From libssh2-devel-bounces@cool.haxx.se Fri Mar 1 18:02:00 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x21H1Kpj016836; Fri, 1 Mar 2019 18:01:52 +0100 Received: from foo.stuge.se (foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x21H1Iu0016672 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 1 Mar 2019 18:01:19 +0100 Received: (qmail 22806 invoked by uid 1000); 1 Mar 2019 17:01:14 -0000 Message-ID: <20190301170114.22805.qmail@stuge.se> Date: Fri, 1 Mar 2019 17:01:14 +0000 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: SFTP transfer hangs when the server connection has high latency RTT around 500 ms and 30% packet loss References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x21H1Kpj016836 Hi, Ketul Barot wrote: > To eliminate if libssh2 is the real reason for the hang. I used > sftp_write_nonblock.c as an example from the libssh2 examples and > used that to upload a file in my setup and here to I am seeing the > same behavior that the sftp_write_nonblock application get's hung. > > Would greatly appreciate if some one can look in to this. Also, I > can provide any extra debug information that would help to resolve > this issue. Yes, you will have to provide debug information for anyone to be able to analyze your problem. Ideally build the current libssh2 master code with debug messages enabled, and add a call like libssh2_trace(session, ~0); in sftp_write_nonblock.c maybe after the libssh2_userauth_ calls, before the first libssh2_sftp_ call. Then send the full output from that program for a run where the error happens to the list. Please log to a text file and attach that file to your mail, so that all information is kept intact. Thanks! //Peter _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Tue Mar 5 16:25:58 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x25FPKPI021298; Tue, 5 Mar 2019 16:25:47 +0100 Received: from us-smtp-delivery-120.mimecast.com (us-smtp-delivery-120.mimecast.com [216.205.24.120]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x25FPHAh021261 for ; Tue, 5 Mar 2019 16:25:18 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parallelwireless.com; s=mimecast20180910; t=1551799518; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=SuDYX4AqJ9SfZdkh15m8er4fly0d7J8PD1wd6+6Ibfo=; b=niGYd8gEof1n7PjCsHjvgvc5RoWgg+O+O+QJT71dIdaKTk6zkmJ63DXwQU6d92NFs0I/ilAz39G+kfhJgcPqYZyiI6s/NlWTA+JW/QZvRelbn2uTo8Kgc6x6P68qVxwJZsFo1HHlpY7YYdmbb1IFD5H64EKHOt9yGllDxwIlMu0= Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02lp2057.outbound.protection.outlook.com [104.47.38.57]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-271-IMO1QgRiOH2QCAYCb2_lDA-1; Tue, 05 Mar 2019 10:25:14 -0500 Received: from BN6PR19MB1618.namprd19.prod.outlook.com (10.175.196.17) by BN6PR19MB1378.namprd19.prod.outlook.com (10.175.194.