Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 22058 invoked from network); 23 Jun 2005 14:02:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 23 Jun 2005 14:02:11 -0000 Received: (qmail 26173 invoked by uid 500); 23 Jun 2005 14:02:05 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 26151 invoked by uid 500); 23 Jun 2005 14:02:05 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 26132 invoked by uid 99); 23 Jun 2005 14:02:05 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jun 2005 07:02:05 -0700 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=FORGED_RCVD_HELO X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [207.155.248.14] (HELO marlborough.cnchost.com) (207.155.248.14) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jun 2005 07:02:01 -0700 Received: from rcsv650.rowe-clan.net (c-24-13-128-132.hsd1.il.comcast.net [24.13.128.132]) by marlborough.cnchost.com id KAA22095; Thu, 23 Jun 2005 10:01:57 -0400 (EDT) [ConcentricHost SMTP Relay 1.17] Errors-To: Message-Id: <6.2.1.2.2.20050623084741.097d6410@pop3.rowe-clan.net> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Thu, 23 Jun 2005 08:53:13 -0500 To: dev@httpd.apache.org From: "William A. Rowe, Jr." Subject: Rev 2: [PATCH] 1.3 TraceEnable [on|off|extended] Cc: dev@httpd.apache.org In-Reply-To: <6.2.1.2.2.20050623012409.09b2a740@pop3.rowe-clan.net> References: <6.2.1.2.2.20050623012409.09b2a740@pop3.rowe-clan.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=====================_335374312==_" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --=====================_335374312==_ Content-Type: text/plain; charset="us-ascii" The patch, in final form, tested and works for T-E with C-L > body, T-E with C-L < body, C-L only, T-E only and no body. It correctly denies proxy TRACE with a body by default, and will deny all TRACE requests for 'TraceEnable off'. Votes please, before I invest in patching 2.x? A related message r.e. 2.x to follow. Bill At 01:30 AM 6/23/2005, William A. Rowe, Jr. wrote: >The attached patch resolved the issue I noted below, >10.4.6 405 Method Not Allowed requires an Allow header >(I would presume, even if empty, based on #() grammar), >while 10.5.2 501 Not Implemented states; > > This is the appropriate response when the server does not > recognize the request method and