpICkKKyAgICAgICAgewogICAgICAgICAgICAgcmMgPSAtRUlOVkFMOwor ICAgICAgICAgICAgZ290byBvdXQ7IC8qIEZhaWxlZCB0byB1cGRhdGUgcDJt LCBiYWlsIHdpdGhvdXQgdXBkYXRpbmcgbTJwLiAqLworICAgICAgICB9CiAg ICAgICAgIGZvciAoIGkgPSAwOyBpIDwgKDFVTCA8PCBwYWdlX29yZGVyKTsg aSsrICkKICAgICAgICAgICAgIHNldF9ncGZuX2Zyb21fbWZuKG1mbitpLCBn Zm4raSk7CiAgICAgfQpAQCAtMjA3Miw2ICsyMDc2LDcgQEAgZ3Vlc3RfcGh5 c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAqZAogICAgICAgICB9CiAg ICAgfQogCitvdXQ6CiAgICAgYXVkaXRfcDJtKGQpOwogICAgIHAybV91bmxv Y2soZC0+YXJjaC5wMm0pOwogCg== --=separator Content-Type: application/octet-stream; name="xsa22-4.0.patch" Content-Disposition: attachment; filename="xsa22-4.0.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBiNDRjNzJmMThmOWYgeGVu L2FyY2gveDg2L21tL3AybS5jCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YworKysgYi94ZW4vYXJjaC94ODYvbW0vcDJtLmMKQEAgLTIyMDcsNyArMjIw NywxMCBAQCBndWVzdF9waHlzbWFwX2FkZF9lbnRyeShzdHJ1Y3QgZG9tYWlu ICpkCiAgICAgaWYgKCBtZm5fdmFsaWQoX21mbihtZm4pKSApIAogICAgIHsK ICAgICAgICAgaWYgKCAhc2V0X3AybV9lbnRyeShkLCBnZm4sIF9tZm4obWZu KSwgcGFnZV9vcmRlciwgdCkgKQorICAgICAgICB7CiAgICAgICAgICAgICBy YyA9IC1FSU5WQUw7CisgICAgICAgICAgICBnb3RvIG91dDsgLyogRmFpbGVk IHRvIHVwZGF0ZSBwMm0sIGJhaWwgd2l0aG91dCB1cGRhdGluZyBtMnAuICov CisgICAgICAgIH0KICAgICAgICAgaWYgKCAhcDJtX2lzX2dyYW50KHQpICkK ICAgICAgICAgewogICAgICAgICAgICAgZm9yICggaSA9IDA7IGkgPCAoMVVM IDw8IHBhZ2Vfb3JkZXIpOyBpKysgKQpAQCAtMjIyOCw2ICsyMjMxLDcgQEAg Z3Vlc3RfcGh5c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAqZAogICAg ICAgICB9CiAgICAgfQogCitvdXQ6CiAgICAgYXVkaXRfcDJtKGQpOwogICAg IHAybV91bmxvY2soZC0+YXJjaC5wMm0pOwogCg== --=separator Content-Type: application/octet-stream; name="xsa22-4.1.patch" Content-Disposition: attachment; filename="xsa22-4.1.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciAzYTI3ZjRlNDRiNmEgeGVu L2FyY2gveDg2L21tL3AybS5jCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YworKysgYi94ZW4vYXJjaC94ODYvbW0vcDJtLmMKQEAgLTI1NTgsNyArMjU1 OCwxMCBAQCBndWVzdF9waHlzbWFwX2FkZF9lbnRyeShzdHJ1Y3QgcDJtX2Rv bWFpCiAgICAgaWYgKCBtZm5fdmFsaWQoX21mbihtZm4pKSApIAogICAgIHsK ICAgICAgICAgaWYgKCAhc2V0X3AybV9lbnRyeShwMm0sIGdmbiwgX21mbiht Zm4pLCBwYWdlX29yZGVyLCB0LCBwMm0tPmRlZmF1bHRfYWNjZXNzKSApCisg ICAgICAgIHsKICAgICAgICAgICAgIHJjID0gLUVJTlZBTDsKKyAgICAgICAg ICAgIGdvdG8gb3V0OyAvKiBGYWlsZWQgdG8gdXBkYXRlIHAybSwgYmFpbCB3 aXRob3V0IHVwZGF0aW5nIG0ycC4gKi8KKyAgICAgICAgfQogICAgICAgICBp ZiAoICFwMm1faXNfZ3JhbnQodCkgKQogICAgICAgICB7CiAgICAgICAgICAg ICBmb3IgKCBpID0gMDsgaSA8ICgxVUwgPDwgcGFnZV9vcmRlcik7IGkrKyAp CkBAIC0yNTc5LDYgKzI1ODIsNyBAQCBndWVzdF9waHlzbWFwX2FkZF9lbnRy eShzdHJ1Y3QgcDJtX2RvbWFpCiAgICAgICAgIH0KICAgICB9CiAKK291dDoK ICAgICBhdWRpdF9wMm0ocDJtLCAxKTsKICAgICBwMm1fdW5sb2NrKHAybSk7 CiAK --=separator Content-Type: application/octet-stream; name="xsa22-4.2-unstable.patch" Content-Disposition: attachment; filename="xsa22-4.2-unstable.patch" Content-Transfer-Encoding: base64 eDg2L3BoeXNtYXA6IFByZXZlbnQgaW5jb3JyZWN0IHVwZGF0ZXMgb2YgbTJw IG1hcHBpbmdzCgpJbiBjZXJ0YWluIGNvbmRpdGlvbnMsIHN1Y2ggYXMgbG93 IG1lbW9yeSwgc2V0X3AybV9lbnRyeSgpIGNhbiBmYWlsLgpDdXJyZW50bHks IHRoZSBwMm0gYW5kIG0ycCB0YWJsZXMgd2lsbCBnZXQgb3V0IG9mIHN5bmMg YmVjYXVzZSB3ZSBzdGlsbAp1cGRhdGUgdGhlIG0ycCB0YWJsZSBhZnRlciB0 aGUgcDJtIHVwZGF0ZSBoYXMgZmFpbGVkLgoKSWYgdGhhdCBoYXBwZW5zLCBz dWJzZXF1ZW50IGd1ZXN0LWludm9rZWQgbWVtb3J5IG9wZXJhdGlvbnMgY2Fu IGNhdXNlCkJVRygpcyBhbmQgQVNTRVJUKClzIHRvIGtpbGwgWGVuLgoKVGhp cyBpcyBmaXhlZCBieSBvbmx5IHVwZGF0aW5nIHRoZSBtMnAgdGFibGUgaWZm IHRoZSBwMm0gd2FzCnN1Y2Nlc3NmdWxseSB1cGRhdGVkLgoKVGhpcyBpcyBh IHNlY3VyaXR5IHByb2JsZW0sIFhTQS0yMiAvIENWRS0yMDEyLTQ1MzcuCgpT aWduZWQtb2ZmLWJ5OiBBbmRyZXcgQ29vcGVyIDxhbmRyZXcuY29vcGVyM0Bj aXRyaXguY29tPgpBY2tlZC1ieTogSWFuIENhbXBiZWxsIDxpYW4uY2FtcGJl bGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNrc29uIDxpYW4uamFj a3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBmNTNiOWY5MTVjM2QgeGVu L2FyY2gveDg2L21tL3AybS5jCi0tLSBhL3hlbi9hcmNoL3g4Ni9tbS9wMm0u YworKysgYi94ZW4vYXJjaC94ODYvbW0vcDJtLmMKQEAgLTYzMyw3ICs2MzMs MTAgQEAgZ3Vlc3RfcGh5c21hcF9hZGRfZW50cnkoc3RydWN0IGRvbWFpbiAq ZAogICAgIGlmICggbWZuX3ZhbGlkKF9tZm4obWZuKSkgKSAKICAgICB7CiAg ICAgICAgIGlmICggIXNldF9wMm1fZW50cnkocDJtLCBnZm4sIF9tZm4obWZu KSwgcGFnZV9vcmRlciwgdCwgcDJtLT5kZWZhdWx0X2FjY2VzcykgKQorICAg ICAgICB7CiAgICAgICAgICAgICByYyA9IC1FSU5WQUw7CisgICAgICAgICAg ICBnb3RvIG91dDsgLyogRmFpbGVkIHRvIHVwZGF0ZSBwMm0sIGJhaWwgd2l0 aG91dCB1cGRhdGluZyBtMnAuICovCisgICAgICAgIH0KICAgICAgICAgaWYg KCAhcDJtX2lzX2dyYW50KHQpICkKICAgICAgICAgewogICAgICAgICAgICAg Zm9yICggaSA9IDA7IGkgPCAoMVVMIDw8IHBhZ2Vfb3JkZXIpOyBpKysgKQpA QCAtNjU2LDYgKzY1OSw3IEBAIGd1ZXN0X3BoeXNtYXBfYWRkX2VudHJ5KHN0 cnVjdCBkb21haW4gKmQKICAgICAgICAgfQogICAgIH0KIAorb3V0OgogICAg IHAybV91bmxvY2socDJtKTsKIAogICAgIHJldHVybiByYzsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:06 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3D-0001qJ-7x; Tue, 13 Nov 2012 12:57:11 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2d-0001NS-S4; Tue, 13 Nov 2012 12:56:36 +0000 Received: from [85.158.138.51:17606] by server-3.bemta-3.messagelabs.com id F8/84-31566-28342A05; Tue, 13 Nov 2012 12:56:34 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-6.tower-174.messagelabs.com!1352811391!21808416!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30348 invoked from network); 13 Nov 2012 12:56:32 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-6.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:32 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2R-0008VH-9g; Tue, 13 Nov 2012 12:56:23 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2R-00010J-89; Tue, 13 Nov 2012 12:56:23 +0000 Date: Tue, 13 Nov 2012 12:56:23 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 25 (CVE-2012-4544, CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to apologise for the fact that xen-announce's copy of version 1 of this advisory was delayed in mailing list moderation. ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. (CVE-2012-4544) Additionally, under similar circumstances pygrub consume excessive amount of memory under similar circumstances to the above. (CVE-2012-2625) IMPACT ====== A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0 leading to a denial of service attack. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== Running only trusted kernels and ramdisks will avoid these vulnerabilities. Using pvgrub also avoids these vulnerabilities since the builder will run in guest context. (nb: use of pygrub *is* vulnerable). Running only HVM guests will avoid these vulnerabilities. RESOLUTION ========== Applying the appropriate attached patch resolves these issues. The pygrub problem (CVE-2012-2625) was fixed in xen-unstable (and the fix inherited by Xen 4.2.x) in revision 25589:60f09d1ab1fe but not called out as a security problem. This fix is also included, where necessary, in the patches below. xsa25-unstable.patch Xen unstable xsa25-4.2.patch Xen 4.2.x xsa25-4.1.patch Xen 4.1.x $ sha256sum xsa25*.patch 613e4b82cdc9cabf9cbd52076118887b298c47e680c2066a28a77f12e9f90606 xsa25-4.1.patch 135bc089d003f9b97991764c37b1ab8d37e9cbcfa1b9bd7429b4503abe00c8f5 xsa25-4.2.patch 534495b7eef6e599f5814f0a67fc84fbe2e8eee9d223a09ad178ff63bdcda3dd xsa25-unstable.patch Note that these patches impose a new size limit of 1Gby on both the compressed and uncompressed sizes of ramdisks. On some systems it may be desirable to relax these limits and risk virtual address or memory exhaustion in the toolstack. This can be achieved by setting XC_DOM_DECOMPRESS_MAX to the desired limit (in bytes). This can be done by building with "APPEND_CFLAGS=-DXC_DOM_DECOMPRESS_MAX=" or by editing tools/libxc/xc_dom.h directly. NOTE REGARDING LACK OF EMBARGO ============================== These issues have already been discussed in public in various places, including https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 and http://bugs.debian.org/688125. This advisory is therefore not subject to an embargo. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGyAAoJEIP+FMlX6CvZl7wH/RdoQHGDcbgVEh5fuS5VzPpw RZ0sm6bpI7eclqaN6+thX9SA5qeycvyj2zq769yUGSiHR+BUNw6HRJZ+XAAF0IIx nb4VEdS2+Hz1kyTUAeZu3z/5HyfFamKY9Lhhj/47DBTtO5Xl1pjOCA0bC4ZDtIm1 ffFVhOmTcmQEWXW1z27Vj9hSgQeGsqHTcOys6H0nYpLITDIZqBkGv8MZl4X0/Wtl zs2prG8HEWsysKel5Q/dt7De84OV3LgP1/2a+aMkLi+RgKWP+naKAXfYqVAS4mLw K+mv2MrmhgNxzEWp/sZX0q1QNvnJf+xKYHOBcP+hUlQIQwD/NQejdAdmNVPem7s= =Pfj+ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa25-4.1.patch" Content-Disposition: attachment; filename="xsa25-4.1.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgpbIEluY2x1ZGVzIDI1 NTg5OjYwZjA5ZDFhYjFmZSBmb3IgQ1ZFLTIwMTItMjYyNSBdCgpkaWZmIC0t Z2l0IGEvc3R1YmRvbS9ncnViL2tleGVjLmMgYi9zdHViZG9tL2dydWIva2V4 ZWMuYwppbmRleCAwNmJlZjUyLi5iMjFjOTFhIDEwMDY0NAotLS0gYS9zdHVi ZG9tL2dydWIva2V4ZWMuYworKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwpA QCAtMTM3LDYgKzEzNywxMCBAQCB2b2lkIGtleGVjKHZvaWQgKmtlcm5lbCwg bG9uZyBrZXJuZWxfc2l6ZSwgdm9pZCAqbW9kdWxlLCBsb25nIG1vZHVsZV9z aXplLCBjaGFyCiAgICAgZG9tID0geGNfZG9tX2FsbG9jYXRlKHhjX2hhbmRs ZSwgY21kbGluZSwgZmVhdHVyZXMpOwogICAgIGRvbS0+YWxsb2NhdGUgPSBr ZXhlY19hbGxvY2F0ZTsKIAorICAgIC8qIFdlIGFyZSB1c2luZyBndWVzdCBv d25lZCBtZW1vcnksIHRoZXJlZm9yZSBubyBsaW1pdHMuICovCisgICAgeGNf ZG9tX2tlcm5lbF9tYXhfc2l6ZShkb20sIDApOworICAgIHhjX2RvbV9yYW1k aXNrX21heF9zaXplKGRvbSwgMCk7CisKICAgICBkb20tPmtlcm5lbF9ibG9i ID0ga2VybmVsOwogICAgIGRvbS0+a2VybmVsX3NpemUgPSBrZXJuZWxfc2l6 ZTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGMveGNfZG9tLmggYi90b29s cy9saWJ4Yy94Y19kb20uaAppbmRleCBlNzJmMDY2Li43MDQzZjk2IDEwMDY0 NAotLS0gYS90b29scy9saWJ4Yy94Y19kb20uaAorKysgYi90b29scy9saWJ4 Yy94Y19kb20uaApAQCAtNTIsNiArNTIsOSBAQCBzdHJ1Y3QgeGNfZG9tX2lt YWdlIHsKICAgICB2b2lkICpyYW1kaXNrX2Jsb2I7CiAgICAgc2l6ZV90IHJh bWRpc2tfc2l6ZTsKIAorICAgIHNpemVfdCBtYXhfa2VybmVsX3NpemU7Cisg ICAgc2l6ZV90IG1heF9yYW1kaXNrX3NpemU7CisKICAgICAvKiBhcmd1bWVu dHMgYW5kIHBhcmFtZXRlcnMgKi8KICAgICBjaGFyICpjbWRsaW5lOwogICAg IHVpbnQzMl90IGZfcmVxdWVzdGVkW1hFTkZFQVRfTlJfU1VCTUFQU107CkBA IC0xNzUsNiArMTc4LDIzIEBAIHZvaWQgeGNfZG9tX3JlbGVhc2VfcGh5cyhz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogdm9pZCB4Y19kb21fcmVsZWFz ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogaW50IHhjX2RvbV9tZW1f aW5pdChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHVuc2lnbmVkIGludCBt ZW1fbWIpOwogCisvKiBTZXQgdGhpcyBsYXJnZXIgaWYgeW91IGhhdmUgZW5v cm1vdXMgcmFtZGlza3Mva2VybmVscy4gTm90ZSB0aGF0CisgKiB5b3Ugc2hv dWxkIHRydXN0IGFsbCBrZXJuZWxzIG5vdCB0byBiZSBtYWxpY2lvdXNseSBs YXJnZSAoZS5nLiB0bworICogZXhoYXVzdCBhbGwgZG9tMCBtZW1vcnkpIGlm IHlvdSBkbyB0aGlzIChzZWUgQ1ZFLTIwMTItNDU0NCAvCisgKiBYU0EtMjUp LiBZb3UgY2FuIGFsc28gc2V0IHRoZSBkZWZhdWx0IGluZGVwZW5kZW50bHkg Zm9yCisgKiByYW1kaXNrcy9rZXJuZWxzIGluIHhjX2RvbV9hbGxvY2F0ZSgp IG9yIGNhbGwKKyAqIHhjX2RvbV97a2VybmVsLHJhbWRpc2t9X21heF9zaXpl LgorICovCisjaWZuZGVmIFhDX0RPTV9ERUNPTVBSRVNTX01BWAorI2RlZmlu ZSBYQ19ET01fREVDT01QUkVTU19NQVggKDEwMjQqMTAyNCoxMDI0KSAvKiAx R0IgKi8KKyNlbmRpZgorCitpbnQgeGNfZG9tX2tlcm5lbF9jaGVja19zaXpl KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4 Y19kb21fa2VybmVsX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRv bSwgc2l6ZV90IHN6KTsKKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3Np emUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworaW50 IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2Ug KmRvbSwgc2l6ZV90IHN6KTsKKwogc2l6ZV90IHhjX2RvbV9jaGVja19nemlw KHhjX2ludGVyZmFjZSAqeGNoLAogICAgICAgICAgICAgICAgICAgICAgdm9p ZCAqYmxvYiwgc2l6ZV90IHppcGxlbik7CiBpbnQgeGNfZG9tX2RvX2d1bnpp cCh4Y19pbnRlcmZhY2UgKnhjaCwKQEAgLTIyNCw3ICsyNDQsOCBAQCB2b2lk IHhjX2RvbV9sb2dfbWVtb3J5X2Zvb3RwcmludChzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20pOwogdm9pZCAqeGNfZG9tX21hbGxvYyhzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sIHNpemVfdCBzaXplKTsKIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpOwogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSk7Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5h bWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKTsKIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp OwogCiAvKiAtLS0gYWxsb2MgbWVtb3J5IHBvb2wgLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwpkaWZmIC0tZ2l0IGEv dG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYyBiL3Rvb2xzL2xp YnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMKaW5kZXggOTg1MmU2Ny4uNzNj ZmFkMSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vs b2FkZXIuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fYnppbWFnZWxvYWRl ci5jCkBAIC00NywxMyArNDcsMTkgQEAgc3RhdGljIGludCB4Y190cnlfYnpp cDJfZGVjb2RlKAogICAgIGNoYXIgKm91dF9idWY7CiAgICAgY2hhciAqdG1w X2J1ZjsKICAgICBpbnQgcmV0dmFsID0gLTE7Ci0gICAgaW50IG91dHNpemU7 CisgICAgdW5zaWduZWQgaW50IG91dHNpemU7CiAgICAgdWludDY0X3QgdG90 YWw7CiAKICAgICBzdHJlYW0uYnphbGxvYyA9IE5VTEw7CiAgICAgc3RyZWFt LmJ6ZnJlZSA9IE5VTEw7CiAgICAgc3RyZWFtLm9wYXF1ZSA9IE5VTEw7CiAK KyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IGlzIDAgc2l6ZSIpOworICAg ICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgcmV0ID0gQloyX2J6RGVj b21wcmVzc0luaXQoJnN0cmVhbSwgMCwgMCk7CiAgICAgaWYgKCByZXQgIT0g QlpfT0sgKQogICAgIHsKQEAgLTY2LDYgKzcyLDE3IEBAIHN0YXRpYyBpbnQg eGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVy IHRvIHN0YXJ0LCBhbmQgd2UnbGwgcmVhbGxvYyBhcyBuZWVkZWQuCiAgICAg ICovCiAgICAgb3V0c2l6ZSA9IGRvbS0+a2VybmVsX3NpemU7CisKKyAgICAv KgorICAgICAqIHN0cmVhbS5hdmFpbF9pbiBhbmQgb3V0c2l6ZSBhcmUgdW5z aWduZWQgaW50LCB3aGlsZSBrZXJuZWxfc2l6ZQorICAgICAqIGlzIGEgc2l6 ZV90LiBDaGVjayB3ZSBhcmVuJ3Qgb3ZlcmZsb3dpbmcuCisgICAgICovCisg ICAgaWYgKCBvdXRzaXplICE9IGRvbS0+a2VybmVsX3NpemUgKQorICAgIHsK KyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgdG9vIGxhcmdlIik7 CisgICAgICAgIGdvdG8gYnppcDJfY2xlYW51cDsKKyAgICB9CisKICAgICBv dXRfYnVmID0gbWFsbG9jKG91dHNpemUpOwogICAgIGlmICggb3V0X2J1ZiA9 PSBOVUxMICkKICAgICB7CkBAIC05OCwxMyArMTE1LDIwIEBAIHN0YXRpYyBp bnQgeGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0u YXZhaWxfb3V0ID09IDAgKQogICAgICAgICB7CiAgICAgICAgICAgICAvKiBQ cm90ZWN0IGFnYWluc3Qgb3V0cHV0IGJ1ZmZlciBvdmVyZmxvdyAqLwotICAg ICAgICAgICAgaWYgKCBvdXRzaXplID4gSU5UX01BWCAvIDIgKQorICAgICAg ICAgICAgaWYgKCBvdXRzaXplID4gVUlOVF9NQVggLyAyICkKICAgICAgICAg ICAgIHsKICAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJlZShv dXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7 CiAgICAgICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAg ICAgIHsKKyAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgdG9vIGxhcmdlIik7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVm KTsKKyAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTE3Miw5ICsxOTYsMTUg QEAgc3RhdGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgdW5zaWdu ZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBjaGFyICp0bXBfYnVm OwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQgb3V0c2l6ZTsKKyAg ICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFyICptc2c7CiAKKyAg ICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAgICAg IERPTVBSSU5URigiTFpNQTogSW5wdXQgaXMgMCBzaXplIik7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQgPSBsem1hX2Fsb25lX2Rl Y29kZXIoJnN0cmVhbSwgMTI4KjEwMjQqMTAyNCk7CiAgICAgaWYgKCByZXQg IT0gTFpNQV9PSyApCiAgICAgewpAQCAtMjUxLDEzICsyODEsMjAgQEAgc3Rh dGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICggc3Ry ZWFtLmF2YWlsX291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAg LyogUHJvdGVjdCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8K LSAgICAgICAgICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAg ICAgICAgICAgIGlmICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAg ICAgICAgICB7CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJMWk1BOiBv dXRwdXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJl ZShvdXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51 cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYgKCB4Y19kb21f a2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikgKQorICAgICAg ICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigiTFpNQTogb3V0 cHV0IHRvbyBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTMyNyw2ICszNjQsMTIg QEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2RlKAogICAgICAgICAw eDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBkLCAweDBhLCAweDFh LCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICogbHpvX3VpbnQgc2hv dWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlzIGlzIHRoZSBjYXNl IHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVyZmxvdyB2YXJpb3Vz IGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBYQ19CVUlMRF9CVUdf T04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6ZV90KSk7CisKICAg ICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0ICE9IExaT19FX09L ICkKICAgICB7CkBAIC00MDYsNiArNDQ5LDE0IEBAIHN0YXRpYyBpbnQgeGNf dHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBzcmNfbGVuIDw9IDAg fHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+IGxlZnQgKQogICAg ICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0gIk91dHB1dCBidWZm ZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXplID4gU0laRV9NQVgg LSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOworCisgICAgICAgIG1z ZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdlIjsKKyAgICAgICAg aWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCAqc2l6ZSArIGRz dF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAgICAgICAgIG1zZyA9 ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAgICAgICAgIHRtcF9i dWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0X2xlbik7CiAgICAg ICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCmluZGV4IGZlYTlkZTUuLjJhMDFkN2MgMTAwNjQ0Ci0tLSBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9t X2NvcmUuYwpAQCAtMTU5LDcgKzE1OSw4IEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUp CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmls ZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAgIHN0cnVjdCB4 Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZkID0gLTE7CkBA IC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1h cChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCiAgICAgbHNlZWsoZmQsIDAs IFNFRUtfU0VUKTsKICAgICAqc2l6ZSA9IGxzZWVrKGZkLCAwLCBTRUVLX0VO RCk7CiAKKyAgICBpZiAoIG1heF9zaXplICYmICpzaXplID4gbWF4X3NpemUg KQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNoLCBYQ19P VVRfT0ZfTUVNT1JZLAorICAgICAgICAgICAgICAgICAgICAgInRyaWVkIHRv IG1hcCBmaWxlIHdoaWNoIGlzIHRvbyBsYXJnZSIpOworICAgICAgICBnb3Rv IGVycjsKKyAgICB9CisKICAgICBibG9jayA9IG1hbGxvYyhzaXplb2YoKmJs b2NrKSk7CiAgICAgaWYgKCBibG9jayA9PSBOVUxMICkKICAgICAgICAgZ290 byBlcnI7CkBAIC0yMjIsNiArMjMwLDQwIEBAIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp CiB9CiAKIC8qIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLworLyog ZGVjb21wcmVzc2lvbiBidWZmZXIgc2l6aW5nICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICovCitpbnQgeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHN6KQoreworICAgIC8qIE5vIGxpbWl0ICovCisgICAgaWYgKCAhZG9t LT5tYXhfa2VybmVsX3NpemUgKQorICAgICAgICByZXR1cm4gMDsKKworICAg IGlmICggc3ogPiBkb20tPm1heF9rZXJuZWxfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgImtlcm5lbCBpbWFnZSB0b28gbGFy Z2UiKTsKKyAgICAgICAgcmV0dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJu IDA7Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIC8qIE5v IGxpbWl0ICovCisgICAgaWYgKCAhZG9tLT5tYXhfcmFtZGlza19zaXplICkK KyAgICAgICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhf cmFtZGlza19zaXplICkKKyAgICB7CisgICAgICAgIHhjX2RvbV9wYW5pYyhk b20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisgICAgICAgICAgICAgICAg ICAgICAicmFtZGlzayBpbWFnZSB0b28gbGFyZ2UiKTsKKyAgICAgICAgcmV0 dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9CisKKy8qIC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwogLyogcmVhZCBmaWxlcywgY29w eSBtZW1vcnkgYmxvY2tzLCB3aXRoIHRyYW5zcGFyZW50IGd1bnppcCAgICAg ICAgICAgICAgICAgICovCiAKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4 Y19pbnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikK QEAgLTIzNSw3ICsyNzcsNyBAQCBzaXplX3QgeGNfZG9tX2NoZWNrX2d6aXAo eGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJsb2IsIHNpemVfdCB6aXBsZW4p CiAKICAgICBnemxlbiA9IGJsb2IgKyB6aXBsZW4gLSA0OwogICAgIHVuemlw bGVuID0gZ3psZW5bM10gPDwgMjQgfCBnemxlblsyXSA8PCAxNiB8IGd6bGVu WzFdIDw8IDggfCBnemxlblswXTsKLSAgICBpZiAoICh1bnppcGxlbiA8IDAp IHx8ICh1bnppcGxlbiA+ICgxMDI0KjEwMjQqMTAyNCkpICkgLyogMUdCIGxp bWl0ICovCisgICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBsZW4g PiBYQ19ET01fREVDT01QUkVTU19NQVgpICkKICAgICB7CiAgICAgICAgIHhj X2RvbV9wcmludGYKICAgICAgICAgICAgICh4Y2gsCkBAIC0yODgsNiArMzMw LDkgQEAgaW50IHhjX2RvbV90cnlfZ3VuemlwKHN0cnVjdCB4Y19kb21faW1h Z2UgKmRvbSwgdm9pZCAqKmJsb2IsIHNpemVfdCAqIHNpemUpCiAgICAgaWYg KCB1bnppcGxlbiA9PSAwICkKICAgICAgICAgcmV0dXJuIDA7CiAKKyAgICBp ZiAoIHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAp CisgICAgICAgIHJldHVybiAwOworCiAgICAgdW56aXAgPSB4Y19kb21fbWFs bG9jKGRvbSwgdW56aXBsZW4pOwogICAgIGlmICggdW56aXAgPT0gTlVMTCAp CiAgICAgICAgIHJldHVybiAtMTsKQEAgLTU4OCw2ICs2MzMsOSBAQCBzdHJ1 Y3QgeGNfZG9tX2ltYWdlICp4Y19kb21fYWxsb2NhdGUoeGNfaW50ZXJmYWNl ICp4Y2gsCiAgICAgbWVtc2V0KGRvbSwgMCwgc2l6ZW9mKCpkb20pKTsKICAg ICBkb20tPnhjaCA9IHhjaDsKIAorICAgIGRvbS0+bWF4X2tlcm5lbF9zaXpl ID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworICAgIGRvbS0+bWF4X3JhbWRp c2tfc2l6ZSA9IFhDX0RPTV9ERUNPTVBSRVNTX01BWDsKKwogICAgIGlmICgg Y21kbGluZSApCiAgICAgICAgIGRvbS0+Y21kbGluZSA9IHhjX2RvbV9zdHJk dXAoZG9tLCBjbWRsaW5lKTsKICAgICBpZiAoIGZlYXR1cmVzICkKQEAgLTYw OCwxMCArNjU2LDI1IEBAIHN0cnVjdCB4Y19kb21faW1hZ2UgKnhjX2RvbV9h bGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhjaCwKICAgICByZXR1cm4gTlVMTDsK IH0KIAoraW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgRE9NUFJJTlRGKCIl czoga2VybmVsX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3opOwor ICAgIGRvbS0+bWF4X2tlcm5lbF9zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYo IiVzOiByYW1kaXNrX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3op OworICAgIGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSA9IHN6OworICAgIHJldHVy biAwOworfQorCiBpbnQgeGNfZG9tX2tlcm5lbF9maWxlKHN0cnVjdCB4Y19k b21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqZmlsZW5hbWUpCiB7CiAgICAg RE9NUFJJTlRGKCIlczogZmlsZW5hbWU9XCIlc1wiIiwgX19GVU5DVElPTl9f LCBmaWxlbmFtZSk7Ci0gICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9t YWxsb2NfZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6 ZSk7CisgICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9tYWxsb2NfZmls ZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6ZSwKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvbS0+ bWF4X2tlcm5lbF9zaXplKTsKICAgICBpZiAoIGRvbS0+a2VybmVsX2Jsb2Ig PT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKICAgICByZXR1cm4geGNf ZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5rZXJuZWxfYmxvYiwgJmRvbS0+ a2VybmVsX3NpemUpOwpAQCAtNjIxLDcgKzY4NCw5IEBAIGludCB4Y19kb21f cmFtZGlza19maWxlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3Qg Y2hhciAqZmlsZW5hbWUpCiB7CiAgICAgRE9NUFJJTlRGKCIlczogZmlsZW5h bWU9XCIlc1wiIiwgX19GVU5DVElPTl9fLCBmaWxlbmFtZSk7CiAgICAgZG9t LT5yYW1kaXNrX2Jsb2IgPQotICAgICAgICB4Y19kb21fbWFsbG9jX2ZpbGVt YXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFtZGlza19zaXplKTsKKyAgICAg ICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20t PnJhbWRpc2tfc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSk7CisKICAgICBpZiAoIGRvbS0+cmFt ZGlza19ibG9iID09IE5VTEwgKQogICAgICAgICByZXR1cm4gLTE7CiAvLyAg ICByZXR1cm4geGNfZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5yYW1kaXNr X2Jsb2IsICZkb20tPnJhbWRpc2tfc2l6ZSk7CkBAIC03ODEsNyArODQ2LDEx IEBAIGludCB4Y19kb21fYnVpbGRfaW1hZ2Uoc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tKQogICAgICAgICB2b2lkICpyYW1kaXNrbWFwOwogCiAgICAgICAg IHVuemlwbGVuID0geGNfZG9tX2NoZWNrX2d6aXAoZG9tLT54Y2gsIGRvbS0+ cmFtZGlza19ibG9iLCBkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIGlm ICggeGNfZG9tX3JhbWRpc2tfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAh PSAwICkKKyAgICAgICAgICAgIHVuemlwbGVuID0gMDsKKwogICAgICAgICBy YW1kaXNrbGVuID0gdW56aXBsZW4gPyB1bnppcGxlbiA6IGRvbS0+cmFtZGlz a19zaXplOworCiAgICAgICAgIGlmICggeGNfZG9tX2FsbG9jX3NlZ21lbnQo ZG9tLCAmZG9tLT5yYW1kaXNrX3NlZywgInJhbWRpc2siLCAwLAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJhbWRpc2tsZW4pICE9IDAg KQogICAgICAgICAgICAgZ290byBlcnI7CmRpZmYgLS1naXQgYS90b29scy9w eWdydWIvc3JjL3B5Z3J1YiBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCmlu ZGV4IDE3YzAwODMuLjFhM2MxYzMgMTAwNjQ0Ci0tLSBhL3Rvb2xzL3B5Z3J1 Yi9zcmMvcHlncnViCisrKyBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCkBA IC0yOCw2ICsyOCw3IEBAIGltcG9ydCBncnViLkxpbG9Db25mCiBpbXBvcnQg Z3J1Yi5FeHRMaW51eENvbmYKIAogUFlHUlVCX1ZFUiA9IDAuNgorRlNfUkVB RF9NQVggPSAxMDI0ICogMTAyNAogCiBkZWYgZW5hYmxlX2N1cnNvcihpc29u KToKICAgICBpZiBpc29uOgpAQCAtNDIxLDcgKzQyMiw4IEBAIGNsYXNzIEdy dWI6CiAgICAgICAgIGlmIHNlbGYuX19kaWN0X18uZ2V0KCdjZicsIE5vbmUp IGlzIE5vbmU6CiAgICAgICAgICAgICByYWlzZSBSdW50aW1lRXJyb3IsICJj b3VsZG4ndCBmaW5kIGJvb3Rsb2FkZXIgY29uZmlnIGZpbGUgaW4gdGhlIGlt YWdlIHByb3ZpZGVkLiIKICAgICAgICAgZiA9IGZzLm9wZW5fZmlsZShzZWxm LmNmLmZpbGVuYW1lKQotICAgICAgICBidWYgPSBmLnJlYWQoKQorICAgICAg ICAjIGxpbWl0IHJlYWQgc2l6ZSB0byBhdm9pZCBwYXRob2xvZ2ljYWwgY2Fz ZXMKKyAgICAgICAgYnVmID0gZi5yZWFkKEZTX1JFQURfTUFYKQogICAgICAg ICBkZWwgZgogICAgICAgICBzZWxmLmNmLnBhcnNlKGJ1ZikKIApAQCAtNjcw LDYgKzY3MiwzNyBAQCBpZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAg IGRlZiB1c2FnZSgpOgogICAgICAgICBwcmludCA+PiBzeXMuc3RkZXJyLCAi VXNhZ2U6ICVzIFstcXwtLXF1aWV0XSBbLWl8LS1pbnRlcmFjdGl2ZV0gWy1u fC0tbm90LXJlYWxseV0gWy0tb3V0cHV0PV0gWy0ta2VybmVsPV0gWy0tcmFt ZGlzaz1dIFstLWFyZ3M9XSBbLS1lbnRyeT1dIFstLW91dHB1dC1kaXJlY3Rv cnk9XSBbLS1vdXRwdXQtZm9ybWF0PXN4cHxzaW1wbGV8c2ltcGxlMF0gPGlt YWdlPiIgJShzeXMuYXJndlswXSwpCiAKKyAgICBkZWYgY29weV9mcm9tX2lt YWdlKGZzLCBmaWxlX3RvX3JlYWQsIGZpbGVfdHlwZSwgb3V0cHV0X2RpcmVj dG9yeSwKKyAgICAgICAgICAgICAgICAgICAgICAgIG5vdF9yZWFsbHkpOgor ICAgICAgICBpZiBub3RfcmVhbGx5OgorICAgICAgICAgICAgaWYgZnMuZmls ZV9leGlzdHMoZmlsZV90b19yZWFkKToKKyAgICAgICAgICAgICAgICByZXR1 cm4gIjwlczolcz4iICUgKGZpbGVfdHlwZSwgZmlsZV90b19yZWFkKQorICAg ICAgICAgICAgZWxzZToKKyAgICAgICAgICAgICAgICBzeXMuZXhpdCgiVGhl IHJlcXVlc3RlZCAlcyBmaWxlIGRvZXMgbm90IGV4aXN0IiAlIGZpbGVfdHlw ZSkKKyAgICAgICAgdHJ5OgorICAgICAgICAgICAgZGF0YWZpbGUgPSBmcy5v cGVuX2ZpbGUoZmlsZV90b19yZWFkKQorICAgICAgICBleGNlcHQgRXhjZXB0 aW9uLCBlOgorICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBlCisg ICAgICAgICAgICBzeXMuZXhpdCgiRXJyb3Igb3BlbmluZyAlcyBpbiBndWVz dCIgJSBmaWxlX3RvX3JlYWQpCisgICAgICAgICh0ZmQsIHJldCkgPSB0ZW1w ZmlsZS5ta3N0ZW1wKHByZWZpeD0iYm9vdF8iK2ZpbGVfdHlwZSsiLiIsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRpcj1vdXRw dXRfZGlyZWN0b3J5KQorICAgICAgICBkYXRhb2ZmID0gMAorICAgICAgICB3 aGlsZSBUcnVlOgorICAgICAgICAgICAgZGF0YSA9IGRhdGFmaWxlLnJlYWQo RlNfUkVBRF9NQVgsIGRhdGFvZmYpCisgICAgICAgICAgICBpZiBsZW4oZGF0 YSkgPT0gMDoKKyAgICAgICAgICAgICAgICBvcy5jbG9zZSh0ZmQpCisgICAg ICAgICAgICAgICAgZGVsIGRhdGFmaWxlCisgICAgICAgICAgICAgICAgcmV0 dXJuIHJldAorICAgICAgICAgICAgdHJ5OgorICAgICAgICAgICAgICAgIG9z LndyaXRlKHRmZCwgZGF0YSkKKyAgICAgICAgICAgIGV4Y2VwdCBFeGNlcHRp b24sIGU6CisgICAgICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBl CisgICAgICAgICAgICAgICAgb3MuY2xvc2UodGZkKQorICAgICAgICAgICAg ICAgIG9zLnVubGluayhyZXQpCisgICAgICAgICAgICAgICAgZGVsIGRhdGFm aWxlCisgICAgICAgICAgICAgICAgc3lzLmV4aXQoIkVycm9yIHdyaXRpbmcg dGVtcG9yYXJ5IGNvcHkgb2YgIitmaWxlX3R5cGUpCisgICAgICAgICAgICBk YXRhb2ZmICs9IGxlbihkYXRhKQorCiAgICAgdHJ5OgogICAgICAgICBvcHRz LCBhcmdzID0gZ2V0b3B0LmdudV9nZXRvcHQoc3lzLmFyZ3ZbMTpdLCAncWlu aDo6JywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWyJx dWlldCIsICJpbnRlcmFjdGl2ZSIsICJub3QtcmVhbGx5IiwgImhlbHAiLCAK QEAgLTc4NiwyNCArODE5LDE4IEBAIGlmIF9fbmFtZV9fID09ICJfX21haW5f XyI6CiAgICAgaWYgbm90IGZzOgogICAgICAgICByYWlzZSBSdW50aW1lRXJy b3IsICJVbmFibGUgdG8gZmluZCBwYXJ0aXRpb24gY29udGFpbmluZyBrZXJu ZWwiCiAKLSAgICBpZiBub3RfcmVhbGx5OgotICAgICAgICBib290Y2ZnWyJr ZXJuZWwiXSA9ICI8a2VybmVsOiVzPiIgJSBjaG9zZW5jZmdbImtlcm5lbCJd Ci0gICAgZWxzZToKLSAgICAgICAgZGF0YSA9IGZzLm9wZW5fZmlsZShjaG9z ZW5jZmdbImtlcm5lbCJdKS5yZWFkKCkKLSAgICAgICAgKHRmZCwgYm9vdGNm Z1sia2VybmVsIl0pID0gdGVtcGZpbGUubWtzdGVtcChwcmVmaXg9ImJvb3Rf a2VybmVsLiIsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgZGlyPW91dHB1dF9kaXJlY3RvcnkpCi0gICAg ICAgIG9zLndyaXRlKHRmZCwgZGF0YSkKLSAgICAgICAgb3MuY2xvc2UodGZk KQorICAgIGJvb3RjZmdbImtlcm5lbCJdID0gY29weV9mcm9tX2ltYWdlKGZz LCBjaG9zZW5jZmdbImtlcm5lbCJdLCAia2VybmVsIiwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvdXRwdXRfZGlyZWN0b3J5 LCBub3RfcmVhbGx5KQogCiAgICAgaWYgY2hvc2VuY2ZnWyJyYW1kaXNrIl06 Ci0gICAgICAgIGlmIG5vdF9yZWFsbHk6Ci0gICAgICAgICAgICBib290Y2Zn WyJyYW1kaXNrIl0gPSAiPHJhbWRpc2s6JXM+IiAlIGNob3NlbmNmZ1sicmFt ZGlzayJdCi0gICAgICAgIGVsc2U6Ci0gICAgICAgICAgICBkYXRhID0gZnMu b3Blbl9maWxlKGNob3NlbmNmZ1sicmFtZGlzayJdLCkucmVhZCgpCi0gICAg ICAgICAgICAodGZkLCBib290Y2ZnWyJyYW1kaXNrIl0pID0gdGVtcGZpbGUu bWtzdGVtcCgKLSAgICAgICAgICAgICAgICBwcmVmaXg9ImJvb3RfcmFtZGlz ay4iLCBkaXI9b3V0cHV0X2RpcmVjdG9yeSkKLSAgICAgICAgICAgIG9zLndy aXRlKHRmZCwgZGF0YSkKLSAgICAgICAgICAgIG9zLmNsb3NlKHRmZCkKKyAg ICAgICAgdHJ5OgorICAgICAgICAgICAgYm9vdGNmZ1sicmFtZGlzayJdID0g Y29weV9mcm9tX2ltYWdlKGZzLCBjaG9zZW5jZmdbInJhbWRpc2siXSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAicmFtZGlzayIsIG91dHB1dF9kaXJlY3RvcnksCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbm90X3JlYWxs eSkKKyAgICAgICAgZXhjZXB0OgorICAgICAgICAgICAgaWYgbm90IG5vdF9y ZWFsbHk6CisgICAgICAgICAgICAgICAgb3MudW5saW5rKGJvb3RjZmdbImtl cm5lbCJdKQorICAgICAgICAgICAgcmFpc2UKICAgICBlbHNlOgogICAgICAg ICBpbml0cmQgPSBOb25lCiAK --=separator Content-Type: application/octet-stream; name="xsa25-4.2.patch" Content-Disposition: attachment; filename="xsa25-4.2.