is not capable of supporting > it for any resource. > >If 'ProxyEnable off' is set for a given host, the setting is >url-impotent, and does not vary. > >Because the patch does append a new member to the core_server_config >structure, it seems a minor bump is in order. > > >At 12:52 PM 6/22/2005, William A. Rowe, Jr. wrote: > >>FYI there is one small issue still. The resulting Allow: >>response to denied TRACE request. TRACE doesn't go through the >>normal processing, so methods aren't added. And since TRACE is >>denied, it's removed too. > >At 08:56 AM 6/22/2005, William A. Rowe, Jr. wrote: >>I've spent a large number of cycles investigating the Watchfire report >>(http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf) and >>come up with a genuine reason to adopt the attached patch. >>... >>So the attached patch introduces the per-host directive >> >>TraceEnable on|off|extended >> >>where extended permits a message body, up to 64kb at the target server, >>and of an unlimited size through a proxy server. The default remains >>'on', of course, denying a TRACE body request even via proxy. >> >>Following the semantics of TRACE, the request body is returned to the >>host verbatim as part of the response, following the headers, exactly >>as sent. --=====================_335374312==_ Content-Type: application/octet-stream; name="httpd-1.3-trace-rev2.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="httpd-1.3-trace-rev2.patch" SW5kZXg6IHNyYy9tb2R1bGVzL3Byb3h5L3Byb3h5X2h0dHAuYw0KPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQ0KLS0tIHNy Yy9tb2R1bGVzL3Byb3h5L3Byb3h5X2h0dHAuYwkocmV2aXNpb24gMTkzMDc1KQ0KKysrIHNyYy9t b2R1bGVzL3Byb3h5L3Byb3h5X2h0dHAuYwkod29ya2luZyBjb3B5KQ0KQEAgLTE1LDYgKzE1LDcg QEANCiAKIC8qIEhUVFAgcm91dGluZXMgZm9yIEFwYWNoZSBwcm94eSAqLwogCisjZGVmaW5lIENP UkVfUFJJVkFURSAgIC8qIFRvIGluc3BlY3QgY29yZV9zZXJ2ZXJfY29uZi0+dHJhY2VfZW5hYmxl ICovCiAjaW5jbHVkZSAibW9kX3Byb3h5LmgiCiAjaW5jbHVkZSAiaHR0cF9sb2cuaCIKICNpbmNs dWRlICJodHRwX21haW4uaCIKQEAgLTE0MSw2ICsxNDIsMzAgQEANCiAgICAgbWVtc2V0KCZzZXJ2 ZXIsICdcMCcsIHNpemVvZihzZXJ2ZXIpKTsKICAgICBzZXJ2ZXIuc2luX2ZhbWlseSA9IEFGX0lO RVQ7CiAKKyAgICBpZiAoci0+bWV0aG9kX251bWJlciA9PSBNX1RSQUNFKSB7CisgICAgICAgIGNv cmVfc2VydmVyX2NvbmZpZyAqY29yZWNvbmYgPSAoY29yZV9zZXJ2ZXJfY29uZmlnICopCisgICAg ICAgICAgICAgYXBfZ2V0X21vZHVsZV9jb25maWcoci0+c2VydmVyLT5tb2R1bGVfY29uZmlnLCAm