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtLWdpdCBh L3N0dWJkb20vZ3J1Yi9rZXhlYy5jIGIvc3R1YmRvbS9ncnViL2tleGVjLmMK aW5kZXggMDZiZWY1Mi4uYjIxYzkxYSAxMDA2NDQKLS0tIGEvc3R1YmRvbS9n cnViL2tleGVjLmMKKysrIGIvc3R1YmRvbS9ncnViL2tleGVjLmMKQEAgLTEz Nyw2ICsxMzcsMTAgQEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcg a2VybmVsX3NpemUsIHZvaWQgKm1vZHVsZSwgbG9uZyBtb2R1bGVfc2l6ZSwg Y2hhcgogICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNt ZGxpbmUsIGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNf YWxsb2NhdGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQg bWVtb3J5LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9r ZXJuZWxfbWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19t YXhfc2l6ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtl cm5lbDsKICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAK ZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oIGIvdG9vbHMvbGli eGMveGNfZG9tLmgKaW5kZXggMmFlZjY0YS4uNmE3MmFhOSAxMDA2NDQKLS0t IGEvdG9vbHMvbGlieGMveGNfZG9tLmgKKysrIGIvdG9vbHMvbGlieGMveGNf ZG9tLmgKQEAgLTU1LDYgKzU1LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7 CiAgICAgdm9pZCAqcmFtZGlza19ibG9iOwogICAgIHNpemVfdCByYW1kaXNr X3NpemU7CiAKKyAgICBzaXplX3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNp emVfdCBtYXhfcmFtZGlza19zaXplOworCiAgICAgLyogYXJndW1lbnRzIGFu ZCBwYXJhbWV0ZXJzICovCiAgICAgY2hhciAqY21kbGluZTsKICAgICB1aW50 MzJfdCBmX3JlcXVlc3RlZFtYRU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTgw LDYgKzE4MywyMyBAQCB2b2lkIHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0 IHhjX2RvbV9pbWFnZSAqZG9tKTsKIHZvaWQgeGNfZG9tX3JlbGVhc2Uoc3Ry dWN0IHhjX2RvbV9pbWFnZSAqZG9tKTsKIGludCB4Y19kb21fbWVtX2luaXQo c3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCB1bnNpZ25lZCBpbnQgbWVtX21i KTsKIAorLyogU2V0IHRoaXMgbGFyZ2VyIGlmIHlvdSBoYXZlIGVub3Jtb3Vz IHJhbWRpc2tzL2tlcm5lbHMuIE5vdGUgdGhhdAorICogeW91IHNob3VsZCB0 cnVzdCBhbGwga2VybmVscyBub3QgdG8gYmUgbWFsaWNpb3VzbHkgbGFyZ2Ug KGUuZy4gdG8KKyAqIGV4aGF1c3QgYWxsIGRvbTAgbWVtb3J5KSBpZiB5b3Ug ZG8gdGhpcyAoc2VlIENWRS0yMDEyLTQ1NDQgLworICogWFNBLTI1KS4gWW91 IGNhbiBhbHNvIHNldCB0aGUgZGVmYXVsdCBpbmRlcGVuZGVudGx5IGZvcgor ICogcmFtZGlza3Mva2VybmVscyBpbiB4Y19kb21fYWxsb2NhdGUoKSBvciBj YWxsCisgKiB4Y19kb21fe2tlcm5lbCxyYW1kaXNrfV9tYXhfc2l6ZS4KKyAq LworI2lmbmRlZiBYQ19ET01fREVDT01QUkVTU19NQVgKKyNkZWZpbmUgWENf RE9NX0RFQ09NUFJFU1NfTUFYICgxMDI0KjEwMjQqMTAyNCkgLyogMUdCICov CisjZW5kaWYKKworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1 Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeik7CitpbnQgeGNfZG9t X2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNp emVfdCBzeik7CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4Y19k b21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20s IHNpemVfdCBzeik7CisKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwKICAgICAgICAgICAgICAgICAgICAgIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pOwogaW50IHhjX2RvbV9kb19ndW56aXAoeGNf aW50ZXJmYWNlICp4Y2gsCkBAIC0yNDAsNyArMjYwLDggQEAgdm9pZCB4Y19k b21fbG9nX21lbW9yeV9mb290cHJpbnQoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBz aXplKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBz aXplX3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNv bnN0IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAog LyogLS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMgYi90b29scy9saWJ4Yy94 Y19kb21fYnppbWFnZWxvYWRlci5jCmluZGV4IDExM2Q0MGYuLmIxYjJlYjAg MTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVy LmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwpA QCAtNDcsMTMgKzQ3LDE5IEBAIHN0YXRpYyBpbnQgeGNfdHJ5X2J6aXAyX2Rl Y29kZSgKICAgICBjaGFyICpvdXRfYnVmOwogICAgIGNoYXIgKnRtcF9idWY7 CiAgICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAg IHVuc2lnbmVkIGludCBvdXRzaXplOwogICAgIHVpbnQ2NF90IHRvdGFsOwog CiAgICAgc3RyZWFtLmJ6YWxsb2MgPSBOVUxMOwogICAgIHN0cmVhbS5iemZy ZWUgPSBOVUxMOwogICAgIHN0cmVhbS5vcGFxdWUgPSBOVUxMOwogCisgICAg aWYgKCBkb20tPmtlcm5lbF9zaXplID09IDApCisgICAgeworICAgICAgICBE T01QUklOVEYoIkJaSVAyOiBJbnB1dCBpcyAwIHNpemUiKTsKKyAgICAgICAg cmV0dXJuIC0xOworICAgIH0KKwogICAgIHJldCA9IEJaMl9iekRlY29tcHJl c3NJbml0KCZzdHJlYW0sIDAsIDApOwogICAgIGlmICggcmV0ICE9IEJaX09L ICkKICAgICB7CkBAIC02Niw2ICs3MiwxNyBAQCBzdGF0aWMgaW50IHhjX3Ry eV9iemlwMl9kZWNvZGUoCiAgICAgICogdGhlIGlucHV0IGJ1ZmZlciB0byBz dGFydCwgYW5kIHdlJ2xsIHJlYWxsb2MgYXMgbmVlZGVkLgogICAgICAqLwog ICAgIG91dHNpemUgPSBkb20tPmtlcm5lbF9zaXplOworCisgICAgLyoKKyAg ICAgKiBzdHJlYW0uYXZhaWxfaW4gYW5kIG91dHNpemUgYXJlIHVuc2lnbmVk IGludCwgd2hpbGUga2VybmVsX3NpemUKKyAgICAgKiBpcyBhIHNpemVfdC4g Q2hlY2sgd2UgYXJlbid0IG92ZXJmbG93aW5nLgorICAgICAqLworICAgIGlm ICggb3V0c2l6ZSAhPSBkb20tPmtlcm5lbF9zaXplICkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IHRvbyBsYXJnZSIpOworICAg ICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAgfQorCiAgICAgb3V0X2J1 ZiA9IG1hbGxvYyhvdXRzaXplKTsKICAgICBpZiAoIG91dF9idWYgPT0gTlVM TCApCiAgICAgewpAQCAtOTgsMTMgKzExNSwyMCBAQCBzdGF0aWMgaW50IHhj X3RyeV9iemlwMl9kZWNvZGUoCiAgICAgICAgIGlmICggc3RyZWFtLmF2YWls X291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVj dCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAg ICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IFVJTlRfTUFYIC8gMiApCiAgICAgICAgICAgICB7 CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IGJ1 ZmZlciBvdmVyZmxvdyIpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOwogICAg ICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAoIHhjX2RvbV9rZXJuZWxf Y2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSApCisgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IHRv byBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1Zik7Cisg ICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAgICAgICAg ICAgfQorCiAgICAgICAgICAgICB0bXBfYnVmID0gcmVhbGxvYyhvdXRfYnVm LCBvdXRzaXplICogMik7CiAgICAgICAgICAgICBpZiAoIHRtcF9idWYgPT0g TlVMTCApCiAgICAgICAgICAgICB7CkBAIC0xNzIsOSArMTk2LDE1IEBAIHN0 YXRpYyBpbnQgX3hjX3RyeV9sem1hX2RlY29kZSgKICAgICB1bnNpZ25lZCBj aGFyICpvdXRfYnVmOwogICAgIHVuc2lnbmVkIGNoYXIgKnRtcF9idWY7CiAg ICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAgIHNp emVfdCBvdXRzaXplOwogICAgIGNvbnN0IGNoYXIgKm1zZzsKIAorICAgIGlm ICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQorICAgIHsKKyAgICAgICAgRE9N UFJJTlRGKCIlczogSW5wdXQgaXMgMCBzaXplIiwgd2hhdCk7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICAvKiBzaWdoLiAgV2UgZG9uJ3Qg a25vdyB1cC1mcm9udCBob3cgbXVjaCBtZW1vcnkgd2UgYXJlIGdvaW5nIHRv IG5lZWQKICAgICAgKiBmb3IgdGhlIG91dHB1dCBidWZmZXIuICBBbGxvY2F0 ZSB0aGUgb3V0cHV0IGJ1ZmZlciB0byBiZSBlcXVhbAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KQEAgLTI0NCwxMyArMjc0LDIwIEBAIHN0YXRpYyBpbnQgX3hjX3Ry eV9sem1hX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0tPmF2YWlsX291 dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVjdCBh Z2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAgIGlm ICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIlczogb3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyIsIHdoYXQpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CiAgICAg ICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tlcm5lbF9j aGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAgICAgIHsK KyAgICAgICAgICAgICAgICBET01QUklOVEYoIiVzOiBvdXRwdXQgdG9vIGxh cmdlIiwgd2hhdCk7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVmKTsK KyAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51cDsKKyAgICAgICAg ICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9IHJlYWxsb2Mob3V0X2J1 Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAgaWYgKCB0bXBfYnVmID09 IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMzU5LDYgKzM5NiwxMiBAQCBz dGF0aWMgaW50IHhjX3RyeV9sem8xeF9kZWNvZGUoCiAgICAgICAgIDB4ODks IDB4NGMsIDB4NWEsIDB4NGYsIDB4MDAsIDB4MGQsIDB4MGEsIDB4MWEsIDB4 MGEKICAgICB9OwogCisgICAgLyoKKyAgICAgKiBsem9fdWludCBzaG91bGQg bWF0Y2ggc2l6ZV90LiBDaGVjayB0aGF0IHRoaXMgaXMgdGhlIGNhc2UgdG8g YmUKKyAgICAgKiBzdXJlIHdlIHdvbid0IG92ZXJmbG93IHZhcmlvdXMgbHpv X3VpbnQgZmllbGRzLgorICAgICAqLworICAgIFhDX0JVSUxEX0JVR19PTihz aXplb2YobHpvX3VpbnQpICE9IHNpemVvZihzaXplX3QpKTsKKwogICAgIHJl dCA9IGx6b19pbml0KCk7CiAgICAgaWYgKCByZXQgIT0gTFpPX0VfT0sgKQog ICAgIHsKQEAgLTQzOCw2ICs0ODEsMTQgQEAgc3RhdGljIGludCB4Y190cnlf bHpvMXhfZGVjb2RlKAogICAgICAgICBpZiAoIHNyY19sZW4gPD0gMCB8fCBz cmNfbGVuID4gZHN0X2xlbiB8fCBzcmNfbGVuID4gbGVmdCApCiAgICAgICAg ICAgICBicmVhazsKIAorICAgICAgICBtc2cgPSAiT3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyI7CisgICAgICAgIGlmICggKnNpemUgPiBTSVpFX01BWCAtIGRz dF9sZW4gKQorICAgICAgICAgICAgYnJlYWs7CisKKyAgICAgICAgbXNnID0g IkRlY29tcHJlc3NlZCBpbWFnZSB0b28gbGFyZ2UiOworICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sICpzaXplICsgZHN0X2xl bikgKQorICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAgbXNnID0gIkZh aWxlZCB0byAocmUpYWxsb2MgbWVtb3J5IjsKICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1ZiwgKnNpemUgKyBkc3RfbGVuKTsKICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQpkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYyBiL3Rvb2xzL2xpYnhjL3hjX2RvbV9jb3JlLmMK aW5kZXggZmVhOWRlNS4uMmEwMWQ3YyAxMDA2NDQKLS0tIGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCkBAIC0xNTksNyArMTU5LDggQEAgdm9pZCAqeGNfZG9tX21hbGxvY19w YWdlX2FsaWduZWQoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c2l6ZSkKIH0KIAogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSkKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFyICpmaWxlbmFt ZSwgc2l6ZV90ICogc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb25zdCBzaXplX3QgbWF4X3NpemUpCiB7CiAgICAgc3RydWN0IHhjX2Rv bV9tZW0gKmJsb2NrID0gTlVMTDsKICAgICBpbnQgZmQgPSAtMTsKQEAgLTE3 MSw2ICsxNzIsMTMgQEAgdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwKICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIGNvbnN0IGNoYXIgKnN0cikKIH0K IAogLyogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tICovCisvKiBkZWNv bXByZXNzaW9uIGJ1ZmZlciBzaXppbmcgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKi8KK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opCit7CisgICAgLyogTm8gbGltaXQgKi8KKyAgICBpZiAoICFkb20tPm1h eF9rZXJuZWxfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAgaWYg KCBzeiA+IGRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICB7CisgICAgICAg IHhjX2RvbV9wYW5pYyhkb20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisg ICAgICAgICAgICAgICAgICAgICAia2VybmVsIGltYWdlIHRvbyBsYXJnZSIp OworICAgICAgICByZXR1cm4gMTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsK K30KKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgLyogTm8gbGlt aXQgKi8KKyAgICBpZiAoICFkb20tPm1heF9yYW1kaXNrX3NpemUgKQorICAg ICAgICByZXR1cm4gMDsKKworICAgIGlmICggc3ogPiBkb20tPm1heF9yYW1k aXNrX3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+ eGNoLCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAg ICJyYW1kaXNrIGltYWdlIHRvbyBsYXJnZSIpOworICAgICAgICByZXR1cm4g MTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKworLyogLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tICovCiAvKiByZWFkIGZpbGVzLCBjb3B5IG1l bW9yeSBibG9ja3MsIHdpdGggdHJhbnNwYXJlbnQgZ3VuemlwICAgICAgICAg ICAgICAgICAgKi8KIAogc2l6ZV90IHhjX2RvbV9jaGVja19nemlwKHhjX2lu dGVyZmFjZSAqeGNoLCB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKQpAQCAt MjM1LDcgKzI3Nyw3IEBAIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikKIAog ICAgIGd6bGVuID0gYmxvYiArIHppcGxlbiAtIDQ7CiAgICAgdW56aXBsZW4g PSBnemxlblszXSA8PCAyNCB8IGd6bGVuWzJdIDw8IDE2IHwgZ3psZW5bMV0g PDwgOCB8IGd6bGVuWzBdOwotICAgIGlmICggKHVuemlwbGVuIDwgMCkgfHwg KHVuemlwbGVuID4gKDEwMjQqMTAyNCoxMDI0KSkgKSAvKiAxR0IgbGltaXQg Ki8KKyAgICBpZiAoICh1bnppcGxlbiA8IDApIHx8ICh1bnppcGxlbiA+IFhD X0RPTV9ERUNPTVBSRVNTX01BWCkgKQogICAgIHsKICAgICAgICAgeGNfZG9t X3ByaW50ZgogICAgICAgICAgICAgKHhjaCwKQEAgLTI4OCw2ICszMzAsOSBA QCBpbnQgeGNfZG9tX3RyeV9ndW56aXAoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCB2b2lkICoqYmxvYiwgc2l6ZV90ICogc2l6ZSkKICAgICBpZiAoIHVu emlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlmICgg eGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkKKyAg ICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxsb2Mo ZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkKICAg ICAgICAgcmV0dXJuIC0xOwpAQCAtNTg4LDYgKzYzMyw5IEBAIHN0cnVjdCB4 Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhj aCwKICAgICBtZW1zZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRv bS0+eGNoID0geGNoOwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBY Q19ET01fREVDT01QUkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19z aXplID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRs aW5lICkKICAgICAgICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChk b20sIGNtZGxpbmUpOwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjA4LDEw ICs2NTYsMjUgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9j YXRlKHhjX2ludGVyZmFjZSAqeGNoLAogICAgIHJldHVybiBOVUxMOwogfQog CitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYoIiVzOiBr ZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7CisgICAg ZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsKKyAgICByZXR1cm4gMDsKK30K KworaW50IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21f aW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIERPTVBSSU5URigiJXM6 IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7Cisg ICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKIGludCB4Y19kb21fa2VybmVsX2ZpbGUoc3RydWN0IHhjX2RvbV9p bWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxlbmFtZSkKIHsKICAgICBET01Q UklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZp bGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxv Y19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplKTsK KyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxvY19maWxlbWFw KGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplLAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9tLT5tYXhf a2VybmVsX3NpemUpOwogICAgIGlmICggZG9tLT5rZXJuZWxfYmxvYiA9PSBO VUxMICkKICAgICAgICAgcmV0dXJuIC0xOwogICAgIHJldHVybiB4Y19kb21f dHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5lbF9ibG9iLCAmZG9tLT5rZXJu ZWxfc2l6ZSk7CkBAIC02MjEsNyArNjg0LDkgQEAgaW50IHhjX2RvbV9yYW1k aXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFy ICpmaWxlbmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1c IiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKICAgICBkb20tPnJh bWRpc2tfYmxvYiA9Ci0gICAgICAgIHhjX2RvbV9tYWxsb2NfZmlsZW1hcChk b20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUpOworICAgICAgICB4 Y19kb21fbWFsbG9jX2ZpbGVtYXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFt ZGlza19zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9t LT5tYXhfcmFtZGlza19zaXplKTsKKwogICAgIGlmICggZG9tLT5yYW1kaXNr X2Jsb2IgPT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKIC8vICAgIHJl dHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPnJhbWRpc2tfYmxv YiwgJmRvbS0+cmFtZGlza19zaXplKTsKQEAgLTc4MSw3ICs4NDYsMTEgQEAg aW50IHhjX2RvbV9idWlsZF9pbWFnZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpk b20pCiAgICAgICAgIHZvaWQgKnJhbWRpc2ttYXA7CiAKICAgICAgICAgdW56 aXBsZW4gPSB4Y19kb21fY2hlY2tfZ3ppcChkb20tPnhjaCwgZG9tLT5yYW1k aXNrX2Jsb2IsIGRvbS0+cmFtZGlza19zaXplKTsKKyAgICAgICAgaWYgKCB4 Y19kb21fcmFtZGlza19jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICE9IDAg KQorICAgICAgICAgICAgdW56aXBsZW4gPSAwOworCiAgICAgICAgIHJhbWRp c2tsZW4gPSB1bnppcGxlbiA/IHVuemlwbGVuIDogZG9tLT5yYW1kaXNrX3Np emU7CisKICAgICAgICAgaWYgKCB4Y19kb21fYWxsb2Nfc2VnbWVudChkb20s ICZkb20tPnJhbWRpc2tfc2VnLCAicmFtZGlzayIsIDAsCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgcmFtZGlza2xlbikgIT0gMCApCiAg ICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: application/octet-stream; name="xsa25-unstable.patch" Content-Disposition: attachment; filename="xsa25-unstable.