Y29yZV9tb2R1bGUpOworCisgICAgICAgIC8qIDQwNSBNRVRIT0RfTk9UX0FMTE9XRUQgbWF5IGJl IG1vcmUgYWNjdXJhdGU7IGJ1dCB3ZSBjYW5ub3QKKyAgICAgICAgICogcHJvdmlkZSB0aGUgcmVx dWlyZWQgQWxsb3c6IGZpZWxkIC0gdGhpcyByZXF1ZXN0IGlzIG5vdAorICAgICAgICAgKiBmdWxs eSBwcm9jZXNzZWQuICBPbmNlIGRpc2FibGVkIGZvciB0aGlzIGhvc3QsIHRoZSBUUkFDRQorICAg ICAgICAgKiBtZXRob2QgdHJ1bHkgZG9lcyBub3QgZXhpc3QsIGFzIGl0IHdpbGwgbm90IGNoYW5n ZSBiYXNlZAorICAgICAgICAgKiBvbiBjb250ZXh0LgorICAgICAgICAgKi8KKyAgICAgICAgaWYg KGNvcmVjb25mLT50cmFjZV9lbmFibGUgPT0gQVBfVFJBQ0VfRElTQUJMRSkKKyAgICAgICAgICAg IHJldHVybiBhcF9wcm94eWVycm9yKHIsIEhUVFBfTk9UX0lNUExFTUVOVEVELAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIlRSQUNFIGRlbmllZCBieSBzZXJ2ZXIgY29uZmlndXJh dGlvbiIpOworCisgICAgICAgIC8qIENhbid0IHRlc3QgYXBfc2hvdWxkX2NsaWVudF9ibG9jaywg d2UgYXJlbid0IHJlYWR5IHRvIHNlbmQKKyAgICAgICAgICogdGhlIGNsaWVudCBhIDEwMCBDb250 aW51ZSByZXNwb25zZSB0aWxsIHRoZSBjb25uZWN0aW9uIGhhcworICAgICAgICAgKiBiZWVuIGVz dGFibGlzaGVkCisgICAgICAgICAqLworICAgICAgICBpZiAoY29yZWNvbmYtPnRyYWNlX2VuYWJs ZSAhPSBBUF9UUkFDRV9FWFRFTkRFRCAKKyAgICAgICAgICAgICYmIChyLT5yZWFkX2xlbmd0aCB8 fCAoIXItPnJlYWRfY2h1bmtlZCAmJiAoci0+cmVtYWluaW5nIDw9IDApKSkpCisgICAgICAgICAg ICByZXR1cm4gYXBfcHJveHllcnJvcihyLCBIVFRQX1JFUVVFU1RfRU5USVRZX1RPT19MQVJHRSwK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJUUkFDRSB3aXRoIHJlcXVlc3QgYm9k eSBpcyBub3QgYWxsb3dlZCIpOworICAgIH0KKyAgICAKICAgICAvKiBXZSBicmVhayB0aGUgVVJM IGludG8gaG9zdCwgcG9ydCwgcGF0aC1zZWFyY2ggKi8KIAogICAgIHVybHB0ciA9IHN0cnN0cih1 cmwsICI6Ly8iKTsKSW5kZXg6IHNyYy9pbmNsdWRlL2FwX21tbi5oDQo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQotLS0g c3JjL2luY2x1ZGUvYXBfbW1uLmgJKHJldmlzaW9uIDE5MzA3NSkNCisrKyBzcmMvaW5jbHVkZS9h cF9tbW4uaAkod29ya2luZyBjb3B5KQ0KQEAgLTIwMyw2ICsyMDMsNyBAQA0KICAqIDE5OTkwMzIw LjE2ICAgICAgICAgIC0gYXBfZXNjYXBlX2Vycm9ybG9nX2l0ZW0oKQogICogMTk5OTAzMjAuMTcg ICAgICAgICAgLSBhcF9hdXRoX25vbmNlKCkgYW5kIGFwX2F1dGhfbm9uY2UgYWRkZWQKICAqICAg ICAgICAgICAgICAgICAgICAgICAgaW4gY29yZV9kaXJfY29uZmlnLgorICogMTk5OTAzMjAuMTgg ICAgICAgICAgLSB0cmFjZV9lbmFibGUgbWVtYmVyIGFkZGVkIHRvIGNvcmUgc2VydmVyX2NvbmZp ZwogICovCiAKICNkZWZpbmUgTU9EVUxFX01BR0lDX0NPT0tJRSAweDQxNTAzMTMzVUwgLyogIkFQ MTMiICovCkBAIC0yMTAsNyArMjExLDcgQEANCiAjaWZuZGVmIE1PRFVMRV9NQUdJQ19OVU1CRVJf TUFKT1IKICNkZWZpbmUgTU9EVUxFX01BR0lDX05VTUJFUl9NQUpPUiAxOTk5MDMyMAogI2VuZGlm