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBiOWMx ZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHN0dWJkb20vZ3J1Yi9rZXhlYy5j Ci0tLSBhL3N0dWJkb20vZ3J1Yi9rZXhlYy5jCVdlZCBPY3QgMjQgMTU6NDk6 NDEgMjAxMiArMDEwMAorKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwlGcmkg T2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTEzNyw2ICsxMzcsMTAg QEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcga2VybmVsX3Npegog ICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNtZGxpbmUs IGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNfYWxsb2Nh dGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQgbWVtb3J5 LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9rZXJuZWxf bWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19tYXhfc2l6 ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtlcm5lbDsK ICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbS5oCi0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oCVdlZCBPY3QgMjQg MTU6NDk6NDEgMjAxMiArMDEwMAorKysgYi90b29scy9saWJ4Yy94Y19kb20u aAlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTU1LDYgKzU1 LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7CiAgICAgdm9pZCAqcmFtZGlz a19ibG9iOwogICAgIHNpemVfdCByYW1kaXNrX3NpemU7CiAKKyAgICBzaXpl X3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNpemVfdCBtYXhfcmFtZGlza19z aXplOworCiAgICAgLyogYXJndW1lbnRzIGFuZCBwYXJhbWV0ZXJzICovCiAg ICAgY2hhciAqY21kbGluZTsKICAgICB1aW50MzJfdCBmX3JlcXVlc3RlZFtY RU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTk0LDYgKzE5NywyMyBAQCB2b2lk IHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0IHhjX2RvbV9pCiB2b2lkIHhj X2RvbV9yZWxlYXNlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSk7CiBpbnQg eGNfZG9tX21lbV9pbml0KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgdW5z aWduZWQgaW50IG1lbV9tYik7CiAKKy8qIFNldCB0aGlzIGxhcmdlciBpZiB5 b3UgaGF2ZSBlbm9ybW91cyByYW1kaXNrcy9rZXJuZWxzLiBOb3RlIHRoYXQK KyAqIHlvdSBzaG91bGQgdHJ1c3QgYWxsIGtlcm5lbHMgbm90IHRvIGJlIG1h bGljaW91c2x5IGxhcmdlIChlLmcuIHRvCisgKiBleGhhdXN0IGFsbCBkb20w IG1lbW9yeSkgaWYgeW91IGRvIHRoaXMgKHNlZSBDVkUtMjAxMi00NTQ0IC8K KyAqIFhTQS0yNSkuIFlvdSBjYW4gYWxzbyBzZXQgdGhlIGRlZmF1bHQgaW5k ZXBlbmRlbnRseSBmb3IKKyAqIHJhbWRpc2tzL2tlcm5lbHMgaW4geGNfZG9t X2FsbG9jYXRlKCkgb3IgY2FsbAorICogeGNfZG9tX3trZXJuZWwscmFtZGlz a31fbWF4X3NpemUuCisgKi8KKyNpZm5kZWYgWENfRE9NX0RFQ09NUFJFU1Nf TUFYCisjZGVmaW5lIFhDX0RPTV9ERUNPTVBSRVNTX01BWCAoMTAyNCoxMDI0 KjEwMjQpIC8qIDFHQiAqLworI2VuZGlmCisKK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opOworaW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeik7CitpbnQgeGNfZG9tX3JhbWRpc2tfbWF4X3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCiBzaXplX3QgeGNfZG9t X2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsCiAgICAgICAgICAgICAg ICAgICAgICB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKTsKIGludCB4Y19k b21fZG9fZ3VuemlwKHhjX2ludGVyZmFjZSAqeGNoLApAQCAtMjU0LDcgKzI3 NCw4IEBAIHZvaWQgeGNfZG9tX2xvZ19tZW1vcnlfZm9vdHByaW50KHN0cnVj dCAKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3BhZ2Vf YWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzaXpl KTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgY29u c3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBzaXpl X3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0 IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAogLyog LS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtciBiOWMxZTA4NmQ5Yjcg LXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9h ZGVyLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIu YwlXZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMv bGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwlGcmkgT2N0IDI2IDA5OjE5 OjIyIDIwMTIgKzAxMDAKQEAgLTQ3LDEzICs0NywxOSBAQCBzdGF0aWMgaW50 IHhjX3RyeV9iemlwMl9kZWNvZGUoCiAgICAgY2hhciAqb3V0X2J1ZjsKICAg ICBjaGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBp bnQgb3V0c2l6ZTsKKyAgICB1bnNpZ25lZCBpbnQgb3V0c2l6ZTsKICAgICB1 aW50NjRfdCB0b3RhbDsKIAogICAgIHN0cmVhbS5iemFsbG9jID0gTlVMTDsK ICAgICBzdHJlYW0uYnpmcmVlID0gTlVMTDsKICAgICBzdHJlYW0ub3BhcXVl ID0gTlVMTDsKIAorICAgIGlmICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQor ICAgIHsKKyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgaXMgMCBz aXplIik7CisgICAgICAgIHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQg PSBCWjJfYnpEZWNvbXByZXNzSW5pdCgmc3RyZWFtLCAwLCAwKTsKICAgICBp ZiAoIHJldCAhPSBCWl9PSyApCiAgICAgewpAQCAtNjYsNiArNzIsMTcgQEAg c3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KICAgICAgKi8KICAgICBvdXRzaXplID0gZG9tLT5rZXJuZWxfc2l6 ZTsKKworICAgIC8qCisgICAgICogc3RyZWFtLmF2YWlsX2luIGFuZCBvdXRz aXplIGFyZSB1bnNpZ25lZCBpbnQsIHdoaWxlIGtlcm5lbF9zaXplCisgICAg ICogaXMgYSBzaXplX3QuIENoZWNrIHdlIGFyZW4ndCBvdmVyZmxvd2luZy4K KyAgICAgKi8KKyAgICBpZiAoIG91dHNpemUgIT0gZG9tLT5rZXJuZWxfc2l6 ZSApCisgICAgeworICAgICAgICBET01QUklOVEYoIkJaSVAyOiBJbnB1dCB0 b28gbGFyZ2UiKTsKKyAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAg IH0KKwogICAgIG91dF9idWYgPSBtYWxsb2Mob3V0c2l6ZSk7CiAgICAgaWYg KCBvdXRfYnVmID09IE5VTEwgKQogICAgIHsKQEAgLTk4LDEzICsxMTUsMjAg QEAgc3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAgICBp ZiAoIHN0cmVhbS5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAg ICAgICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJm bG93ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8g MiApCisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBVSU5UX01BWCAvIDIg KQogICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciKTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gYnpp cDJfY2xlYW51cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYg KCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikg KQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCB0b28gbGFyZ2UiKTsKKyAgICAgICAgICAgICAgICBm cmVlKG91dF9idWYpOworICAgICAgICAgICAgICAgIGdvdG8gYnppcDJfY2xl YW51cDsKKyAgICAgICAgICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMTcy LDkgKzE5NiwxNSBAQCBzdGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUo CiAgICAgdW5zaWduZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBj aGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQg b3V0c2l6ZTsKKyAgICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFy ICptc2c7CiAKKyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAg ICB7CisgICAgICAgIERPTVBSSU5URigiJXM6IElucHV0IGlzIDAgc2l6ZSIs IHdoYXQpOworICAgICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgLyog c2lnaC4gIFdlIGRvbid0IGtub3cgdXAtZnJvbnQgaG93IG11Y2ggbWVtb3J5 IHdlIGFyZSBnb2luZyB0byBuZWVkCiAgICAgICogZm9yIHRoZSBvdXRwdXQg YnVmZmVyLiAgQWxsb2NhdGUgdGhlIG91dHB1dCBidWZmZXIgdG8gYmUgZXF1 YWwKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVyIHRvIHN0YXJ0LCBhbmQgd2Un bGwgcmVhbGxvYyBhcyBuZWVkZWQuCkBAIC0yNDQsMTMgKzI3NCwyMCBAQCBz dGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICgg c3RyZWFtLT5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAgICAg ICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJmbG93 ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8gMiAp CisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBTSVpFX01BWCAvIDIgKQog ICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigiJXM6 IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciLCB3aGF0KTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gbHpt YV9jbGVhbnVwOwogICAgICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSAp CisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIl czogb3V0cHV0IHRvbyBsYXJnZSIsIHdoYXQpOworICAgICAgICAgICAgICAg IGZyZWUob3V0X2J1Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2Ns ZWFudXA7CisgICAgICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYg PSByZWFsbG9jKG91dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAg IGlmICggdG1wX2J1ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTM1 OSw2ICszOTYsMTIgQEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2Rl KAogICAgICAgICAweDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBk LCAweDBhLCAweDFhLCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICog bHpvX3VpbnQgc2hvdWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlz IGlzIHRoZSBjYXNlIHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVy ZmxvdyB2YXJpb3VzIGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBY Q19CVUlMRF9CVUdfT04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6 ZV90KSk7CisKICAgICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0 ICE9IExaT19FX09LICkKICAgICB7CkBAIC00MzgsNiArNDgxLDE0IEBAIHN0 YXRpYyBpbnQgeGNfdHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBz cmNfbGVuIDw9IDAgfHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+ IGxlZnQgKQogICAgICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0g Ik91dHB1dCBidWZmZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXpl ID4gU0laRV9NQVggLSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOwor CisgICAgICAgIG1zZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdl IjsKKyAgICAgICAgaWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9t LCAqc2l6ZSArIGRzdF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAg ICAgICAgIG1zZyA9ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAg ICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0 X2xlbik7CiAgICAgICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbV9jb3JlLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2NvcmUuYwlX ZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYwlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAx MDAKQEAgLTE1OSw3ICsxNTksOCBAQCB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVf dCAqIHNpemUpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3Qg Y2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAg IHN0cnVjdCB4Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZk ID0gLTE7CkBAIC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG8KICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlIAogfQogCiAvKiAtLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0gKi8KKy8qIGRlY29tcHJlc3Npb24gYnVmZmVyIHNpemlu ZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAqLworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICAvKiBObyBsaW1p dCAqLworICAgIGlmICggIWRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICAg ICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhfa2VybmVs X3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNo LCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAgICJr ZXJuZWwgaW1hZ2UgdG9vIGxhcmdlIik7CisgICAgICAgIHJldHVybiAxOwor ICAgIH0KKworICAgIHJldHVybiAwOworfQorCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeikKK3sKKyAgICAvKiBObyBsaW1pdCAqLworICAgIGlmICggIWRvbS0+ bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAg aWYgKCBzeiA+IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgInJhbWRpc2sgaW1hZ2UgdG9vIGxh cmdlIik7CisgICAgICAgIHJldHVybiAxOworICAgIH0KKworICAgIHJldHVy biAwOworfQorCisvKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8K IC8qIHJlYWQgZmlsZXMsIGNvcHkgbWVtb3J5IGJsb2Nrcywgd2l0aCB0cmFu c3BhcmVudCBndW56aXAgICAgICAgICAgICAgICAgICAqLwogCiBzaXplX3Qg eGNfZG9tX2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pCkBAIC0yMzUsNyArMjc3LDcgQEAgc2l6ZV90 IHhjX2RvbV9jaGVja19nemlwKHhjX2ludGVyZmFjZSAqeAogCiAgICAgZ3ps ZW4gPSBibG9iICsgemlwbGVuIC0gNDsKICAgICB1bnppcGxlbiA9IGd6bGVu WzNdIDw8IDI0IHwgZ3psZW5bMl0gPDwgMTYgfCBnemxlblsxXSA8PCA4IHwg Z3psZW5bMF07Ci0gICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBs ZW4gPiAoMTAyNCoxMDI0KjEwMjQpKSApIC8qIDFHQiBsaW1pdCAqLworICAg IGlmICggKHVuemlwbGVuIDwgMCkgfHwgKHVuemlwbGVuID4gWENfRE9NX0RF Q09NUFJFU1NfTUFYKSApCiAgICAgewogICAgICAgICB4Y19kb21fcHJpbnRm CiAgICAgICAgICAgICAoeGNoLApAQCAtMjg4LDYgKzMzMCw5IEBAIGludCB4 Y19kb21fdHJ5X2d1bnppcChzdHJ1Y3QgeGNfZG9tX2ltYWcKICAgICBpZiAo IHVuemlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlm ICggeGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkK KyAgICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxs b2MoZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkK ICAgICAgICAgcmV0dXJuIC0xOwpAQCAtNTkwLDYgKzYzNSw5IEBAIHN0cnVj dCB4Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y18KICAgICBtZW1z ZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRvbS0+eGNoID0geGNo OwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBYQ19ET01fREVDT01Q UkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gWENfRE9N X0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRsaW5lICkKICAgICAg ICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChkb20sIGNtZGxpbmUp OwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjEwLDEwICs2NTgsMjUgQEAg c3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9jYXRlKHhjXwogICAg IHJldHVybiBOVUxMOwogfQogCitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6 ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAg ICBET01QUklOVEYoIiVzOiBrZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5D VElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsK KyAgICByZXR1cm4gMDsKK30KKworaW50IHhjX2RvbV9yYW1kaXNrX21heF9z aXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQorewor ICAgIERPTVBSSU5URigiJXM6IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19G VU5DVElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0g c3o7CisgICAgcmV0dXJuIDA7Cit9CisKIGludCB4Y19kb21fa2VybmVsX2Zp bGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxl bmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIi LCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9i bG9iID0geGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZk b20tPmtlcm5lbF9zaXplKTsKKyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNf ZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5l bF9zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZG9tLT5tYXhfa2VybmVsX3NpemUpOwogICAgIGlmICggZG9t LT5rZXJuZWxfYmxvYiA9PSBOVUxMICkKICAgICAgICAgcmV0dXJuIC0xOwog ICAgIHJldHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5l bF9ibG9iLCAmZG9tLT5rZXJuZWxfc2l6ZSk7CkBAIC02MjMsNyArNjg2LDkg QEAgaW50IHhjX2RvbV9yYW1kaXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbQog ewogICAgIERPTVBSSU5URigiJXM6IGZpbGVuYW1lPVwiJXNcIiIsIF9fRlVO Q1RJT05fXywgZmlsZW5hbWUpOwogICAgIGRvbS0+cmFtZGlza19ibG9iID0K LSAgICAgICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUs ICZkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIHhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb20tPm1heF9yYW1kaXNr X3NpemUpOworCiAgICAgaWYgKCBkb20tPnJhbWRpc2tfYmxvYiA9PSBOVUxM ICkKICAgICAgICAgcmV0dXJuIC0xOwogLy8gICAgcmV0dXJuIHhjX2RvbV90 cnlfZ3VuemlwKGRvbSwgJmRvbS0+cmFtZGlza19ibG9iLCAmZG9tLT5yYW1k aXNrX3NpemUpOwpAQCAtNzgzLDcgKzg0OCwxMSBAQCBpbnQgeGNfZG9tX2J1 aWxkX2ltYWdlKHN0cnVjdCB4Y19kb21faW1hCiAgICAgICAgIHZvaWQgKnJh bWRpc2ttYXA7CiAKICAgICAgICAgdW56aXBsZW4gPSB4Y19kb21fY2hlY2tf Z3ppcChkb20tPnhjaCwgZG9tLT5yYW1kaXNrX2Jsb2IsIGRvbS0+cmFtZGlz a19zaXplKTsKKyAgICAgICAgaWYgKCB4Y19kb21fcmFtZGlza19jaGVja19z aXplKGRvbSwgdW56aXBsZW4pICE9IDAgKQorICAgICAgICAgICAgdW56aXBs ZW4gPSAwOworCiAgICAgICAgIHJhbWRpc2tsZW4gPSB1bnppcGxlbiA/IHVu emlwbGVuIDogZG9tLT5yYW1kaXNrX3NpemU7CisKICAgICAgICAgaWYgKCB4 Y19kb21fYWxsb2Nfc2VnbWVudChkb20sICZkb20tPnJhbWRpc2tfc2VnLCAi cmFtZGlzayIsIDAsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgcmFtZGlza2xlbikgIT0gMCApCiAgICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator-- From xen-announce-bounces@lists.xen.org Tue Nov 13 12:59:06 2012 Return-path: Envelope-to: archives@lists.xen.org Delivery-date: Tue, 13 Nov 2012 12:59:06 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG3D-0001qJ-7x; Tue, 13 Nov 2012 12:57:11 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2d-0001NS-S4; Tue, 13 Nov 2012 12:56:36 +0000 Received: from [85.158.138.51:17606] by server-3.bemta-3.messagelabs.com id F8/84-31566-28342A05; Tue, 13 Nov 2012 12:56:34 +0000 X-Env-Sender: iwj@xenbits.xen.org X-Msg-Ref: server-6.tower-174.messagelabs.com!1352811391!21808416!1 X-Originating-IP: [50.57.168.107] X-SpamReason: No, hits=0.5 required=7.0 tests=BODY_RANDOM_LONG X-StarScan-Received: X-StarScan-Version: 6.6.1.8; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30348 invoked from network); 13 Nov 2012 12:56:32 -0000 Received: from mail.xen.org (HELO mail.xen.org) (50.57.168.107) by server-6.tower-174.messagelabs.com with AES256-SHA encrypted SMTP; 13 Nov 2012 12:56:32 -0000 Received: from xenbits.xen.org ([50.57.170.242]) by mail.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1TYG2R-0008VH-9g; Tue, 13 Nov 2012 12:56:23 +0000 Received: from iwj by xenbits.xen.org with local (Exim 4.72) (envelope-from ) id 1TYG2R-00010J-89; Tue, 13 Nov 2012 12:56:23 +0000 Date: Tue, 13 Nov 2012 12:56:23 +0000 Message-Id: Content-Type: multipart/mixed; boundary="=separator"; charset="utf-8" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.428 (Entity 5.428) To: xen-announce@lists.xen.org, xen-devel@lists.xen.org, xen-users@lists.xen.org, oss-security@lists.openwall.com From: Xen.org security team X-Mailman-Approved-At: Tue, 13 Nov 2012 12:57:06 +0000 Cc: "Xen.org security team" Subject: [Xen-announce] Xen Security Advisory 25 (CVE-2012-4544, CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk X-BeenThere: xen-announce@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Xen announcements \(low volume\)" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-announce-bounces@lists.xen.org Errors-To: xen-announce-bounces@lists.xen.org --=separator Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to apologise for the fact that xen-announce's copy of version 1 of this advisory was delayed in mailing list moderation. ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. (CVE-2012-4544) Additionally, under similar circumstances pygrub consume excessive amount of memory under similar circumstances to the above. (CVE-2012-2625) IMPACT ====== A malicious guest administrator who can supply a kernel or ramdisk can exhaust memory in domain 0 leading to a denial of service attack. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. MITIGATION ========== Running only trusted kernels and ramdisks will avoid these vulnerabilities. Using pvgrub also avoids these vulnerabilities since the builder will run in guest context. (nb: use of pygrub *is* vulnerable). Running only HVM guests will avoid these vulnerabilities. RESOLUTION ========== Applying the appropriate attached patch resolves these issues. The pygrub problem (CVE-2012-2625) was fixed in xen-unstable (and the fix inherited by Xen 4.2.x) in revision 25589:60f09d1ab1fe but not called out as a security problem. This fix is also included, where necessary, in the patches below. xsa25-unstable.patch Xen unstable xsa25-4.2.patch Xen 4.2.x xsa25-4.1.patch Xen 4.1.x $ sha256sum xsa25*.patch 613e4b82cdc9cabf9cbd52076118887b298c47e680c2066a28a77f12e9f90606 xsa25-4.1.patch 135bc089d003f9b97991764c37b1ab8d37e9cbcfa1b9bd7429b4503abe00c8f5 xsa25-4.2.patch 534495b7eef6e599f5814f0a67fc84fbe2e8eee9d223a09ad178ff63bdcda3dd xsa25-unstable.patch Note that these patches impose a new size limit of 1Gby on both the compressed and uncompressed sizes of ramdisks. On some systems it may be desirable to relax these limits and risk virtual address or memory exhaustion in the toolstack. This can be achieved by setting XC_DOM_DECOMPRESS_MAX to the desired limit (in bytes). This can be done by building with "APPEND_CFLAGS=-DXC_DOM_DECOMPRESS_MAX=" or by editing tools/libxc/xc_dom.h directly. NOTE REGARDING LACK OF EMBARGO ============================== These issues have already been discussed in public in various places, including https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 and http://bugs.debian.org/688125. This advisory is therefore not subject to an embargo. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQokGyAAoJEIP+FMlX6CvZl7wH/RdoQHGDcbgVEh5fuS5VzPpw RZ0sm6bpI7eclqaN6+thX9SA5qeycvyj2zq769yUGSiHR+BUNw6HRJZ+XAAF0IIx nb4VEdS2+Hz1kyTUAeZu3z/5HyfFamKY9Lhhj/47DBTtO5Xl1pjOCA0bC4ZDtIm1 ffFVhOmTcmQEWXW1z27Vj9hSgQeGsqHTcOys6H0nYpLITDIZqBkGv8MZl4X0/Wtl zs2prG8HEWsysKel5Q/dt7De84OV3LgP1/2a+aMkLi+RgKWP+naKAXfYqVAS4mLw K+mv2MrmhgNxzEWp/sZX0q1QNvnJf+xKYHOBcP+hUlQIQwD/NQejdAdmNVPem7s= =Pfj+ -----END PGP SIGNATURE----- --=separator Content-Type: application/octet-stream; name="xsa25-4.1.patch" Content-Disposition: attachment; filename="xsa25-4.1.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgpbIEluY2x1ZGVzIDI1 NTg5OjYwZjA5ZDFhYjFmZSBmb3IgQ1ZFLTIwMTItMjYyNSBdCgpkaWZmIC0t Z2l0IGEvc3R1YmRvbS9ncnViL2tleGVjLmMgYi9zdHViZG9tL2dydWIva2V4 ZWMuYwppbmRleCAwNmJlZjUyLi5iMjFjOTFhIDEwMDY0NAotLS0gYS9zdHVi ZG9tL2dydWIva2V4ZWMuYworKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwpA QCAtMTM3LDYgKzEzNywxMCBAQCB2b2lkIGtleGVjKHZvaWQgKmtlcm5lbCwg bG9uZyBrZXJuZWxfc2l6ZSwgdm9pZCAqbW9kdWxlLCBsb25nIG1vZHVsZV9z aXplLCBjaGFyCiAgICAgZG9tID0geGNfZG9tX2FsbG9jYXRlKHhjX2hhbmRs ZSwgY21kbGluZSwgZmVhdHVyZXMpOwogICAgIGRvbS0+YWxsb2NhdGUgPSBr ZXhlY19hbGxvY2F0ZTsKIAorICAgIC8qIFdlIGFyZSB1c2luZyBndWVzdCBv d25lZCBtZW1vcnksIHRoZXJlZm9yZSBubyBsaW1pdHMuICovCisgICAgeGNf ZG9tX2tlcm5lbF9tYXhfc2l6ZShkb20sIDApOworICAgIHhjX2RvbV9yYW1k aXNrX21heF9zaXplKGRvbSwgMCk7CisKICAgICBkb20tPmtlcm5lbF9ibG9i ID0ga2VybmVsOwogICAgIGRvbS0+a2VybmVsX3NpemUgPSBrZXJuZWxfc2l6 ZTsKIApkaWZmIC0tZ2l0IGEvdG9vbHMvbGlieGMveGNfZG9tLmggYi90b29s cy9saWJ4Yy94Y19kb20uaAppbmRleCBlNzJmMDY2Li43MDQzZjk2IDEwMDY0 NAotLS0gYS90b29scy9saWJ4Yy94Y19kb20uaAorKysgYi90b29scy9saWJ4 Yy94Y19kb20uaApAQCAtNTIsNiArNTIsOSBAQCBzdHJ1Y3QgeGNfZG9tX2lt YWdlIHsKICAgICB2b2lkICpyYW1kaXNrX2Jsb2I7CiAgICAgc2l6ZV90IHJh bWRpc2tfc2l6ZTsKIAorICAgIHNpemVfdCBtYXhfa2VybmVsX3NpemU7Cisg ICAgc2l6ZV90IG1heF9yYW1kaXNrX3NpemU7CisKICAgICAvKiBhcmd1bWVu dHMgYW5kIHBhcmFtZXRlcnMgKi8KICAgICBjaGFyICpjbWRsaW5lOwogICAg IHVpbnQzMl90IGZfcmVxdWVzdGVkW1hFTkZFQVRfTlJfU1VCTUFQU107CkBA IC0xNzUsNiArMTc4LDIzIEBAIHZvaWQgeGNfZG9tX3JlbGVhc2VfcGh5cyhz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogdm9pZCB4Y19kb21fcmVsZWFz ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20pOwogaW50IHhjX2RvbV9tZW1f aW5pdChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHVuc2lnbmVkIGludCBt ZW1fbWIpOwogCisvKiBTZXQgdGhpcyBsYXJnZXIgaWYgeW91IGhhdmUgZW5v cm1vdXMgcmFtZGlza3Mva2VybmVscy4gTm90ZSB0aGF0CisgKiB5b3Ugc2hv dWxkIHRydXN0IGFsbCBrZXJuZWxzIG5vdCB0byBiZSBtYWxpY2lvdXNseSBs YXJnZSAoZS5nLiB0bworICogZXhoYXVzdCBhbGwgZG9tMCBtZW1vcnkpIGlm IHlvdSBkbyB0aGlzIChzZWUgQ1ZFLTIwMTItNDU0NCAvCisgKiBYU0EtMjUp LiBZb3UgY2FuIGFsc28gc2V0IHRoZSBkZWZhdWx0IGluZGVwZW5kZW50bHkg Zm9yCisgKiByYW1kaXNrcy9rZXJuZWxzIGluIHhjX2RvbV9hbGxvY2F0ZSgp IG9yIGNhbGwKKyAqIHhjX2RvbV97a2VybmVsLHJhbWRpc2t9X21heF9zaXpl LgorICovCisjaWZuZGVmIFhDX0RPTV9ERUNPTVBSRVNTX01BWAorI2RlZmlu ZSBYQ19ET01fREVDT01QUkVTU19NQVggKDEwMjQqMTAyNCoxMDI0KSAvKiAx R0IgKi8KKyNlbmRpZgorCitpbnQgeGNfZG9tX2tlcm5lbF9jaGVja19zaXpl KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4 Y19kb21fa2VybmVsX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRv bSwgc2l6ZV90IHN6KTsKKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3Np emUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworaW50 IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21faW1hZ2Ug KmRvbSwgc2l6ZV90IHN6KTsKKwogc2l6ZV90IHhjX2RvbV9jaGVja19nemlw KHhjX2ludGVyZmFjZSAqeGNoLAogICAgICAgICAgICAgICAgICAgICAgdm9p ZCAqYmxvYiwgc2l6ZV90IHppcGxlbik7CiBpbnQgeGNfZG9tX2RvX2d1bnpp cCh4Y19pbnRlcmZhY2UgKnhjaCwKQEAgLTIyNCw3ICsyNDQsOCBAQCB2b2lk IHhjX2RvbV9sb2dfbWVtb3J5X2Zvb3RwcmludChzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20pOwogdm9pZCAqeGNfZG9tX21hbGxvYyhzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sIHNpemVfdCBzaXplKTsKIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpOwogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSk7Cisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5h bWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAgICAg ICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKTsKIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp OwogCiAvKiAtLS0gYWxsb2MgbWVtb3J5IHBvb2wgLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwpkaWZmIC0tZ2l0IGEv dG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYyBiL3Rvb2xzL2xp YnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMKaW5kZXggOTg1MmU2Ny4uNzNj ZmFkMSAxMDA2NDQKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vs b2FkZXIuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fYnppbWFnZWxvYWRl ci5jCkBAIC00NywxMyArNDcsMTkgQEAgc3RhdGljIGludCB4Y190cnlfYnpp cDJfZGVjb2RlKAogICAgIGNoYXIgKm91dF9idWY7CiAgICAgY2hhciAqdG1w X2J1ZjsKICAgICBpbnQgcmV0dmFsID0gLTE7Ci0gICAgaW50IG91dHNpemU7 CisgICAgdW5zaWduZWQgaW50IG91dHNpemU7CiAgICAgdWludDY0X3QgdG90 YWw7CiAKICAgICBzdHJlYW0uYnphbGxvYyA9IE5VTEw7CiAgICAgc3RyZWFt LmJ6ZnJlZSA9IE5VTEw7CiAgICAgc3RyZWFtLm9wYXF1ZSA9IE5VTEw7CiAK KyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IGlzIDAgc2l6ZSIpOworICAg ICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgcmV0ID0gQloyX2J6RGVj b21wcmVzc0luaXQoJnN0cmVhbSwgMCwgMCk7CiAgICAgaWYgKCByZXQgIT0g QlpfT0sgKQogICAgIHsKQEAgLTY2LDYgKzcyLDE3IEBAIHN0YXRpYyBpbnQg eGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVy IHRvIHN0YXJ0LCBhbmQgd2UnbGwgcmVhbGxvYyBhcyBuZWVkZWQuCiAgICAg ICovCiAgICAgb3V0c2l6ZSA9IGRvbS0+a2VybmVsX3NpemU7CisKKyAgICAv KgorICAgICAqIHN0cmVhbS5hdmFpbF9pbiBhbmQgb3V0c2l6ZSBhcmUgdW5z aWduZWQgaW50LCB3aGlsZSBrZXJuZWxfc2l6ZQorICAgICAqIGlzIGEgc2l6 ZV90LiBDaGVjayB3ZSBhcmVuJ3Qgb3ZlcmZsb3dpbmcuCisgICAgICovCisg ICAgaWYgKCBvdXRzaXplICE9IGRvbS0+a2VybmVsX3NpemUgKQorICAgIHsK KyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgdG9vIGxhcmdlIik7 CisgICAgICAgIGdvdG8gYnppcDJfY2xlYW51cDsKKyAgICB9CisKICAgICBv dXRfYnVmID0gbWFsbG9jKG91dHNpemUpOwogICAgIGlmICggb3V0X2J1ZiA9 PSBOVUxMICkKICAgICB7CkBAIC05OCwxMyArMTE1LDIwIEBAIHN0YXRpYyBp bnQgeGNfdHJ5X2J6aXAyX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0u YXZhaWxfb3V0ID09IDAgKQogICAgICAgICB7CiAgICAgICAgICAgICAvKiBQ cm90ZWN0IGFnYWluc3Qgb3V0cHV0IGJ1ZmZlciBvdmVyZmxvdyAqLwotICAg ICAgICAgICAgaWYgKCBvdXRzaXplID4gSU5UX01BWCAvIDIgKQorICAgICAg ICAgICAgaWYgKCBvdXRzaXplID4gVUlOVF9NQVggLyAyICkKICAgICAgICAg ICAgIHsKICAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJlZShv dXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7 CiAgICAgICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAg ICAgIHsKKyAgICAgICAgICAgICAgICBET01QUklOVEYoIkJaSVAyOiBvdXRw dXQgdG9vIGxhcmdlIik7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVm KTsKKyAgICAgICAgICAgICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTE3Miw5ICsxOTYsMTUg QEAgc3RhdGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgdW5zaWdu ZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBjaGFyICp0bXBfYnVm OwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQgb3V0c2l6ZTsKKyAg ICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFyICptc2c7CiAKKyAg ICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAgICB7CisgICAgICAg IERPTVBSSU5URigiTFpNQTogSW5wdXQgaXMgMCBzaXplIik7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQgPSBsem1hX2Fsb25lX2Rl Y29kZXIoJnN0cmVhbSwgMTI4KjEwMjQqMTAyNCk7CiAgICAgaWYgKCByZXQg IT0gTFpNQV9PSyApCiAgICAgewpAQCAtMjUxLDEzICsyODEsMjAgQEAgc3Rh dGljIGludCB4Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICggc3Ry ZWFtLmF2YWlsX291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAg LyogUHJvdGVjdCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8K LSAgICAgICAgICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAg ICAgICAgICAgIGlmICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAg ICAgICAgICB7CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJMWk1BOiBv dXRwdXQgYnVmZmVyIG92ZXJmbG93Iik7CiAgICAgICAgICAgICAgICAgZnJl ZShvdXRfYnVmKTsKICAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51 cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYgKCB4Y19kb21f a2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikgKQorICAgICAg ICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigiTFpNQTogb3V0 cHV0IHRvbyBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CisgICAg ICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91 dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAgIGlmICggdG1wX2J1 ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTMyNyw2ICszNjQsMTIg QEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2RlKAogICAgICAgICAw eDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBkLCAweDBhLCAweDFh LCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICogbHpvX3VpbnQgc2hv dWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlzIGlzIHRoZSBjYXNl IHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVyZmxvdyB2YXJpb3Vz IGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBYQ19CVUlMRF9CVUdf T04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6ZV90KSk7CisKICAg ICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0ICE9IExaT19FX09L ICkKICAgICB7CkBAIC00MDYsNiArNDQ5LDE0IEBAIHN0YXRpYyBpbnQgeGNf dHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBzcmNfbGVuIDw9IDAg fHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+IGxlZnQgKQogICAg ICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0gIk91dHB1dCBidWZm ZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXplID4gU0laRV9NQVgg LSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOworCisgICAgICAgIG1z ZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdlIjsKKyAgICAgICAg aWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCAqc2l6ZSArIGRz dF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAgICAgICAgIG1zZyA9 ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAgICAgICAgIHRtcF9i dWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0X2xlbik7CiAgICAg ICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCmluZGV4IGZlYTlkZTUuLjJhMDFkN2MgMTAwNjQ0Ci0tLSBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9jb3JlLmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9t X2NvcmUuYwpAQCAtMTU5LDcgKzE1OSw4IEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfcGFnZV9hbGlnbmVkKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHNpemUpCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUp CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmls ZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAgICAgICAgICAg ICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAgIHN0cnVjdCB4 Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZkID0gLTE7CkBA IC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1h cChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCiAgICAgbHNlZWsoZmQsIDAs IFNFRUtfU0VUKTsKICAgICAqc2l6ZSA9IGxzZWVrKGZkLCAwLCBTRUVLX0VO RCk7CiAKKyAgICBpZiAoIG1heF9zaXplICYmICpzaXplID4gbWF4X3NpemUg KQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNoLCBYQ19P VVRfT0ZfTUVNT1JZLAorICAgICAgICAgICAgICAgICAgICAgInRyaWVkIHRv