Ci0jZGVmaW5lIE1PRFVMRV9NQUdJQ19OVU1CRVJfTUlOT1IgMTcgICAgICAgICAgICAgICAgICAg IC8qIDAuLi5uICovCisjZGVmaW5lIE1PRFVMRV9NQUdJQ19OVU1CRVJfTUlOT1IgMTggICAgICAg ICAgICAgICAgICAgIC8qIDAuLi5uICovCiAKIC8qIFVzZWZ1bCBmb3IgdGVzdGluZyBmb3IgZmVh dHVyZXMuICovCiAjZGVmaW5lIEFQX01PRFVMRV9NQUdJQ19BVF9MRUFTVChtYWpvcixtaW5vcikJ CVwKSW5kZXg6IHNyYy9pbmNsdWRlL2h0dHBfY29yZS5oDQo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQotLS0gc3JjL2lu Y2x1ZGUvaHR0cF9jb3JlLmgJKHJldmlzaW9uIDE5MzA3NSkNCisrKyBzcmMvaW5jbHVkZS9odHRw X2NvcmUuaAkod29ya2luZyBjb3B5KQ0KQEAgLTM0NCw4ICszNDQsMTggQEANCiAgICAgaW50IHJl Y3Vyc2lvbl9saW1pdF9zZXQ7IC8qIGJvb2xlYW4gKi8KICAgICBpbnQgcmVkaXJlY3RfbGltaXQ7 ICAgICAgLyogbWF4aW11bSBudW1iZXIgb2YgaW50ZXJuYWwgcmVkaXJlY3RzICovCiAgICAgaW50 IHN1YnJlcV9saW1pdDsgICAgICAgIC8qIG1heGltdW0gbmVzdGluZyBsZXZlbCBvZiBzdWJyZXF1 ZXN0cyAqLworCisgICAgLyogVFJBQ0UgY29udHJvbCAqLworICAgIGludCB0cmFjZV9lbmFibGU7 ICAgICAgICAvKiBzZWUgQVBfVFJBQ0VfIGJlbG93ICovCisKIH0gY29yZV9zZXJ2ZXJfY29uZmln OwogCisvKiB0cmFjZV9lbmFibGUgb3B0aW9ucyAqLworI2RlZmluZSBBUF9UUkFDRV9VTlNFVCAg ICAtMQorI2RlZmluZSBBUF9UUkFDRV9ESVNBQkxFICAgMAorI2RlZmluZSBBUF9UUkFDRV9FTkFC TEUgICAgMQorI2RlZmluZSBBUF9UUkFDRV9FWFRFTkRFRCAgMgorCiAvKiBmb3IgaHR0cF9jb25m aWcuYyAqLwogQ09SRV9FWFBPUlQodm9pZCkgYXBfY29yZV9yZW9yZGVyX2RpcmVjdG9yaWVzKHBv b2wgKiwgc2VydmVyX3JlYyAqKTsKIApJbmRleDogc3JjL21haW4vaHR0cF9wcm90b2NvbC5jDQo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09DQotLS0gc3JjL21haW4vaHR0cF9wcm90b2NvbC5jCShyZXZpc2lvbiAxOTMwNzUp DQorKysgc3JjL21haW4vaHR0cF9wcm90b2NvbC5jCSh3b3JraW5nIGNvcHkpDQpAQCAtMTYzNiwx MiArMTYzNiwxNSBAQA0KICAgICBhcF9icHV0cyhDUkxGLCBjbGllbnQpOyAgLyogU2VuZCB0aGUg dGVybWluYXRpbmcgZW1wdHkgbGluZSAqLwogfQogCi0vKiBCdWlsZCB0aGUgQWxsb3cgZmllbGQt dmFsdWUgZnJvbSB0aGUgcmVxdWVzdCBoYW5kbGVyIG1ldGhvZCBtYXNrLgotICogTm90ZSB0aGF0 IHdlIGFsd2F5cyBhbGxvdyBUUkFDRSwgc2luY2UgaXQgaXMgaGFuZGxlZCBiZWxvdy4KKy8qIEJ1 aWxkIHRoZSBBbGxvdyBoZWFkZXIgZnJvbSB0aGUgcmVxdWVzdCBoYW5kbGVyIG1ldGhvZCBtYXNr LgorICogTm90ZSBUUkFDRSBpcyB0ZXN0ZWQgb24gYSBwZXItc2VydmVyIGJhc2lzLgogICovCi1z dGF0aWMgY2hhciAqbWFrZV9hbGxvdyhyZXF1ZXN0X3JlYyAqcikKK3ZvaWQgc2V0X2FsbG93X2hl YWRlcihyZXF1ZXN0X3JlYyAqcikKIHsKLSAgICByZXR1cm4gMiArIGFwX3BzdHJjYXQoci0+cG9v bCwKKyAgICBjb3JlX3NlcnZlcl9jb25maWcgKmNvbmYgPQorICAgICAgICBhcF9nZXRfbW9kdWxl X2NvbmZpZyhyLT5zZXJ2ZXItPm1vZHVsZV9jb25maWcsICZjb3JlX21vZHVsZSk7CisgICAgCisg ICAgY2hhciAqcmVzID0gYXBfcHN0cmNhdChyLT5wb29sLAogICAgICAgICAgICAgICAgICAgIChy LT5hbGxvd2VkICYgKDEgPDwgTV9HRVQpKSAgICAgICA/ICIsIEdFVCwgSEVBRCIgOiAiIiwKICAg ICAgICAgICAgICAgICAgICAoci0+YWxsb3dlZCAmICgxIDw8IE1fUE9TVCkpICAgICAgPyAiLCBQ T1NUIiAgICAgIDogIiIsCiAgICAgICAgICAgICAgICAgICAgKHItPmFsbG93ZWQgJiAoMSA8PCBN X1BVVCkpICAgICAgID8gIiwgUFVUIiAgICAgICA6ICIiLApAQCAtMTY1NiwyNCArMTY1OSwxMDAg QEANCiAgICAgICAgICAgICAgICAgICAgKHItPmFsbG93ZWQgJiAoMSA8PCBNX01PVkUpKSAgICAg ID8gIiwgTU9WRSIgICAgICA6ICIiLAogICAgICAgICAgICAgICAgICAgIChyLT5hbGxvd2VkICYg KDEgPDwgTV9MT0NLKSkgICAgICA/ICIsIExPQ0siICAgICAgOiAiIiwKICAgICAgICAgICAgICAg ICAgICAoci0+YWxsb3dlZCAmICgxIDw8IE1fVU5MT0NLKSkgICAgPyAiLCBVTkxPQ0siICAgIDog IiIsCi0gICAgICAgICAgICAgICAgICAgIiwgVFJBQ0UiLAorICAgICAgICAgICAoY29uZi0+dHJh Y2VfZW5hYmxlICE9IEFQX1RSQUNFX0RJU0FCTEUpICA/ICIsIFRSQUNFIiAgICAgOiAiIiwKICAg ICAgICAgICAgICAgICAgICBOVUxMKTsKKworICAgIC8qIENvd2FyZGx5IGF0dGVtcHQgdG8gYXZv aWQgcmV0dXJuaW5nIGFuIGVtcHR5IEFsbG93OiBoZWFkZXIsIAorICAgICAqIGJ1dCBubyBtYXR0 ZXIgaG93IGluYWNjdXJhdGUsIHJlc3VsdCBjb2RlIDQwNSBkZW1hbmRzIGl0LgorICAgICAqLwor ICAgIGlmICgqcmVzKQorICAgICAgICBhcF90YWJsZV9zZXRuKHItPmhlYWRlcnNfb3V0LCAiQWxs b3ciLCByZXMgKyAyKTsKKyAgICBlbHNlIGlmIChyLT5zdGF0dXMgPT0gTUVUSE9EX05PVF9BTExP V0VEKQorICAgICAgICBhcF90YWJsZV9zZXRuKHItPmhlYWRlcnNfb3V0LCAiQWxsb3ciLCAiIik7 CiB9CiAKIEFQSV9FWFBPUlQoaW50KSBhcF9zZW5kX2h0dHBfdHJhY2UocmVxdWVzdF9yZWMgKnIp CiB7CisgICAgY29yZV9zZXJ2ZXJfY29uZmlnICpjb25mOwogICAgIGludCBydjsKKyAgICBpbnQg Ym9keTsKKyAgICBjaGFyICpib2R5cmVhZCwgKmJvZHlvZmY7CisgICAgbG9uZyBib2R5bGVuID0g MDsKKyAgICBsb25nIGJvZHlidWY7CisgICAgbG9uZyByZXM7CiAKICAgICAvKiBHZXQgdGhlIG9y aWdpbmFsIHJlcXVlc3QgKi8KICAgICB3aGlsZSAoci0+cHJldikKICAgICAgICAgciA9IHItPnBy ZXY7CisgICAgY29uZiA9IGFwX2dldF9tb2R1bGVfY29uZmlnKHItPnNlcnZlci0+bW9kdWxlX2Nv bmZpZywgJmNvcmVfbW9kdWxlKTsKIAotICAgIGlmICgocnYgPSBhcF9zZXR1cF9jbGllbnRfYmxv Y2sociwgUkVRVUVTVF9OT19CT0RZKSkpCisgICAgLyogNDA1IE1FVEhPRF9OT1RfQUxMT1dFRCBt YXkgYmUgbW9yZSBhY2N1cmF0ZTsgYnV0IHdlIGNhbm5vdAorICAgICAqIHByb3ZpZGUgdGhlIHJl cXVpcmVkIEFsbG93OiBmaWVsZCAtIHRoaXMgcmVxdWVzdCBpcyBub3QKKyAgICAgKiBmdWxseSBw cm9jZXNzZWQuICBPbmNlIGRpc2FibGVkIGZvciB0aGlzIGhvc3QsIHRoZSBUUkFDRQorICAgICAq IG1ldGhvZCB0cnVseSBkb2VzIG5vdCBleGlzdCwgYXMgaXQgd2lsbCBub3QgY2hhbmdlIGJhc2Vk CisgICAgICogb24gY29udGV4dC4KKyAgICAgKi8KKyAgICBpZiAoY29uZi0+dHJhY2VfZW5hYmxl ID09IEFQX1RSQUNFX0RJU0FCTEUpIHsKKwlhcF90YWJsZV9zZXRuKHItPm5vdGVzLCAiZXJyb3It