IG1hcCBmaWxlIHdoaWNoIGlzIHRvbyBsYXJnZSIpOworICAgICAgICBnb3Rv IGVycjsKKyAgICB9CisKICAgICBibG9jayA9IG1hbGxvYyhzaXplb2YoKmJs b2NrKSk7CiAgICAgaWYgKCBibG9jayA9PSBOVUxMICkKICAgICAgICAgZ290 byBlcnI7CkBAIC0yMjIsNiArMjMwLDQwIEBAIGNoYXIgKnhjX2RvbV9zdHJk dXAoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpzdHIp CiB9CiAKIC8qIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLworLyog ZGVjb21wcmVzc2lvbiBidWZmZXIgc2l6aW5nICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICovCitpbnQgeGNfZG9tX2tl cm5lbF9jaGVja19zaXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6 ZV90IHN6KQoreworICAgIC8qIE5vIGxpbWl0ICovCisgICAgaWYgKCAhZG9t LT5tYXhfa2VybmVsX3NpemUgKQorICAgICAgICByZXR1cm4gMDsKKworICAg IGlmICggc3ogPiBkb20tPm1heF9rZXJuZWxfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgImtlcm5lbCBpbWFnZSB0b28gbGFy Z2UiKTsKKyAgICAgICAgcmV0dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJu IDA7Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIC8qIE5v IGxpbWl0ICovCisgICAgaWYgKCAhZG9tLT5tYXhfcmFtZGlza19zaXplICkK KyAgICAgICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhf cmFtZGlza19zaXplICkKKyAgICB7CisgICAgICAgIHhjX2RvbV9wYW5pYyhk b20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisgICAgICAgICAgICAgICAg ICAgICAicmFtZGlzayBpbWFnZSB0b28gbGFyZ2UiKTsKKyAgICAgICAgcmV0 dXJuIDE7CisgICAgfQorCisgICAgcmV0dXJuIDA7Cit9CisKKy8qIC0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLSAqLwogLyogcmVhZCBmaWxlcywgY29w eSBtZW1vcnkgYmxvY2tzLCB3aXRoIHRyYW5zcGFyZW50IGd1bnppcCAgICAg ICAgICAgICAgICAgICovCiAKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4 Y19pbnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikK QEAgLTIzNSw3ICsyNzcsNyBAQCBzaXplX3QgeGNfZG9tX2NoZWNrX2d6aXAo eGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJsb2IsIHNpemVfdCB6aXBsZW4p CiAKICAgICBnemxlbiA9IGJsb2IgKyB6aXBsZW4gLSA0OwogICAgIHVuemlw bGVuID0gZ3psZW5bM10gPDwgMjQgfCBnemxlblsyXSA8PCAxNiB8IGd6bGVu WzFdIDw8IDggfCBnemxlblswXTsKLSAgICBpZiAoICh1bnppcGxlbiA8IDAp IHx8ICh1bnppcGxlbiA+ICgxMDI0KjEwMjQqMTAyNCkpICkgLyogMUdCIGxp bWl0ICovCisgICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBsZW4g PiBYQ19ET01fREVDT01QUkVTU19NQVgpICkKICAgICB7CiAgICAgICAgIHhj X2RvbV9wcmludGYKICAgICAgICAgICAgICh4Y2gsCkBAIC0yODgsNiArMzMw LDkgQEAgaW50IHhjX2RvbV90cnlfZ3VuemlwKHN0cnVjdCB4Y19kb21faW1h Z2UgKmRvbSwgdm9pZCAqKmJsb2IsIHNpemVfdCAqIHNpemUpCiAgICAgaWYg KCB1bnppcGxlbiA9PSAwICkKICAgICAgICAgcmV0dXJuIDA7CiAKKyAgICBp ZiAoIHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAp CisgICAgICAgIHJldHVybiAwOworCiAgICAgdW56aXAgPSB4Y19kb21fbWFs bG9jKGRvbSwgdW56aXBsZW4pOwogICAgIGlmICggdW56aXAgPT0gTlVMTCAp CiAgICAgICAgIHJldHVybiAtMTsKQEAgLTU4OCw2ICs2MzMsOSBAQCBzdHJ1 Y3QgeGNfZG9tX2ltYWdlICp4Y19kb21fYWxsb2NhdGUoeGNfaW50ZXJmYWNl ICp4Y2gsCiAgICAgbWVtc2V0KGRvbSwgMCwgc2l6ZW9mKCpkb20pKTsKICAg ICBkb20tPnhjaCA9IHhjaDsKIAorICAgIGRvbS0+bWF4X2tlcm5lbF9zaXpl ID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworICAgIGRvbS0+bWF4X3JhbWRp c2tfc2l6ZSA9IFhDX0RPTV9ERUNPTVBSRVNTX01BWDsKKwogICAgIGlmICgg Y21kbGluZSApCiAgICAgICAgIGRvbS0+Y21kbGluZSA9IHhjX2RvbV9zdHJk dXAoZG9tLCBjbWRsaW5lKTsKICAgICBpZiAoIGZlYXR1cmVzICkKQEAgLTYw OCwxMCArNjU2LDI1IEBAIHN0cnVjdCB4Y19kb21faW1hZ2UgKnhjX2RvbV9h bGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhjaCwKICAgICByZXR1cm4gTlVMTDsK IH0KIAoraW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgRE9NUFJJTlRGKCIl czoga2VybmVsX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3opOwor ICAgIGRvbS0+bWF4X2tlcm5lbF9zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKK2ludCB4Y19kb21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYo IiVzOiByYW1kaXNrX21heF9zaXplPSV6eCIsIF9fRlVOQ1RJT05fXywgc3op OworICAgIGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSA9IHN6OworICAgIHJldHVy biAwOworfQorCiBpbnQgeGNfZG9tX2tlcm5lbF9maWxlKHN0cnVjdCB4Y19k b21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqZmlsZW5hbWUpCiB7CiAgICAg RE9NUFJJTlRGKCIlczogZmlsZW5hbWU9XCIlc1wiIiwgX19GVU5DVElPTl9f LCBmaWxlbmFtZSk7Ci0gICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9t YWxsb2NfZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6 ZSk7CisgICAgZG9tLT5rZXJuZWxfYmxvYiA9IHhjX2RvbV9tYWxsb2NfZmls ZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5rZXJuZWxfc2l6ZSwKKyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRvbS0+ bWF4X2tlcm5lbF9zaXplKTsKICAgICBpZiAoIGRvbS0+a2VybmVsX2Jsb2Ig PT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKICAgICByZXR1cm4geGNf ZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5rZXJuZWxfYmxvYiwgJmRvbS0+ a2VybmVsX3NpemUpOwpAQCAtNjIxLDcgKzY4NCw5IEBAIGludCB4Y19kb21f cmFtZGlza19maWxlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3Qg Y2hhciAqZmlsZW5hbWUpCiB7CiAgICAgRE9NUFJJTlRGKCIlczogZmlsZW5h bWU9XCIlc1wiIiwgX19GVU5DVElPTl9fLCBmaWxlbmFtZSk7CiAgICAgZG9t LT5yYW1kaXNrX2Jsb2IgPQotICAgICAgICB4Y19kb21fbWFsbG9jX2ZpbGVt YXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFtZGlza19zaXplKTsKKyAgICAg ICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20t PnJhbWRpc2tfc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSk7CisKICAgICBpZiAoIGRvbS0+cmFt ZGlza19ibG9iID09IE5VTEwgKQogICAgICAgICByZXR1cm4gLTE7CiAvLyAg ICByZXR1cm4geGNfZG9tX3RyeV9ndW56aXAoZG9tLCAmZG9tLT5yYW1kaXNr X2Jsb2IsICZkb20tPnJhbWRpc2tfc2l6ZSk7CkBAIC03ODEsNyArODQ2LDEx IEBAIGludCB4Y19kb21fYnVpbGRfaW1hZ2Uoc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tKQogICAgICAgICB2b2lkICpyYW1kaXNrbWFwOwogCiAgICAgICAg IHVuemlwbGVuID0geGNfZG9tX2NoZWNrX2d6aXAoZG9tLT54Y2gsIGRvbS0+ cmFtZGlza19ibG9iLCBkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIGlm ICggeGNfZG9tX3JhbWRpc2tfY2hlY2tfc2l6ZShkb20sIHVuemlwbGVuKSAh PSAwICkKKyAgICAgICAgICAgIHVuemlwbGVuID0gMDsKKwogICAgICAgICBy YW1kaXNrbGVuID0gdW56aXBsZW4gPyB1bnppcGxlbiA6IGRvbS0+cmFtZGlz a19zaXplOworCiAgICAgICAgIGlmICggeGNfZG9tX2FsbG9jX3NlZ21lbnQo ZG9tLCAmZG9tLT5yYW1kaXNrX3NlZywgInJhbWRpc2siLCAwLAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJhbWRpc2tsZW4pICE9IDAg KQogICAgICAgICAgICAgZ290byBlcnI7CmRpZmYgLS1naXQgYS90b29scy9w eWdydWIvc3JjL3B5Z3J1YiBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCmlu ZGV4IDE3YzAwODMuLjFhM2MxYzMgMTAwNjQ0Ci0tLSBhL3Rvb2xzL3B5Z3J1 Yi9zcmMvcHlncnViCisrKyBiL3Rvb2xzL3B5Z3J1Yi9zcmMvcHlncnViCkBA IC0yOCw2ICsyOCw3IEBAIGltcG9ydCBncnViLkxpbG9Db25mCiBpbXBvcnQg Z3J1Yi5FeHRMaW51eENvbmYKIAogUFlHUlVCX1ZFUiA9IDAuNgorRlNfUkVB RF9NQVggPSAxMDI0ICogMTAyNAogCiBkZWYgZW5hYmxlX2N1cnNvcihpc29u KToKICAgICBpZiBpc29uOgpAQCAtNDIxLDcgKzQyMiw4IEBAIGNsYXNzIEdy dWI6CiAgICAgICAgIGlmIHNlbGYuX19kaWN0X18uZ2V0KCdjZicsIE5vbmUp IGlzIE5vbmU6CiAgICAgICAgICAgICByYWlzZSBSdW50aW1lRXJyb3IsICJj b3VsZG4ndCBmaW5kIGJvb3Rsb2FkZXIgY29uZmlnIGZpbGUgaW4gdGhlIGlt YWdlIHByb3ZpZGVkLiIKICAgICAgICAgZiA9IGZzLm9wZW5fZmlsZShzZWxm LmNmLmZpbGVuYW1lKQotICAgICAgICBidWYgPSBmLnJlYWQoKQorICAgICAg ICAjIGxpbWl0IHJlYWQgc2l6ZSB0byBhdm9pZCBwYXRob2xvZ2ljYWwgY2Fz ZXMKKyAgICAgICAgYnVmID0gZi5yZWFkKEZTX1JFQURfTUFYKQogICAgICAg ICBkZWwgZgogICAgICAgICBzZWxmLmNmLnBhcnNlKGJ1ZikKIApAQCAtNjcw LDYgKzY3MiwzNyBAQCBpZiBfX25hbWVfXyA9PSAiX19tYWluX18iOgogICAg IGRlZiB1c2FnZSgpOgogICAgICAgICBwcmludCA+PiBzeXMuc3RkZXJyLCAi VXNhZ2U6ICVzIFstcXwtLXF1aWV0XSBbLWl8LS1pbnRlcmFjdGl2ZV0gWy1u fC0tbm90LXJlYWxseV0gWy0tb3V0cHV0PV0gWy0ta2VybmVsPV0gWy0tcmFt ZGlzaz1dIFstLWFyZ3M9XSBbLS1lbnRyeT1dIFstLW91dHB1dC1kaXJlY3Rv cnk9XSBbLS1vdXRwdXQtZm9ybWF0PXN4cHxzaW1wbGV8c2ltcGxlMF0gPGlt YWdlPiIgJShzeXMuYXJndlswXSwpCiAKKyAgICBkZWYgY29weV9mcm9tX2lt YWdlKGZzLCBmaWxlX3RvX3JlYWQsIGZpbGVfdHlwZSwgb3V0cHV0X2RpcmVj dG9yeSwKKyAgICAgICAgICAgICAgICAgICAgICAgIG5vdF9yZWFsbHkpOgor ICAgICAgICBpZiBub3RfcmVhbGx5OgorICAgICAgICAgICAgaWYgZnMuZmls ZV9leGlzdHMoZmlsZV90b19yZWFkKToKKyAgICAgICAgICAgICAgICByZXR1 cm4gIjwlczolcz4iICUgKGZpbGVfdHlwZSwgZmlsZV90b19yZWFkKQorICAg ICAgICAgICAgZWxzZToKKyAgICAgICAgICAgICAgICBzeXMuZXhpdCgiVGhl IHJlcXVlc3RlZCAlcyBmaWxlIGRvZXMgbm90IGV4aXN0IiAlIGZpbGVfdHlw ZSkKKyAgICAgICAgdHJ5OgorICAgICAgICAgICAgZGF0YWZpbGUgPSBmcy5v cGVuX2ZpbGUoZmlsZV90b19yZWFkKQorICAgICAgICBleGNlcHQgRXhjZXB0 aW9uLCBlOgorICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBlCisg ICAgICAgICAgICBzeXMuZXhpdCgiRXJyb3Igb3BlbmluZyAlcyBpbiBndWVz dCIgJSBmaWxlX3RvX3JlYWQpCisgICAgICAgICh0ZmQsIHJldCkgPSB0ZW1w ZmlsZS5ta3N0ZW1wKHByZWZpeD0iYm9vdF8iK2ZpbGVfdHlwZSsiLiIsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRpcj1vdXRw dXRfZGlyZWN0b3J5KQorICAgICAgICBkYXRhb2ZmID0gMAorICAgICAgICB3 aGlsZSBUcnVlOgorICAgICAgICAgICAgZGF0YSA9IGRhdGFmaWxlLnJlYWQo RlNfUkVBRF9NQVgsIGRhdGFvZmYpCisgICAgICAgICAgICBpZiBsZW4oZGF0 YSkgPT0gMDoKKyAgICAgICAgICAgICAgICBvcy5jbG9zZSh0ZmQpCisgICAg ICAgICAgICAgICAgZGVsIGRhdGFmaWxlCisgICAgICAgICAgICAgICAgcmV0 dXJuIHJldAorICAgICAgICAgICAgdHJ5OgorICAgICAgICAgICAgICAgIG9z LndyaXRlKHRmZCwgZGF0YSkKKyAgICAgICAgICAgIGV4Y2VwdCBFeGNlcHRp b24sIGU6CisgICAgICAgICAgICAgICAgcHJpbnQgPj5zeXMuc3RkZXJyLCBl CisgICAgICAgICAgICAgICAgb3MuY2xvc2UodGZkKQorICAgICAgICAgICAg ICAgIG9zLnVubGluayhyZXQpCisgICAgICAgICAgICAgICAgZGVsIGRhdGFm aWxlCisgICAgICAgICAgICAgICAgc3lzLmV4aXQoIkVycm9yIHdyaXRpbmcg dGVtcG9yYXJ5IGNvcHkgb2YgIitmaWxlX3R5cGUpCisgICAgICAgICAgICBk YXRhb2ZmICs9IGxlbihkYXRhKQorCiAgICAgdHJ5OgogICAgICAgICBvcHRz LCBhcmdzID0gZ2V0b3B0LmdudV9nZXRvcHQoc3lzLmFyZ3ZbMTpdLCAncWlu aDo6JywKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWyJx dWlldCIsICJpbnRlcmFjdGl2ZSIsICJub3QtcmVhbGx5IiwgImhlbHAiLCAK QEAgLTc4NiwyNCArODE5LDE4IEBAIGlmIF9fbmFtZV9fID09ICJfX21haW5f XyI6CiAgICAgaWYgbm90IGZzOgogICAgICAgICByYWlzZSBSdW50aW1lRXJy b3IsICJVbmFibGUgdG8gZmluZCBwYXJ0aXRpb24gY29udGFpbmluZyBrZXJu ZWwiCiAKLSAgICBpZiBub3RfcmVhbGx5OgotICAgICAgICBib290Y2ZnWyJr ZXJuZWwiXSA9ICI8a2VybmVsOiVzPiIgJSBjaG9zZW5jZmdbImtlcm5lbCJd Ci0gICAgZWxzZToKLSAgICAgICAgZGF0YSA9IGZzLm9wZW5fZmlsZShjaG9z ZW5jZmdbImtlcm5lbCJdKS5yZWFkKCkKLSAgICAgICAgKHRmZCwgYm9vdGNm Z1sia2VybmVsIl0pID0gdGVtcGZpbGUubWtzdGVtcChwcmVmaXg9ImJvb3Rf a2VybmVsLiIsCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgZGlyPW91dHB1dF9kaXJlY3RvcnkpCi0gICAg ICAgIG9zLndyaXRlKHRmZCwgZGF0YSkKLSAgICAgICAgb3MuY2xvc2UodGZk KQorICAgIGJvb3RjZmdbImtlcm5lbCJdID0gY29weV9mcm9tX2ltYWdlKGZz LCBjaG9zZW5jZmdbImtlcm5lbCJdLCAia2VybmVsIiwKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvdXRwdXRfZGlyZWN0b3J5 LCBub3RfcmVhbGx5KQogCiAgICAgaWYgY2hvc2VuY2ZnWyJyYW1kaXNrIl06 Ci0gICAgICAgIGlmIG5vdF9yZWFsbHk6Ci0gICAgICAgICAgICBib290Y2Zn WyJyYW1kaXNrIl0gPSAiPHJhbWRpc2s6JXM+IiAlIGNob3NlbmNmZ1sicmFt ZGlzayJdCi0gICAgICAgIGVsc2U6Ci0gICAgICAgICAgICBkYXRhID0gZnMu b3Blbl9maWxlKGNob3NlbmNmZ1sicmFtZGlzayJdLCkucmVhZCgpCi0gICAg ICAgICAgICAodGZkLCBib290Y2ZnWyJyYW1kaXNrIl0pID0gdGVtcGZpbGUu bWtzdGVtcCgKLSAgICAgICAgICAgICAgICBwcmVmaXg9ImJvb3RfcmFtZGlz ay4iLCBkaXI9b3V0cHV0X2RpcmVjdG9yeSkKLSAgICAgICAgICAgIG9zLndy aXRlKHRmZCwgZGF0YSkKLSAgICAgICAgICAgIG9zLmNsb3NlKHRmZCkKKyAg ICAgICAgdHJ5OgorICAgICAgICAgICAgYm9vdGNmZ1sicmFtZGlzayJdID0g Y29weV9mcm9tX2ltYWdlKGZzLCBjaG9zZW5jZmdbInJhbWRpc2siXSwKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAicmFtZGlzayIsIG91dHB1dF9kaXJlY3RvcnksCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbm90X3JlYWxs eSkKKyAgICAgICAgZXhjZXB0OgorICAgICAgICAgICAgaWYgbm90IG5vdF9y ZWFsbHk6CisgICAgICAgICAgICAgICAgb3MudW5saW5rKGJvb3RjZmdbImtl cm5lbCJdKQorICAgICAgICAgICAgcmFpc2UKICAgICBlbHNlOgogICAgICAg ICBpbml0cmQgPSBOb25lCiAK --=separator Content-Type: application/octet-stream; name="xsa25-4.2.patch" Content-Disposition: attachment; filename="xsa25-4.2.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtLWdpdCBh L3N0dWJkb20vZ3J1Yi9rZXhlYy5jIGIvc3R1YmRvbS9ncnViL2tleGVjLmMK aW5kZXggMDZiZWY1Mi4uYjIxYzkxYSAxMDA2NDQKLS0tIGEvc3R1YmRvbS9n cnViL2tleGVjLmMKKysrIGIvc3R1YmRvbS9ncnViL2tleGVjLmMKQEAgLTEz Nyw2ICsxMzcsMTAgQEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcg a2VybmVsX3NpemUsIHZvaWQgKm1vZHVsZSwgbG9uZyBtb2R1bGVfc2l6ZSwg Y2hhcgogICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNt ZGxpbmUsIGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNf YWxsb2NhdGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQg bWVtb3J5LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9r ZXJuZWxfbWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19t YXhfc2l6ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtl cm5lbDsKICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAK ZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oIGIvdG9vbHMvbGli eGMveGNfZG9tLmgKaW5kZXggMmFlZjY0YS4uNmE3MmFhOSAxMDA2NDQKLS0t IGEvdG9vbHMvbGlieGMveGNfZG9tLmgKKysrIGIvdG9vbHMvbGlieGMveGNf ZG9tLmgKQEAgLTU1LDYgKzU1LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7 CiAgICAgdm9pZCAqcmFtZGlza19ibG9iOwogICAgIHNpemVfdCByYW1kaXNr X3NpemU7CiAKKyAgICBzaXplX3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNp emVfdCBtYXhfcmFtZGlza19zaXplOworCiAgICAgLyogYXJndW1lbnRzIGFu ZCBwYXJhbWV0ZXJzICovCiAgICAgY2hhciAqY21kbGluZTsKICAgICB1aW50 MzJfdCBmX3JlcXVlc3RlZFtYRU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTgw LDYgKzE4MywyMyBAQCB2b2lkIHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0 IHhjX2RvbV9pbWFnZSAqZG9tKTsKIHZvaWQgeGNfZG9tX3JlbGVhc2Uoc3Ry dWN0IHhjX2RvbV9pbWFnZSAqZG9tKTsKIGludCB4Y19kb21fbWVtX2luaXQo c3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCB1bnNpZ25lZCBpbnQgbWVtX21i KTsKIAorLyogU2V0IHRoaXMgbGFyZ2VyIGlmIHlvdSBoYXZlIGVub3Jtb3Vz IHJhbWRpc2tzL2tlcm5lbHMuIE5vdGUgdGhhdAorICogeW91IHNob3VsZCB0 cnVzdCBhbGwga2VybmVscyBub3QgdG8gYmUgbWFsaWNpb3VzbHkgbGFyZ2Ug KGUuZy4gdG8KKyAqIGV4aGF1c3QgYWxsIGRvbTAgbWVtb3J5KSBpZiB5b3Ug ZG8gdGhpcyAoc2VlIENWRS0yMDEyLTQ1NDQgLworICogWFNBLTI1KS4gWW91 IGNhbiBhbHNvIHNldCB0aGUgZGVmYXVsdCBpbmRlcGVuZGVudGx5IGZvcgor ICogcmFtZGlza3Mva2VybmVscyBpbiB4Y19kb21fYWxsb2NhdGUoKSBvciBj YWxsCisgKiB4Y19kb21fe2tlcm5lbCxyYW1kaXNrfV9tYXhfc2l6ZS4KKyAq LworI2lmbmRlZiBYQ19ET01fREVDT01QUkVTU19NQVgKKyNkZWZpbmUgWENf RE9NX0RFQ09NUFJFU1NfTUFYICgxMDI0KjEwMjQqMTAyNCkgLyogMUdCICov CisjZW5kaWYKKworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1 Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeik7CitpbnQgeGNfZG9t X2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNp emVfdCBzeik7CisKK2ludCB4Y19kb21fcmFtZGlza19jaGVja19zaXplKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KTsKK2ludCB4Y19k b21fcmFtZGlza19tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20s IHNpemVfdCBzeik7CisKIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwKICAgICAgICAgICAgICAgICAgICAgIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pOwogaW50IHhjX2RvbV9kb19ndW56aXAoeGNf aW50ZXJmYWNlICp4Y2gsCkBAIC0yNDAsNyArMjYwLDggQEAgdm9pZCB4Y19k b21fbG9nX21lbW9yeV9mb290cHJpbnQoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFn ZSAqZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBz aXplKTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAg Y29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAg ICAgICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBz aXplX3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNv bnN0IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAog LyogLS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtLWdpdCBhL3Rvb2xz L2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVyLmMgYi90b29scy9saWJ4Yy94 Y19kb21fYnppbWFnZWxvYWRlci5jCmluZGV4IDExM2Q0MGYuLmIxYjJlYjAg MTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9hZGVy LmMKKysrIGIvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwpA QCAtNDcsMTMgKzQ3LDE5IEBAIHN0YXRpYyBpbnQgeGNfdHJ5X2J6aXAyX2Rl Y29kZSgKICAgICBjaGFyICpvdXRfYnVmOwogICAgIGNoYXIgKnRtcF9idWY7 CiAgICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAg IHVuc2lnbmVkIGludCBvdXRzaXplOwogICAgIHVpbnQ2NF90IHRvdGFsOwog CiAgICAgc3RyZWFtLmJ6YWxsb2MgPSBOVUxMOwogICAgIHN0cmVhbS5iemZy ZWUgPSBOVUxMOwogICAgIHN0cmVhbS5vcGFxdWUgPSBOVUxMOwogCisgICAg aWYgKCBkb20tPmtlcm5lbF9zaXplID09IDApCisgICAgeworICAgICAgICBE T01QUklOVEYoIkJaSVAyOiBJbnB1dCBpcyAwIHNpemUiKTsKKyAgICAgICAg cmV0dXJuIC0xOworICAgIH0KKwogICAgIHJldCA9IEJaMl9iekRlY29tcHJl c3NJbml0KCZzdHJlYW0sIDAsIDApOwogICAgIGlmICggcmV0ICE9IEJaX09L ICkKICAgICB7CkBAIC02Niw2ICs3MiwxNyBAQCBzdGF0aWMgaW50IHhjX3Ry eV9iemlwMl9kZWNvZGUoCiAgICAgICogdGhlIGlucHV0IGJ1ZmZlciB0byBz dGFydCwgYW5kIHdlJ2xsIHJlYWxsb2MgYXMgbmVlZGVkLgogICAgICAqLwog ICAgIG91dHNpemUgPSBkb20tPmtlcm5lbF9zaXplOworCisgICAgLyoKKyAg ICAgKiBzdHJlYW0uYXZhaWxfaW4gYW5kIG91dHNpemUgYXJlIHVuc2lnbmVk IGludCwgd2hpbGUga2VybmVsX3NpemUKKyAgICAgKiBpcyBhIHNpemVfdC4g Q2hlY2sgd2UgYXJlbid0IG92ZXJmbG93aW5nLgorICAgICAqLworICAgIGlm ICggb3V0c2l6ZSAhPSBkb20tPmtlcm5lbF9zaXplICkKKyAgICB7CisgICAg ICAgIERPTVBSSU5URigiQlpJUDI6IElucHV0IHRvbyBsYXJnZSIpOworICAg ICAgICBnb3RvIGJ6aXAyX2NsZWFudXA7CisgICAgfQorCiAgICAgb3V0X2J1 ZiA9IG1hbGxvYyhvdXRzaXplKTsKICAgICBpZiAoIG91dF9idWYgPT0gTlVM TCApCiAgICAgewpAQCAtOTgsMTMgKzExNSwyMCBAQCBzdGF0aWMgaW50IHhj X3RyeV9iemlwMl9kZWNvZGUoCiAgICAgICAgIGlmICggc3RyZWFtLmF2YWls X291dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVj dCBhZ2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAg ICAgIGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IFVJTlRfTUFYIC8gMiApCiAgICAgICAgICAgICB7 CiAgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IGJ1 ZmZlciBvdmVyZmxvdyIpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOwogICAg ICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAoIHhjX2RvbV9rZXJuZWxf Y2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSApCisgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogb3V0cHV0IHRv byBsYXJnZSIpOworICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1Zik7Cisg ICAgICAgICAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAgICAgICAg ICAgfQorCiAgICAgICAgICAgICB0bXBfYnVmID0gcmVhbGxvYyhvdXRfYnVm LCBvdXRzaXplICogMik7CiAgICAgICAgICAgICBpZiAoIHRtcF9idWYgPT0g TlVMTCApCiAgICAgICAgICAgICB7CkBAIC0xNzIsOSArMTk2LDE1IEBAIHN0 YXRpYyBpbnQgX3hjX3RyeV9sem1hX2RlY29kZSgKICAgICB1bnNpZ25lZCBj aGFyICpvdXRfYnVmOwogICAgIHVuc2lnbmVkIGNoYXIgKnRtcF9idWY7CiAg ICAgaW50IHJldHZhbCA9IC0xOwotICAgIGludCBvdXRzaXplOworICAgIHNp emVfdCBvdXRzaXplOwogICAgIGNvbnN0IGNoYXIgKm1zZzsKIAorICAgIGlm ICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQorICAgIHsKKyAgICAgICAgRE9N UFJJTlRGKCIlczogSW5wdXQgaXMgMCBzaXplIiwgd2hhdCk7CisgICAgICAg IHJldHVybiAtMTsKKyAgICB9CisKICAgICAvKiBzaWdoLiAgV2UgZG9uJ3Qg a25vdyB1cC1mcm9udCBob3cgbXVjaCBtZW1vcnkgd2UgYXJlIGdvaW5nIHRv IG5lZWQKICAgICAgKiBmb3IgdGhlIG91dHB1dCBidWZmZXIuICBBbGxvY2F0 ZSB0aGUgb3V0cHV0IGJ1ZmZlciB0byBiZSBlcXVhbAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KQEAgLTI0NCwxMyArMjc0LDIwIEBAIHN0YXRpYyBpbnQgX3hjX3Ry eV9sem1hX2RlY29kZSgKICAgICAgICAgaWYgKCBzdHJlYW0tPmF2YWlsX291 dCA9PSAwICkKICAgICAgICAgewogICAgICAgICAgICAgLyogUHJvdGVjdCBh Z2FpbnN0IG91dHB1dCBidWZmZXIgb3ZlcmZsb3cgKi8KLSAgICAgICAgICAg IGlmICggb3V0c2l6ZSA+IElOVF9NQVggLyAyICkKKyAgICAgICAgICAgIGlm ICggb3V0c2l6ZSA+IFNJWkVfTUFYIC8gMiApCiAgICAgICAgICAgICB7CiAg ICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIlczogb3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyIsIHdoYXQpOwogICAgICAgICAgICAgICAgIGZyZWUob3V0X2J1 Zik7CiAgICAgICAgICAgICAgICAgZ290byBsem1hX2NsZWFudXA7CiAgICAg ICAgICAgICB9CiAKKyAgICAgICAgICAgIGlmICggeGNfZG9tX2tlcm5lbF9j aGVja19zaXplKGRvbSwgb3V0c2l6ZSAqIDIpICkKKyAgICAgICAgICAgIHsK KyAgICAgICAgICAgICAgICBET01QUklOVEYoIiVzOiBvdXRwdXQgdG9vIGxh cmdlIiwgd2hhdCk7CisgICAgICAgICAgICAgICAgZnJlZShvdXRfYnVmKTsK KyAgICAgICAgICAgICAgICBnb3RvIGx6bWFfY2xlYW51cDsKKyAgICAgICAg ICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9IHJlYWxsb2Mob3V0X2J1 Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAgaWYgKCB0bXBfYnVmID09 IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMzU5LDYgKzM5NiwxMiBAQCBz dGF0aWMgaW50IHhjX3RyeV9sem8xeF9kZWNvZGUoCiAgICAgICAgIDB4ODks IDB4NGMsIDB4NWEsIDB4NGYsIDB4MDAsIDB4MGQsIDB4MGEsIDB4MWEsIDB4 MGEKICAgICB9OwogCisgICAgLyoKKyAgICAgKiBsem9fdWludCBzaG91bGQg bWF0Y2ggc2l6ZV90LiBDaGVjayB0aGF0IHRoaXMgaXMgdGhlIGNhc2UgdG8g YmUKKyAgICAgKiBzdXJlIHdlIHdvbid0IG92ZXJmbG93IHZhcmlvdXMgbHpv X3VpbnQgZmllbGRzLgorICAgICAqLworICAgIFhDX0JVSUxEX0JVR19PTihz aXplb2YobHpvX3VpbnQpICE9IHNpemVvZihzaXplX3QpKTsKKwogICAgIHJl dCA9IGx6b19pbml0KCk7CiAgICAgaWYgKCByZXQgIT0gTFpPX0VfT0sgKQog ICAgIHsKQEAgLTQzOCw2ICs0ODEsMTQgQEAgc3RhdGljIGludCB4Y190cnlf bHpvMXhfZGVjb2RlKAogICAgICAgICBpZiAoIHNyY19sZW4gPD0gMCB8fCBz cmNfbGVuID4gZHN0X2xlbiB8fCBzcmNfbGVuID4gbGVmdCApCiAgICAgICAg ICAgICBicmVhazsKIAorICAgICAgICBtc2cgPSAiT3V0cHV0IGJ1ZmZlciBv dmVyZmxvdyI7CisgICAgICAgIGlmICggKnNpemUgPiBTSVpFX01BWCAtIGRz dF9sZW4gKQorICAgICAgICAgICAgYnJlYWs7CisKKyAgICAgICAgbXNnID0g IkRlY29tcHJlc3NlZCBpbWFnZSB0b28gbGFyZ2UiOworICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sICpzaXplICsgZHN0X2xl bikgKQorICAgICAgICAgICAgYnJlYWs7CisKICAgICAgICAgbXNnID0gIkZh aWxlZCB0byAocmUpYWxsb2MgbWVtb3J5IjsKICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1ZiwgKnNpemUgKyBkc3RfbGVuKTsKICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQpkaWZmIC0tZ2l0IGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYyBiL3Rvb2xzL2xpYnhjL3hjX2RvbV9jb3JlLmMK aW5kZXggZmVhOWRlNS4uMmEwMWQ3YyAxMDA2NDQKLS0tIGEvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYworKysgYi90b29scy9saWJ4Yy94Y19kb21fY29y ZS5jCkBAIC0xNTksNyArMTU5LDggQEAgdm9pZCAqeGNfZG9tX21hbGxvY19w YWdlX2FsaWduZWQoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c2l6ZSkKIH0KIAogdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwKLSAgICAgICAgICAgICAgICAgICAgICAg ICAgICBjb25zdCBjaGFyICpmaWxlbmFtZSwgc2l6ZV90ICogc2l6ZSkKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFyICpmaWxlbmFt ZSwgc2l6ZV90ICogc2l6ZSwKKyAgICAgICAgICAgICAgICAgICAgICAgICAg ICBjb25zdCBzaXplX3QgbWF4X3NpemUpCiB7CiAgICAgc3RydWN0IHhjX2Rv bV9tZW0gKmJsb2NrID0gTlVMTDsKICAgICBpbnQgZmQgPSAtMTsKQEAgLTE3 MSw2ICsxNzIsMTMgQEAgdm9pZCAqeGNfZG9tX21hbGxvY19maWxlbWFwKHN0 cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwKICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIGNvbnN0IGNoYXIgKnN0cikKIH0K IAogLyogLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tICovCisvKiBkZWNv bXByZXNzaW9uIGJ1ZmZlciBzaXppbmcgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKi8KK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opCit7CisgICAgLyogTm8gbGltaXQgKi8KKyAgICBpZiAoICFkb20tPm1h eF9rZXJuZWxfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAgaWYg KCBzeiA+IGRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICB7CisgICAgICAg IHhjX2RvbV9wYW5pYyhkb20tPnhjaCwgWENfSU5WQUxJRF9LRVJORUwsCisg ICAgICAgICAgICAgICAgICAgICAia2VybmVsIGltYWdlIHRvbyBsYXJnZSIp OworICAgICAgICByZXR1cm4gMTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsK K30KKworaW50IHhjX2RvbV9yYW1kaXNrX2NoZWNrX3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opCit7CisgICAgLyogTm8gbGlt aXQgKi8KKyAgICBpZiAoICFkb20tPm1heF9yYW1kaXNrX3NpemUgKQorICAg ICAgICByZXR1cm4gMDsKKworICAgIGlmICggc3ogPiBkb20tPm1heF9yYW1k aXNrX3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+ eGNoLCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAg ICJyYW1kaXNrIGltYWdlIHRvbyBsYXJnZSIpOworICAgICAgICByZXR1cm4g MTsKKyAgICB9CisKKyAgICByZXR1cm4gMDsKK30KKworLyogLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tICovCiAvKiByZWFkIGZpbGVzLCBjb3B5IG1l bW9yeSBibG9ja3MsIHdpdGggdHJhbnNwYXJlbnQgZ3VuemlwICAgICAgICAg ICAgICAgICAgKi8KIAogc2l6ZV90IHhjX2RvbV9jaGVja19nemlwKHhjX2lu dGVyZmFjZSAqeGNoLCB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKQpAQCAt MjM1LDcgKzI3Nyw3IEBAIHNpemVfdCB4Y19kb21fY2hlY2tfZ3ppcCh4Y19p bnRlcmZhY2UgKnhjaCwgdm9pZCAqYmxvYiwgc2l6ZV90IHppcGxlbikKIAog ICAgIGd6bGVuID0gYmxvYiArIHppcGxlbiAtIDQ7CiAgICAgdW56aXBsZW4g PSBnemxlblszXSA8PCAyNCB8IGd6bGVuWzJdIDw8IDE2IHwgZ3psZW5bMV0g PDwgOCB8IGd6bGVuWzBdOwotICAgIGlmICggKHVuemlwbGVuIDwgMCkgfHwg KHVuemlwbGVuID4gKDEwMjQqMTAyNCoxMDI0KSkgKSAvKiAxR0IgbGltaXQg Ki8KKyAgICBpZiAoICh1bnppcGxlbiA8IDApIHx8ICh1bnppcGxlbiA+IFhD X0RPTV9ERUNPTVBSRVNTX01BWCkgKQogICAgIHsKICAgICAgICAgeGNfZG9t X3ByaW50ZgogICAgICAgICAgICAgKHhjaCwKQEAgLTI4OCw2ICszMzAsOSBA QCBpbnQgeGNfZG9tX3RyeV9ndW56aXAoc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCB2b2lkICoqYmxvYiwgc2l6ZV90ICogc2l6ZSkKICAgICBpZiAoIHVu emlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlmICgg eGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkKKyAg ICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxsb2Mo ZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkKICAg ICAgICAgcmV0dXJuIC0xOwpAQCAtNTg4LDYgKzYzMyw5IEBAIHN0cnVjdCB4 Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y19pbnRlcmZhY2UgKnhj aCwKICAgICBtZW1zZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRv bS0+eGNoID0geGNoOwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBY Q19ET01fREVDT01QUkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19z aXplID0gWENfRE9NX0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRs aW5lICkKICAgICAgICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChk b20sIGNtZGxpbmUpOwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjA4LDEw ICs2NTYsMjUgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9j YXRlKHhjX2ludGVyZmFjZSAqeGNoLAogICAgIHJldHVybiBOVUxMOwogfQog CitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6ZShzdHJ1Y3QgeGNfZG9tX2lt YWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICBET01QUklOVEYoIiVzOiBr ZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7CisgICAg ZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsKKyAgICByZXR1cm4gMDsKK30K KworaW50IHhjX2RvbV9yYW1kaXNrX21heF9zaXplKHN0cnVjdCB4Y19kb21f aW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQoreworICAgIERPTVBSSU5URigiJXM6 IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19GVU5DVElPTl9fLCBzeik7Cisg ICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gc3o7CisgICAgcmV0dXJuIDA7 Cit9CisKIGludCB4Y19kb21fa2VybmVsX2ZpbGUoc3RydWN0IHhjX2RvbV9p bWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxlbmFtZSkKIHsKICAgICBET01Q UklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZp bGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxv Y19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplKTsK KyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNfZG9tX21hbGxvY19maWxlbWFw KGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5lbF9zaXplLAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9tLT5tYXhf a2VybmVsX3NpemUpOwogICAgIGlmICggZG9tLT5rZXJuZWxfYmxvYiA9PSBO VUxMICkKICAgICAgICAgcmV0dXJuIC0xOwogICAgIHJldHVybiB4Y19kb21f dHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5lbF9ibG9iLCAmZG9tLT5rZXJu ZWxfc2l6ZSk7CkBAIC02MjEsNyArNjg0LDkgQEAgaW50IHhjX2RvbV9yYW1k aXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFy ICpmaWxlbmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1c IiVzXCIiLCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKICAgICBkb20tPnJh bWRpc2tfYmxvYiA9Ci0gICAgICAgIHhjX2RvbV9tYWxsb2NfZmlsZW1hcChk b20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUpOworICAgICAgICB4 Y19kb21fbWFsbG9jX2ZpbGVtYXAoZG9tLCBmaWxlbmFtZSwgJmRvbS0+cmFt ZGlza19zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9t LT5tYXhfcmFtZGlza19zaXplKTsKKwogICAgIGlmICggZG9tLT5yYW1kaXNr X2Jsb2IgPT0gTlVMTCApCiAgICAgICAgIHJldHVybiAtMTsKIC8vICAgIHJl dHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPnJhbWRpc2tfYmxv YiwgJmRvbS0+cmFtZGlza19zaXplKTsKQEAgLTc4MSw3ICs4NDYsMTEgQEAg aW50IHhjX2RvbV9idWlsZF9pbWFnZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpk b20pCiAgICAgICAgIHZvaWQgKnJhbWRpc2ttYXA7CiAKICAgICAgICAgdW56 aXBsZW4gPSB4Y19kb21fY2hlY2tfZ3ppcChkb20tPnhjaCwgZG9tLT5yYW1k aXNrX2Jsb2IsIGRvbS0+cmFtZGlza19zaXplKTsKKyAgICAgICAgaWYgKCB4 Y19kb21fcmFtZGlza19jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICE9IDAg KQorICAgICAgICAgICAgdW56aXBsZW4gPSAwOworCiAgICAgICAgIHJhbWRp c2tsZW4gPSB1bnppcGxlbiA/IHVuemlwbGVuIDogZG9tLT5yYW1kaXNrX3Np emU7CisKICAgICAgICAgaWYgKCB4Y19kb21fYWxsb2Nfc2VnbWVudChkb20s ICZkb20tPnJhbWRpc2tfc2VnLCAicmFtZGlzayIsIDAsCiAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgcmFtZGlza2xlbikgIT0gMCApCiAg ICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: application/octet-stream; name="xsa25-unstable.patch" Content-Disposition: attachment; filename="xsa25-unstable.patch" Content-Transfer-Encoding: base64 bGlieGM6IGJ1aWxkZXI6IGxpbWl0IG1heGltdW0gc2l6ZSBvZiBrZXJuZWwv cmFtZGlzay4KCkFsbG93aW5nIHVzZXIgc3VwcGxpZWQga2VybmVscyBvZiBh cmJpdHJhcnkgc2l6ZXMsIGVzcGVjaWFsbHkgZHVyaW5nCmRlY29tcHJlc3Np b24sIGNhbiBzd2FsbG93IHVwIGRvbTAgbWVtb3J5IGxlYWRpbmcgdG8gZWl0 aGVyIHZpcnR1YWwKYWRkcmVzcyBzcGFjZSBleGhhdXN0aW9uIGluIHRoZSBi dWlsZGVyIHByb2Nlc3Mgb3IgYWxsb2NhdGlvbgpmYWlsdXJlcy9PT00ga2ls bGluZyBvZiBib3RoIHRvb2xzdGFjayBhbmQgdW5yZWxhdGVkIHByb2Nlc3Nl cy4KCldlIGRpc2FibGUgdGhlc2UgY2hlY2tzIHdoZW4gYnVpbGRpbmcgaW4g YSBzdHViIGRvbWFpbiBmb3IgcHZncnViCnNpbmNlIHRoaXMgdXNlcyB0aGUg Z3Vlc3QncyBvd24gbWVtb3J5IGFuZCBpcyBpc29sYXRlZC4KCkRlY29tcHJl c3Npb24gb2YgZ3ppcCBjb21wcmVzc2VkIGtlcm5lbHMgYW5kIHJhbWRpc2tz IGhhcyBiZWVuIHNhZmUKc2luY2UgMTQ5NTQ6NTgyMDUyNTc1MTdkIChYZW4g My4xLjAgb253YXJkcykuCgpUaGlzIGlzIFhTQS0yNSAvIENWRS0yMDEyLTQ1 NDQuCgpBbHNvIG1ha2UgZXhwbGljaXQgY2hlY2tzIGZvciBidWZmZXIgb3Zl cmZsb3dzIGluIHZhcmlvdXMKZGVjb21wcmVzc2lvbiByb3V0aW5lcy4gVGhl c2Ugd2VyZSBhbHJlYWR5IHJ1bGVkIG91dCBkdWUgdG8gb3RoZXIKcHJvcGVy dGllcyBvZiB0aGUgY29kZSBidXQgY2hlY2sgdGhlbSBhcyBhIGJlbHQtYW5k LWJyYWNlcyBtZWFzdXJlLgoKU2lnbmVkLW9mZi1ieTogSWFuIENhbXBiZWxs IDxpYW4uY2FtcGJlbGxAY2l0cml4LmNvbT4KQWNrZWQtYnk6IElhbiBKYWNr c29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgoKZGlmZiAtciBiOWMx ZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHN0dWJkb20vZ3J1Yi9rZXhlYy5j Ci0tLSBhL3N0dWJkb20vZ3J1Yi9rZXhlYy5jCVdlZCBPY3QgMjQgMTU6NDk6 NDEgMjAxMiArMDEwMAorKysgYi9zdHViZG9tL2dydWIva2V4ZWMuYwlGcmkg T2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTEzNyw2ICsxMzcsMTAg QEAgdm9pZCBrZXhlYyh2b2lkICprZXJuZWwsIGxvbmcga2VybmVsX3Npegog ICAgIGRvbSA9IHhjX2RvbV9hbGxvY2F0ZSh4Y19oYW5kbGUsIGNtZGxpbmUs IGZlYXR1cmVzKTsKICAgICBkb20tPmFsbG9jYXRlID0ga2V4ZWNfYWxsb2Nh dGU7CiAKKyAgICAvKiBXZSBhcmUgdXNpbmcgZ3Vlc3Qgb3duZWQgbWVtb3J5 LCB0aGVyZWZvcmUgbm8gbGltaXRzLiAqLworICAgIHhjX2RvbV9rZXJuZWxf bWF4X3NpemUoZG9tLCAwKTsKKyAgICB4Y19kb21fcmFtZGlza19tYXhfc2l6 ZShkb20sIDApOworCiAgICAgZG9tLT5rZXJuZWxfYmxvYiA9IGtlcm5lbDsK ICAgICBkb20tPmtlcm5lbF9zaXplID0ga2VybmVsX3NpemU7CiAKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbS5oCi0tLSBhL3Rvb2xzL2xpYnhjL3hjX2RvbS5oCVdlZCBPY3QgMjQg MTU6NDk6NDEgMjAxMiArMDEwMAorKysgYi90b29scy9saWJ4Yy94Y19kb20u aAlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAxMDAKQEAgLTU1LDYgKzU1 LDkgQEAgc3RydWN0IHhjX2RvbV9pbWFnZSB7CiAgICAgdm9pZCAqcmFtZGlz a19ibG9iOwogICAgIHNpemVfdCByYW1kaXNrX3NpemU7CiAKKyAgICBzaXpl X3QgbWF4X2tlcm5lbF9zaXplOworICAgIHNpemVfdCBtYXhfcmFtZGlza19z aXplOworCiAgICAgLyogYXJndW1lbnRzIGFuZCBwYXJhbWV0ZXJzICovCiAg