bm90ZXMiLAorICAgICAgICAgICAgICAgICAgICAgICJUUkFDRSBkZW5pZWQgYnkgc2VydmVyIGNv bmZpZ3VyYXRpb24iKTsKKyAgICAgICAgcmV0dXJuIEhUVFBfTk9UX0lNUExFTUVOVEVEOworICAg IH0KKworICAgIGlmIChjb25mLT50cmFjZV9lbmFibGUgPT0gQVBfVFJBQ0VfRVhURU5ERUQpCisg ICAgICAgIGJvZHkgPSBSRVFVRVNUX0NIVU5LRURfUEFTUzsKKyAgICBlbHNlCisgICAgICAgIGJv ZHkgPSBSRVFVRVNUX05PX0JPRFk7CisKKyAgICBpZiAoKHJ2ID0gYXBfc2V0dXBfY2xpZW50X2Js b2NrKHIsIGJvZHkpKSkgeworICAgICAgICBpZiAocnYgPT0gSFRUUF9SRVFVRVNUX0VOVElUWV9U T09fTEFSR0UpCisgICAgCSAgICBhcF90YWJsZV9zZXRuKHItPm5vdGVzLCAiZXJyb3Itbm90ZXMi LAorICAgICAgICAgICAgICAgICAgICAgICAgICAiVFJBQ0Ugd2l0aCBhIHJlcXVlc3QgYm9keSBp cyBub3QgYWxsb3dlZCIpOwogICAgICAgICByZXR1cm4gcnY7CisgICAgfQorICAgIAorICAgIGlm IChhcF9zaG91bGRfY2xpZW50X2Jsb2NrKHIpKSB7CiAKKyAgICAgICAgaWYgKHItPnJlbWFpbmlu ZyA+IDApIHsKKyAgICAgICAgICAgIGlmIChyLT5yZW1haW5pbmcgPiA2NTUzNikgeworCSAgICAg ICAgYXBfdGFibGVfc2V0bihyLT5ub3RlcywgImVycm9yLW5vdGVzIiwKKyAgICAgICAgICAgICAg ICAgICAgICAgICAiRXh0ZW5kZWQgVFJBQ0UgcmVxdWVzdCBib2RpZXMgY2Fubm90IGV4Y2VlZCA2 NGtcbiIpOworICAgICAgICAgICAgICAgIHJldHVybiBIVFRQX1JFUVVFU1RfRU5USVRZX1RPT19M QVJHRTsKKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIC8qIGFsd2F5cyAzMiBleHRyYSBieXRl cyB0byBjYXRjaCBjaHVuayBoZWFkZXIgZXhjZXB0aW9ucyAqLworICAgICAgICAgICAgYm9keWJ1 ZiA9IHItPnJlbWFpbmluZyArIDMyOworICAgICAgICB9CisgICAgICAgIGVsc2UgeworICAgICAg ICAgICAgLyogQWRkIGFuIGV4dHJhIDgxOTIgZm9yIGNodW5rIGhlYWRlcnMgKi8KKyAgICAgICAg ICAgIGJvZHlidWYgPSA3MzczMDsKKyAgICAgICAgfQorCisgICAgICAgIGJvZHlvZmYgPSBib2R5 cmVhZCA9IGFwX3BhbGxvYyhyLT5wb29sLCBib2R5YnVmKTsKKworICAgICAgICAvKiBvbmx5IHdo aWxlIHdlIGhhdmUgZW5vdWdoIGZvciBhIGNodW5rZWQgaGVhZGVyICovCisgICAgICAgIHdoaWxl ICgoIWJvZHlsZW4gfHwgYm9keWJ1ZiA+PSAzMikgJiYKKyAgICAgICAgICAgICAgIChyZXMgPSBh cF9nZXRfY2xpZW50X2Jsb2NrKHIsIGJvZHlvZmYsIGJvZHlidWYpKSA+IDApIHsKKyAgICAgICAg ICAgIGJvZHlsZW4gKz0gcmVzOworICAgICAgICAgICAgYm9keWJ1ZiAtPSByZXM7CisgICAgICAg ICAgICBib2R5b2ZmICs9IHJlczsKKyAgICAgICAgfQorICAgICAgICBpZiAocmVzID4gMCAmJiBi b2R5YnVmIDwgMzIpIHsKKyAgICAgICAgICAgIC8qIGRpc2NhcmRfcmVzdF9vZl9yZXF1ZXN0X2Jv ZHkgaW50byBvdXIgYnVmZmVyICovCisgICAgICAgICAgICB3aGlsZSAoYXBfZ2V0X2NsaWVudF9i bG9jayhyLCBib2R5cmVhZCwgYm9keWxlbikgPiAwKQorICAgICAgICAgICAgICAgIDsKKwkgICAg YXBfdGFibGVfc2V0bihyLT5ub3RlcywgImVycm9yLW5vdGVzIiwKKyAgICAgICAgICAgICAgICAg ICAgICJFeHRlbmRlZCBUUkFDRSByZXF1ZXN0IGJvZGllcyBjYW5ub3QgZXhjZWVkIDY0a1xuIik7 CisgICAgICAgICAgICByZXR1cm4gSFRUUF9SRVFVRVNUX0VOVElUWV9UT09fTEFSR0U7CisgICAg ICAgIH0KKworICAgICAgICBpZiAocmVzIDwgMCkgeworICAgICAgICAgICAgcmV0dXJuIEhUVFBf QkFEX1JFUVVFU1Q7CisgICAgICAgIH0KKyAgICB9CisKICAgICBhcF9oYXJkX3RpbWVvdXQoInNl bmQgVFJBQ0UiLCByKTsKIAogICAgIHItPmNvbnRlbnRfdHlwZSA9ICJtZXNzYWdlL2h0dHAiOwor CiAgICAgYXBfc2VuZF9odHRwX2hlYWRlcihyKTsKICNpZmRlZiBDSEFSU0VUX0VCQ0RJQwogICAg IC8qIFNlcnZlci1nZW5lcmF0ZWQgcmVzcG9uc2UsIGNvbnZlcnRlZCAqLwpAQCAtMTY4OCw2ICsx NzY3LDEwIEBADQogICAgICAgICAgICAgICAgIGFwX3NlbmRfaGVhZGVyX2ZpZWxkLCAodm9pZCAq KSByLCByLT5oZWFkZXJzX2luLCBOVUxMKTsKICAgICBhcF9ycHV0cyhDUkxGLCByKTsKIAorICAg IC8qIElmIGNvbmZpZ3VyZWQgdG8gYWNjZXB0IGEgYm9keSwgZWNobyB0aGUgYm9keSBpbmNsdWRp bmcgY2h1bmtzICovCisgICAgaWYgKGJvZHlsZW4pCisgICAgICAgIGFwX3J3cml0ZShib2R5cmVh ZCwgYm9keWxlbiwgcik7CisKICAgICBhcF9raWxsX3RpbWVvdXQocik7CiAgICAgcmV0dXJuIE9L OwogfQpAQCAtMTcwNCw3ICsxNzg3LDcgQEANCiAgICAgYXBfYmFzaWNfaHR0cF9oZWFkZXIocik7 CiAKICAgICBhcF90YWJsZV9zZXRuKHItPmhlYWRlcnNfb3V0LCAiQ29udGVudC1MZW5ndGgiLCAi MCIpOwotICAgIGFwX3RhYmxlX3NldG4oci0+aGVhZGVyc19vdXQsICJBbGxvdyIsIG1ha2VfYWxs b3cocikpOworICAgIHNldF9hbGxvd19oZWFkZXIocik7CiAgICAgYXBfc2V0X2tlZXBhbGl2ZShy KTsKIAogICAgIGFwX3RhYmxlX2RvKChpbnQgKCopICh2b2lkICosIGNvbnN0IGNoYXIgKiwgY29u c3QgY2hhciAqKSkgYXBfc2VuZF9oZWFkZXJfZmllbGQsCkBAIC0yODQxLDcgKzI5MjQsNyBAQA0K ICAgICAgICAgfQogCiAgICAgICAgIGlmICgoc3RhdHVzID09IE1FVEhPRF9OT1RfQUxMT1dFRCkg fHwgKHN0YXR1cyA9PSBOT1RfSU1QTEVNRU5URUQpKQotICAgICAgICAgICAgYXBfdGFibGVfc2V0 bihyLT5oZWFkZXJzX291dCwgIkFsbG93IiwgbWFrZV9hbGxvdyhyKSk7CisgICAgICAgICAgICBz ZXRfYWxsb3dfaGVhZGVyKHIpOwogCiAgICAgICAgIGFwX3NlbmRfaHR0cF9oZWFkZXIocik7CiAK SW5kZXg6IHNyYy9tYWluL2h0dHBfY29yZS5jDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQotLS0gc3JjL21haW4vaHR0 cF9jb3JlLmMJKHJldmlzaW9uIDE5MzA3NSkNCisrKyBzcmMvbWFpbi9odHRwX2NvcmUuYwkod29y a2luZyBjb3B5KQ0KQEAgLTM0MSw2ICszNDEsOCBAQA0KICAgICBjb25mLT5zdWJyZXFfbGltaXQg PSAwOwogICAgIGNvbmYtPnJlY3Vyc2lvbl9saW1pdF9zZXQgPSAwOwogCisgICAgY29uZi0+dHJh Y2VfZW5hYmxlID0gQVBfVFJBQ0VfVU5TRVQ7CisKICAgICByZXR1cm4gKHZvaWQgKiljb25mOwog fQogCkBAIC0zNjksNiArMzcxLDEwIEBADQogICAgICAgICAgICAgICAgICAgICAgICAgID8gdmly dC0+c3VicmVxX2xpbWl0CiAgICAgICAgICAgICAgICAgICAgICAgICAgOiBiYXNlLT5zdWJyZXFf bGltaXQ7CiAKKyAgICBjb25mLT50cmFjZV9lbmFibGUgPSAodmlydC0+dHJhY2VfZW5hYmxlICE9 