ICAgY2hhciAqY21kbGluZTsKICAgICB1aW50MzJfdCBmX3JlcXVlc3RlZFtY RU5GRUFUX05SX1NVQk1BUFNdOwpAQCAtMTk0LDYgKzE5NywyMyBAQCB2b2lk IHhjX2RvbV9yZWxlYXNlX3BoeXMoc3RydWN0IHhjX2RvbV9pCiB2b2lkIHhj X2RvbV9yZWxlYXNlKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSk7CiBpbnQg eGNfZG9tX21lbV9pbml0KHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgdW5z aWduZWQgaW50IG1lbV9tYik7CiAKKy8qIFNldCB0aGlzIGxhcmdlciBpZiB5 b3UgaGF2ZSBlbm9ybW91cyByYW1kaXNrcy9rZXJuZWxzLiBOb3RlIHRoYXQK KyAqIHlvdSBzaG91bGQgdHJ1c3QgYWxsIGtlcm5lbHMgbm90IHRvIGJlIG1h bGljaW91c2x5IGxhcmdlIChlLmcuIHRvCisgKiBleGhhdXN0IGFsbCBkb20w IG1lbW9yeSkgaWYgeW91IGRvIHRoaXMgKHNlZSBDVkUtMjAxMi00NTQ0IC8K KyAqIFhTQS0yNSkuIFlvdSBjYW4gYWxzbyBzZXQgdGhlIGRlZmF1bHQgaW5k ZXBlbmRlbnRseSBmb3IKKyAqIHJhbWRpc2tzL2tlcm5lbHMgaW4geGNfZG9t X2FsbG9jYXRlKCkgb3IgY2FsbAorICogeGNfZG9tX3trZXJuZWwscmFtZGlz a31fbWF4X3NpemUuCisgKi8KKyNpZm5kZWYgWENfRE9NX0RFQ09NUFJFU1Nf TUFYCisjZGVmaW5lIFhDX0RPTV9ERUNPTVBSRVNTX01BWCAoMTAyNCoxMDI0 KjEwMjQpIC8qIDFHQiAqLworI2VuZGlmCisKK2ludCB4Y19kb21fa2VybmVs X2NoZWNrX3NpemUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qg c3opOworaW50IHhjX2RvbV9rZXJuZWxfbWF4X3NpemUoc3RydWN0IHhjX2Rv bV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeik7CitpbnQgeGNfZG9tX3JhbWRpc2tfbWF4X3NpemUoc3RydWN0IHhj X2RvbV9pbWFnZSAqZG9tLCBzaXplX3Qgc3opOworCiBzaXplX3QgeGNfZG9t X2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsCiAgICAgICAgICAgICAg ICAgICAgICB2b2lkICpibG9iLCBzaXplX3QgemlwbGVuKTsKIGludCB4Y19k b21fZG9fZ3VuemlwKHhjX2ludGVyZmFjZSAqeGNoLApAQCAtMjU0LDcgKzI3 NCw4IEBAIHZvaWQgeGNfZG9tX2xvZ19tZW1vcnlfZm9vdHByaW50KHN0cnVj dCAKIHZvaWQgKnhjX2RvbV9tYWxsb2Moc3RydWN0IHhjX2RvbV9pbWFnZSAq ZG9tLCBzaXplX3Qgc2l6ZSk7CiB2b2lkICp4Y19kb21fbWFsbG9jX3BhZ2Vf YWxpZ25lZChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzaXpl KTsKIHZvaWQgKnhjX2RvbV9tYWxsb2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG9t X2ltYWdlICpkb20sCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgY29u c3QgY2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUpOworICAgICAgICAg ICAgICAgICAgICAgICAgICAgIGNvbnN0IGNoYXIgKmZpbGVuYW1lLCBzaXpl X3QgKiBzaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNvbnN0 IHNpemVfdCBtYXhfc2l6ZSk7CiBjaGFyICp4Y19kb21fc3RyZHVwKHN0cnVj dCB4Y19kb21faW1hZ2UgKmRvbSwgY29uc3QgY2hhciAqc3RyKTsKIAogLyog LS0tIGFsbG9jIG1lbW9yeSBwb29sIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8KZGlmZiAtciBiOWMxZTA4NmQ5Yjcg LXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hjX2RvbV9iemltYWdlbG9h ZGVyLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIu YwlXZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMv bGlieGMveGNfZG9tX2J6aW1hZ2Vsb2FkZXIuYwlGcmkgT2N0IDI2IDA5OjE5 OjIyIDIwMTIgKzAxMDAKQEAgLTQ3LDEzICs0NywxOSBAQCBzdGF0aWMgaW50 IHhjX3RyeV9iemlwMl9kZWNvZGUoCiAgICAgY2hhciAqb3V0X2J1ZjsKICAg ICBjaGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBp bnQgb3V0c2l6ZTsKKyAgICB1bnNpZ25lZCBpbnQgb3V0c2l6ZTsKICAgICB1 aW50NjRfdCB0b3RhbDsKIAogICAgIHN0cmVhbS5iemFsbG9jID0gTlVMTDsK ICAgICBzdHJlYW0uYnpmcmVlID0gTlVMTDsKICAgICBzdHJlYW0ub3BhcXVl ID0gTlVMTDsKIAorICAgIGlmICggZG9tLT5rZXJuZWxfc2l6ZSA9PSAwKQor ICAgIHsKKyAgICAgICAgRE9NUFJJTlRGKCJCWklQMjogSW5wdXQgaXMgMCBz aXplIik7CisgICAgICAgIHJldHVybiAtMTsKKyAgICB9CisKICAgICByZXQg PSBCWjJfYnpEZWNvbXByZXNzSW5pdCgmc3RyZWFtLCAwLCAwKTsKICAgICBp ZiAoIHJldCAhPSBCWl9PSyApCiAgICAgewpAQCAtNjYsNiArNzIsMTcgQEAg c3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAqIHRoZSBp bnB1dCBidWZmZXIgdG8gc3RhcnQsIGFuZCB3ZSdsbCByZWFsbG9jIGFzIG5l ZWRlZC4KICAgICAgKi8KICAgICBvdXRzaXplID0gZG9tLT5rZXJuZWxfc2l6 ZTsKKworICAgIC8qCisgICAgICogc3RyZWFtLmF2YWlsX2luIGFuZCBvdXRz aXplIGFyZSB1bnNpZ25lZCBpbnQsIHdoaWxlIGtlcm5lbF9zaXplCisgICAg ICogaXMgYSBzaXplX3QuIENoZWNrIHdlIGFyZW4ndCBvdmVyZmxvd2luZy4K KyAgICAgKi8KKyAgICBpZiAoIG91dHNpemUgIT0gZG9tLT5rZXJuZWxfc2l6 ZSApCisgICAgeworICAgICAgICBET01QUklOVEYoIkJaSVAyOiBJbnB1dCB0 b28gbGFyZ2UiKTsKKyAgICAgICAgZ290byBiemlwMl9jbGVhbnVwOworICAg IH0KKwogICAgIG91dF9idWYgPSBtYWxsb2Mob3V0c2l6ZSk7CiAgICAgaWYg KCBvdXRfYnVmID09IE5VTEwgKQogICAgIHsKQEAgLTk4LDEzICsxMTUsMjAg QEAgc3RhdGljIGludCB4Y190cnlfYnppcDJfZGVjb2RlKAogICAgICAgICBp ZiAoIHN0cmVhbS5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAg ICAgICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJm bG93ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8g MiApCisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBVSU5UX01BWCAvIDIg KQogICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciKTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gYnpp cDJfY2xlYW51cDsKICAgICAgICAgICAgIH0KIAorICAgICAgICAgICAgaWYg KCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9tLCBvdXRzaXplICogMikg KQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIERPTVBSSU5URigi QlpJUDI6IG91dHB1dCB0b28gbGFyZ2UiKTsKKyAgICAgICAgICAgICAgICBm cmVlKG91dF9idWYpOworICAgICAgICAgICAgICAgIGdvdG8gYnppcDJfY2xl YW51cDsKKyAgICAgICAgICAgIH0KKwogICAgICAgICAgICAgdG1wX2J1ZiA9 IHJlYWxsb2Mob3V0X2J1Ziwgb3V0c2l6ZSAqIDIpOwogICAgICAgICAgICAg aWYgKCB0bXBfYnVmID09IE5VTEwgKQogICAgICAgICAgICAgewpAQCAtMTcy LDkgKzE5NiwxNSBAQCBzdGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUo CiAgICAgdW5zaWduZWQgY2hhciAqb3V0X2J1ZjsKICAgICB1bnNpZ25lZCBj aGFyICp0bXBfYnVmOwogICAgIGludCByZXR2YWwgPSAtMTsKLSAgICBpbnQg b3V0c2l6ZTsKKyAgICBzaXplX3Qgb3V0c2l6ZTsKICAgICBjb25zdCBjaGFy ICptc2c7CiAKKyAgICBpZiAoIGRvbS0+a2VybmVsX3NpemUgPT0gMCkKKyAg ICB7CisgICAgICAgIERPTVBSSU5URigiJXM6IElucHV0IGlzIDAgc2l6ZSIs IHdoYXQpOworICAgICAgICByZXR1cm4gLTE7CisgICAgfQorCiAgICAgLyog c2lnaC4gIFdlIGRvbid0IGtub3cgdXAtZnJvbnQgaG93IG11Y2ggbWVtb3J5 IHdlIGFyZSBnb2luZyB0byBuZWVkCiAgICAgICogZm9yIHRoZSBvdXRwdXQg YnVmZmVyLiAgQWxsb2NhdGUgdGhlIG91dHB1dCBidWZmZXIgdG8gYmUgZXF1 YWwKICAgICAgKiB0aGUgaW5wdXQgYnVmZmVyIHRvIHN0YXJ0LCBhbmQgd2Un bGwgcmVhbGxvYyBhcyBuZWVkZWQuCkBAIC0yNDQsMTMgKzI3NCwyMCBAQCBz dGF0aWMgaW50IF94Y190cnlfbHptYV9kZWNvZGUoCiAgICAgICAgIGlmICgg c3RyZWFtLT5hdmFpbF9vdXQgPT0gMCApCiAgICAgICAgIHsKICAgICAgICAg ICAgIC8qIFByb3RlY3QgYWdhaW5zdCBvdXRwdXQgYnVmZmVyIG92ZXJmbG93 ICovCi0gICAgICAgICAgICBpZiAoIG91dHNpemUgPiBJTlRfTUFYIC8gMiAp CisgICAgICAgICAgICBpZiAoIG91dHNpemUgPiBTSVpFX01BWCAvIDIgKQog ICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIERPTVBSSU5URigiJXM6 IG91dHB1dCBidWZmZXIgb3ZlcmZsb3ciLCB3aGF0KTsKICAgICAgICAgICAg ICAgICBmcmVlKG91dF9idWYpOwogICAgICAgICAgICAgICAgIGdvdG8gbHpt YV9jbGVhbnVwOwogICAgICAgICAgICAgfQogCisgICAgICAgICAgICBpZiAo IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShkb20sIG91dHNpemUgKiAyKSAp CisgICAgICAgICAgICB7CisgICAgICAgICAgICAgICAgRE9NUFJJTlRGKCIl czogb3V0cHV0IHRvbyBsYXJnZSIsIHdoYXQpOworICAgICAgICAgICAgICAg IGZyZWUob3V0X2J1Zik7CisgICAgICAgICAgICAgICAgZ290byBsem1hX2Ns ZWFudXA7CisgICAgICAgICAgICB9CisKICAgICAgICAgICAgIHRtcF9idWYg PSByZWFsbG9jKG91dF9idWYsIG91dHNpemUgKiAyKTsKICAgICAgICAgICAg IGlmICggdG1wX2J1ZiA9PSBOVUxMICkKICAgICAgICAgICAgIHsKQEAgLTM1 OSw2ICszOTYsMTIgQEAgc3RhdGljIGludCB4Y190cnlfbHpvMXhfZGVjb2Rl KAogICAgICAgICAweDg5LCAweDRjLCAweDVhLCAweDRmLCAweDAwLCAweDBk LCAweDBhLCAweDFhLCAweDBhCiAgICAgfTsKIAorICAgIC8qCisgICAgICog bHpvX3VpbnQgc2hvdWxkIG1hdGNoIHNpemVfdC4gQ2hlY2sgdGhhdCB0aGlz IGlzIHRoZSBjYXNlIHRvIGJlCisgICAgICogc3VyZSB3ZSB3b24ndCBvdmVy ZmxvdyB2YXJpb3VzIGx6b191aW50IGZpZWxkcy4KKyAgICAgKi8KKyAgICBY Q19CVUlMRF9CVUdfT04oc2l6ZW9mKGx6b191aW50KSAhPSBzaXplb2Yoc2l6 ZV90KSk7CisKICAgICByZXQgPSBsem9faW5pdCgpOwogICAgIGlmICggcmV0 ICE9IExaT19FX09LICkKICAgICB7CkBAIC00MzgsNiArNDgxLDE0IEBAIHN0 YXRpYyBpbnQgeGNfdHJ5X2x6bzF4X2RlY29kZSgKICAgICAgICAgaWYgKCBz cmNfbGVuIDw9IDAgfHwgc3JjX2xlbiA+IGRzdF9sZW4gfHwgc3JjX2xlbiA+ IGxlZnQgKQogICAgICAgICAgICAgYnJlYWs7CiAKKyAgICAgICAgbXNnID0g Ik91dHB1dCBidWZmZXIgb3ZlcmZsb3ciOworICAgICAgICBpZiAoICpzaXpl ID4gU0laRV9NQVggLSBkc3RfbGVuICkKKyAgICAgICAgICAgIGJyZWFrOwor CisgICAgICAgIG1zZyA9ICJEZWNvbXByZXNzZWQgaW1hZ2UgdG9vIGxhcmdl IjsKKyAgICAgICAgaWYgKCB4Y19kb21fa2VybmVsX2NoZWNrX3NpemUoZG9t LCAqc2l6ZSArIGRzdF9sZW4pICkKKyAgICAgICAgICAgIGJyZWFrOworCiAg ICAgICAgIG1zZyA9ICJGYWlsZWQgdG8gKHJlKWFsbG9jIG1lbW9yeSI7CiAg ICAgICAgIHRtcF9idWYgPSByZWFsbG9jKG91dF9idWYsICpzaXplICsgZHN0 X2xlbik7CiAgICAgICAgIGlmICggdG1wX2J1ZiA9PSBOVUxMICkKZGlmZiAt ciBiOWMxZTA4NmQ5YjcgLXIgODIzNDM1ODlhNzExIHRvb2xzL2xpYnhjL3hj X2RvbV9jb3JlLmMKLS0tIGEvdG9vbHMvbGlieGMveGNfZG9tX2NvcmUuYwlX ZWQgT2N0IDI0IDE1OjQ5OjQxIDIwMTIgKzAxMDAKKysrIGIvdG9vbHMvbGli eGMveGNfZG9tX2NvcmUuYwlGcmkgT2N0IDI2IDA5OjE5OjIyIDIwMTIgKzAx MDAKQEAgLTE1OSw3ICsxNTksOCBAQCB2b2lkICp4Y19kb21fbWFsbG9jX3Bh Z2VfYWxpZ25lZChzdHJ1Y3QgCiB9CiAKIHZvaWQgKnhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sCi0gICAgICAgICAg ICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciAqZmlsZW5hbWUsIHNpemVf dCAqIHNpemUpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29uc3Qg Y2hhciAqZmlsZW5hbWUsIHNpemVfdCAqIHNpemUsCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgY29uc3Qgc2l6ZV90IG1heF9zaXplKQogewogICAg IHN0cnVjdCB4Y19kb21fbWVtICpibG9jayA9IE5VTEw7CiAgICAgaW50IGZk ID0gLTE7CkBAIC0xNzEsNiArMTcyLDEzIEBAIHZvaWQgKnhjX2RvbV9tYWxs b2NfZmlsZW1hcChzdHJ1Y3QgeGNfZG8KICAgICBsc2VlayhmZCwgMCwgU0VF S19TRVQpOwogICAgICpzaXplID0gbHNlZWsoZmQsIDAsIFNFRUtfRU5EKTsK IAorICAgIGlmICggbWF4X3NpemUgJiYgKnNpemUgPiBtYXhfc2l6ZSApCisg ICAgeworICAgICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX09VVF9P Rl9NRU1PUlksCisgICAgICAgICAgICAgICAgICAgICAidHJpZWQgdG8gbWFw IGZpbGUgd2hpY2ggaXMgdG9vIGxhcmdlIik7CisgICAgICAgIGdvdG8gZXJy OworICAgIH0KKwogICAgIGJsb2NrID0gbWFsbG9jKHNpemVvZigqYmxvY2sp KTsKICAgICBpZiAoIGJsb2NrID09IE5VTEwgKQogICAgICAgICBnb3RvIGVy cjsKQEAgLTIyMiw2ICsyMzAsNDAgQEAgY2hhciAqeGNfZG9tX3N0cmR1cChz dHJ1Y3QgeGNfZG9tX2ltYWdlIAogfQogCiAvKiAtLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0gKi8KKy8qIGRlY29tcHJlc3Npb24gYnVmZmVyIHNpemlu ZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAqLworaW50IHhjX2RvbV9rZXJuZWxfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNf ZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAgICAvKiBObyBsaW1p dCAqLworICAgIGlmICggIWRvbS0+bWF4X2tlcm5lbF9zaXplICkKKyAgICAg ICAgcmV0dXJuIDA7CisKKyAgICBpZiAoIHN6ID4gZG9tLT5tYXhfa2VybmVs X3NpemUgKQorICAgIHsKKyAgICAgICAgeGNfZG9tX3BhbmljKGRvbS0+eGNo LCBYQ19JTlZBTElEX0tFUk5FTCwKKyAgICAgICAgICAgICAgICAgICAgICJr ZXJuZWwgaW1hZ2UgdG9vIGxhcmdlIik7CisgICAgICAgIHJldHVybiAxOwor ICAgIH0KKworICAgIHJldHVybiAwOworfQorCitpbnQgeGNfZG9tX3JhbWRp c2tfY2hlY2tfc2l6ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVf dCBzeikKK3sKKyAgICAvKiBObyBsaW1pdCAqLworICAgIGlmICggIWRvbS0+ bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgICAgIHJldHVybiAwOworCisgICAg aWYgKCBzeiA+IGRvbS0+bWF4X3JhbWRpc2tfc2l6ZSApCisgICAgeworICAg ICAgICB4Y19kb21fcGFuaWMoZG9tLT54Y2gsIFhDX0lOVkFMSURfS0VSTkVM LAorICAgICAgICAgICAgICAgICAgICAgInJhbWRpc2sgaW1hZ2UgdG9vIGxh cmdlIik7CisgICAgICAgIHJldHVybiAxOworICAgIH0KKworICAgIHJldHVy biAwOworfQorCisvKiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gKi8K IC8qIHJlYWQgZmlsZXMsIGNvcHkgbWVtb3J5IGJsb2Nrcywgd2l0aCB0cmFu c3BhcmVudCBndW56aXAgICAgICAgICAgICAgICAgICAqLwogCiBzaXplX3Qg eGNfZG9tX2NoZWNrX2d6aXAoeGNfaW50ZXJmYWNlICp4Y2gsIHZvaWQgKmJs b2IsIHNpemVfdCB6aXBsZW4pCkBAIC0yMzUsNyArMjc3LDcgQEAgc2l6ZV90 IHhjX2RvbV9jaGVja19nemlwKHhjX2ludGVyZmFjZSAqeAogCiAgICAgZ3ps ZW4gPSBibG9iICsgemlwbGVuIC0gNDsKICAgICB1bnppcGxlbiA9IGd6bGVu WzNdIDw8IDI0IHwgZ3psZW5bMl0gPDwgMTYgfCBnemxlblsxXSA8PCA4IHwg Z3psZW5bMF07Ci0gICAgaWYgKCAodW56aXBsZW4gPCAwKSB8fCAodW56aXBs ZW4gPiAoMTAyNCoxMDI0KjEwMjQpKSApIC8qIDFHQiBsaW1pdCAqLworICAg IGlmICggKHVuemlwbGVuIDwgMCkgfHwgKHVuemlwbGVuID4gWENfRE9NX0RF Q09NUFJFU1NfTUFYKSApCiAgICAgewogICAgICAgICB4Y19kb21fcHJpbnRm CiAgICAgICAgICAgICAoeGNoLApAQCAtMjg4LDYgKzMzMCw5IEBAIGludCB4 Y19kb21fdHJ5X2d1bnppcChzdHJ1Y3QgeGNfZG9tX2ltYWcKICAgICBpZiAo IHVuemlwbGVuID09IDAgKQogICAgICAgICByZXR1cm4gMDsKIAorICAgIGlm ICggeGNfZG9tX2tlcm5lbF9jaGVja19zaXplKGRvbSwgdW56aXBsZW4pICkK KyAgICAgICAgcmV0dXJuIDA7CisKICAgICB1bnppcCA9IHhjX2RvbV9tYWxs b2MoZG9tLCB1bnppcGxlbik7CiAgICAgaWYgKCB1bnppcCA9PSBOVUxMICkK ICAgICAgICAgcmV0dXJuIC0xOwpAQCAtNTkwLDYgKzYzNSw5IEBAIHN0cnVj dCB4Y19kb21faW1hZ2UgKnhjX2RvbV9hbGxvY2F0ZSh4Y18KICAgICBtZW1z ZXQoZG9tLCAwLCBzaXplb2YoKmRvbSkpOwogICAgIGRvbS0+eGNoID0geGNo OwogCisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBYQ19ET01fREVDT01Q UkVTU19NQVg7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0gWENfRE9N X0RFQ09NUFJFU1NfTUFYOworCiAgICAgaWYgKCBjbWRsaW5lICkKICAgICAg ICAgZG9tLT5jbWRsaW5lID0geGNfZG9tX3N0cmR1cChkb20sIGNtZGxpbmUp OwogICAgIGlmICggZmVhdHVyZXMgKQpAQCAtNjEwLDEwICs2NTgsMjUgQEAg c3RydWN0IHhjX2RvbV9pbWFnZSAqeGNfZG9tX2FsbG9jYXRlKHhjXwogICAg IHJldHVybiBOVUxMOwogfQogCitpbnQgeGNfZG9tX2tlcm5lbF9tYXhfc2l6 ZShzdHJ1Y3QgeGNfZG9tX2ltYWdlICpkb20sIHNpemVfdCBzeikKK3sKKyAg ICBET01QUklOVEYoIiVzOiBrZXJuZWxfbWF4X3NpemU9JXp4IiwgX19GVU5D VElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfa2VybmVsX3NpemUgPSBzejsK KyAgICByZXR1cm4gMDsKK30KKworaW50IHhjX2RvbV9yYW1kaXNrX21heF9z aXplKHN0cnVjdCB4Y19kb21faW1hZ2UgKmRvbSwgc2l6ZV90IHN6KQorewor ICAgIERPTVBSSU5URigiJXM6IHJhbWRpc2tfbWF4X3NpemU9JXp4IiwgX19G VU5DVElPTl9fLCBzeik7CisgICAgZG9tLT5tYXhfcmFtZGlza19zaXplID0g c3o7CisgICAgcmV0dXJuIDA7Cit9CisKIGludCB4Y19kb21fa2VybmVsX2Zp bGUoc3RydWN0IHhjX2RvbV9pbWFnZSAqZG9tLCBjb25zdCBjaGFyICpmaWxl bmFtZSkKIHsKICAgICBET01QUklOVEYoIiVzOiBmaWxlbmFtZT1cIiVzXCIi LCBfX0ZVTkNUSU9OX18sIGZpbGVuYW1lKTsKLSAgICBkb20tPmtlcm5lbF9i bG9iID0geGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZk b20tPmtlcm5lbF9zaXplKTsKKyAgICBkb20tPmtlcm5lbF9ibG9iID0geGNf ZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUsICZkb20tPmtlcm5l bF9zaXplLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZG9tLT5tYXhfa2VybmVsX3NpemUpOwogICAgIGlmICggZG9t LT5rZXJuZWxfYmxvYiA9PSBOVUxMICkKICAgICAgICAgcmV0dXJuIC0xOwog ICAgIHJldHVybiB4Y19kb21fdHJ5X2d1bnppcChkb20sICZkb20tPmtlcm5l bF9ibG9iLCAmZG9tLT5rZXJuZWxfc2l6ZSk7CkBAIC02MjMsNyArNjg2LDkg QEAgaW50IHhjX2RvbV9yYW1kaXNrX2ZpbGUoc3RydWN0IHhjX2RvbV9pbQog ewogICAgIERPTVBSSU5URigiJXM6IGZpbGVuYW1lPVwiJXNcIiIsIF9fRlVO Q1RJT05fXywgZmlsZW5hbWUpOwogICAgIGRvbS0+cmFtZGlza19ibG9iID0K LSAgICAgICAgeGNfZG9tX21hbGxvY19maWxlbWFwKGRvbSwgZmlsZW5hbWUs ICZkb20tPnJhbWRpc2tfc2l6ZSk7CisgICAgICAgIHhjX2RvbV9tYWxsb2Nf ZmlsZW1hcChkb20sIGZpbGVuYW1lLCAmZG9tLT5yYW1kaXNrX3NpemUsCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkb20tPm1heF9yYW1kaXNr X3NpemUpOworCiAgICAgaWYgKCBkb20tPnJhbWRpc2tfYmxvYiA9PSBOVUxM ICkKICAgICAgICAgcmV0dXJuIC0xOwogLy8gICAgcmV0dXJuIHhjX2RvbV90 cnlfZ3VuemlwKGRvbSwgJmRvbS0+cmFtZGlza19ibG9iLCAmZG9tLT5yYW1k aXNrX3NpemUpOwpAQCAtNzgzLDcgKzg0OCwxMSBAQCBpbnQgeGNfZG9tX2J1 aWxkX2ltYWdlKHN0cnVjdCB4Y19kb21faW1hCiAgICAgICAgIHZvaWQgKnJh bWRpc2ttYXA7CiAKICAgICAgICAgdW56aXBsZW4gPSB4Y19kb21fY2hlY2tf Z3ppcChkb20tPnhjaCwgZG9tLT5yYW1kaXNrX2Jsb2IsIGRvbS0+cmFtZGlz a19zaXplKTsKKyAgICAgICAgaWYgKCB4Y19kb21fcmFtZGlza19jaGVja19z aXplKGRvbSwgdW56aXBsZW4pICE9IDAgKQorICAgICAgICAgICAgdW56aXBs ZW4gPSAwOworCiAgICAgICAgIHJhbWRpc2tsZW4gPSB1bnppcGxlbiA/IHVu emlwbGVuIDogZG9tLT5yYW1kaXNrX3NpemU7CisKICAgICAgICAgaWYgKCB4 Y19kb21fYWxsb2Nfc2VnbWVudChkb20sICZkb20tPnJhbWRpc2tfc2VnLCAi cmFtZGlzayIsIDAsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgcmFtZGlza2xlbikgIT0gMCApCiAgICAgICAgICAgICBnb3RvIGVycjsK --=separator Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-announce mailing list Xen-announce@lists.xen.org http://lists.xen.org/xen-announce --=separator--