IEFQX1RSQUNFX1VOU0VUKQorICAgICAgICAgICAgICAgICAgICAgICAgID8gdmlydC0+dHJhY2Vf ZW5hYmxlCisgICAgICAgICAgICAgICAgICAgICAgICAgOiBiYXNlLT50cmFjZV9lbmFibGU7CisK ICAgICByZXR1cm4gY29uZjsKIH0KIApAQCAtMTQ5Miw3ICsxNDk4LDcgQEANCiAgICAgICAgIGlu dCAgbWV0aG51bSA9IGFwX21ldGhvZF9udW1iZXJfb2YobWV0aG9kKTsKIAogICAgICAgICBpZiAo bWV0aG51bSA9PSBNX1RSQUNFICYmICF0b2cpIHsKLSAgICAgICAgICAgIHJldHVybiAiVFJBQ0Ug Y2Fubm90IGJlIGNvbnRyb2xsZWQgYnkgPExpbWl0PiI7CisgICAgICAgICAgICByZXR1cm4gIlRS QUNFIGNhbm5vdCBiZSBjb250cm9sbGVkIGJ5IDxMaW1pdD4sIHNlZSBUcmFjZUVuYWJsZSI7CiAg ICAgICAgIH0KICAgICAgICAgZWxzZSBpZiAobWV0aG51bSA9PSBNX0lOVkFMSUQpIHsKICAgICAg ICAgICAgIHJldHVybiBhcF9wc3RyY2F0KGNtZC0+cG9vbCwgInVua25vd24gbWV0aG9kIFwiIiwg bWV0aG9kLApAQCAtMzM0MSw2ICszMzQ3LDI4IEBADQogICAgIHJldHVybiBOVUxMOwogfQogCitz dGF0aWMgY29uc3QgY2hhciAqc2V0X3RyYWNlX2VuYWJsZShjbWRfcGFybXMgKmNtZCwgdm9pZCAq ZHVtbXksCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFyICph cmcxKQoreworICAgIGNvcmVfc2VydmVyX2NvbmZpZyAqY29uZiA9IGFwX2dldF9tb2R1bGVfY29u ZmlnKGNtZC0+c2VydmVyLT5tb2R1bGVfY29uZmlnLAorICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICZjb3JlX21vZHVsZSk7CisgICAgCisgICAgaWYg KHN0cmNhc2VjbXAoYXJnMSwgIm9uIikgPT0gMCkgeworICAgICAgICBjb25mLT50cmFjZV9lbmFi bGUgPSBBUF9UUkFDRV9FTkFCTEU7CisgICAgfQorICAgIGVsc2UgaWYgKHN0cmNhc2VjbXAoYXJn MSwgIm9mZiIpID09IDApIHsKKyAgICAgICAgY29uZi0+dHJhY2VfZW5hYmxlID0gQVBfVFJBQ0Vf RElTQUJMRTsKKyAgICB9CisgICAgZWxzZSBpZiAoc3RyY2FzZWNtcChhcmcxLCAiZXh0ZW5kZWQi KSA9PSAwKSB7CisgICAgICAgIGNvbmYtPnRyYWNlX2VuYWJsZSA9IEFQX1RSQUNFX0VYVEVOREVE OworICAgIH0KKyAgICBlbHNlIHsKKyAgICAgICAgcmV0dXJuICJUcmFjZUVuYWJsZSBtdXN0IGJl IG9uZSBvZiAnb24nLCAnb2ZmJywgb3IgJ2V4dGVuZGVkJyI7CisgICAgfQorCisgICAgcmV0dXJu IE5VTEw7Cit9CisKIHN0YXRpYyB2b2lkIGxvZ19iYWNrdHJhY2UoY29uc3QgcmVxdWVzdF9yZWMg KnIpCiB7CiAgICAgY29uc3QgcmVxdWVzdF9yZWMgKnRvcCA9IHI7CkBAIC0zNzQyLDYgKzM3NzAs OCBAQA0KIHsgIkxpbWl0SW50ZXJuYWxSZWN1cnNpb24iLCBzZXRfcmVjdXJzaW9uX2xpbWl0LCBO VUxMLCBSU1JDX0NPTkYsIFRBS0UxMiwKICAgIm1heGltdW0gcmVjdXJzaW9uIGRlcHRoIG9mIGlu dGVybmFsIHJlZGlyZWN0cyBhbmQgc3VicmVxdWVzdHMifSwKIAoreyAiVHJhY2VFbmFibGUiLCBz ZXRfdHJhY2VfZW5hYmxlLCBOVUxMLCBSU1JDX0NPTkYsIFRBS0UxLCAKKyAgIidvbicgKGRlZmF1 bHQpLCAnb2ZmJyBvciAnZXh0ZW5kZWQnIHRvIHRyYWNlIHJlcXVlc3QgYm9keSBjb250ZW50In0s CiB7IE5VTEwgfQogfTsKIAo= --=====================_335374312==_ Content-Type: text/plain; charset="us-ascii" --=====================_335374312==_--