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.16; Tue, 5 Mar 2019 15:25:13 +0000 Received: from BN6PR19MB1618.namprd19.prod.outlook.com ([fe80::88be:8931:b025:191e]) by BN6PR19MB1618.namprd19.prod.outlook.com ([fe80::88be:8931:b025:191e%3]) with mapi id 15.20.1665.020; Tue, 5 Mar 2019 15:25:13 +0000 From: Ketul Barot To: "libssh2-devel@cool.haxx.se" Subject: RE: SFTP transfer hangs when the server connection has high latency RTT around 500 ms and 30% packet loss Thread-Topic: SFTP transfer hangs when the server connection has high latency RTT around 500 ms and 30% packet loss Thread-Index: AdTTZV0U7of2DyY7TVOUsQnneH2sKw== Date: Tue, 5 Mar 2019 15:25:13 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [64.223.221.66] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9776fa7f-80f3-4328-64f3-08d6a17ec361 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR19MB1378; x-ms-traffictypediagnostic: BN6PR19MB1378: x-ms-exchange-purlcount: 1 x-microsoft-exchange-diagnostics: =?utf-8?B?MTtCTjZQUjE5TUIxMzc4OzIzOlAzbmVzV09KTFl1Z1RBRzRhMG9vZmlJYXM4?= =?utf-8?B?SE1JZjhydkE1TEVWb1RTRUZHRThRR2xJYUpqQ3RRK3BHWDJGUlVnYksvNnc3?= =?utf-8?B?M0RPQkRBb05XZGlFTnByRUtoNnN0TW9ZSG56bWJOaytIQ1RVUzJTejNxaldJ?= =?utf-8?B?TThzRU9PN0IzekJwalVINDJiOXNPUlRQQW02emZvT2VkTWl5Vmo5N0lLd1pp?= =?utf-8?B?djFES28rREFBejVEcGpFZ0JRaXpJTmZyRTRIbGtSWHBVUENDcGJHa1QrMktu?= =?utf-8?B?QkNaeEZ0c04zMlVhVWxaNnRWMmRaRnZ1ajRmU3B4c0NubHlsbWxQVkhxSGNn?= =?utf-8?B?L3dXTG1aY2h2QXlucGdZNHFZNVlLNldIZGJUUHpFN0JZYXA5YkN4RnJzZWlu?= =?utf-8?B?alNBejdkUFVJUGNVa3RENFpTU0NlZmhUQ0c0Z0NPNHFxaDJhaVNDMzlBaGdj?= =?utf-8?B?NjV6VnpqaXA3MHdaaFA1ZVJockpBWXBKT0M0RXVyVXJtc0VlVzhmdmxGUk9N?= =?utf-8?B?aFBLWnJKM2V6OGZvb0FQM2Nvb1pROG5hdXgvZ1M0b2pqbzJ6OVdJOGhhZ3JG?= =?utf-8?B?NTFRQTZ0S2lhL3FkUmxPVVdadUhpMnBycXlkb0R3a3pZSFVDZExjem1YQ29y?= =?utf-8?B?YkNkYVVkN0RUR3R0QlBHQjYwMVRkL203UFhYaGNpVXZNQ3FZYnY1a3NLNTJC?= =?utf-8?B?blZDaTlwWGliZXpQK0I4WHB0RUM3emlLSDJ6UlJyRDQ4RmhWOEE0MDJMemVH?= =?utf-8?B?YmY2Zm92bHE3ZVoxNUd5MldwcXBhRmRBOVQyaXdNbER3bElKWklTQlIxOE1q?= =?utf-8?B?YmFKY1RVbXlTM1F6STdGU3VTVFZnQkFBL0NmNmpJZGo4RXR5RWJkbFVGRkcv?= =?utf-8?B?TGM3RXJCWDBiNEVuZFowandUeWN5RlR6SU1oWWl4cEsrNnVmMFp6dFhPaVBY?= =?utf-8?B?bWt6dk1tQjg1akJNUE9wTVZRYUhDSXVIM0VjZlVJWlAveTdPaDN6YmpKZDg1?= =?utf-8?B?RHlmOGlEalAxc2VBTzRDelI3OFNxQWRxNDF1TTFDbmgvM3dhZjZmTTJ1ZDV1?= =?utf-8?B?K240cUxqbm1ia2pBSkU4cms4azUyWlZWKzJZeXpEK0FabnFFVUJwK0FsTGdw?= =?utf-8?B?ZHM1S3Nqd21VdTMwb2I1OWFxbjZGNVN1aWF1cXQyMVpUZVFRazJUVkhuNXZt?= =?utf-8?B?dVRmb0EyNU5ucnQwMHZ1azVOVFdNeGJHTWRINmdDS3BFbnJ1dkhueEtNQ2My?= =?utf-8?B?aHRJcFdCb3pGTHF6NlBpQjN4NiswR2tMODNoMGw0dDVrVmFtQnphalUrMGRp?= =?utf-8?B?WHVvd0FOUHN2M1E5TmJtaFdJQ3dFT2dzdFpOSXVaZjZrUkkwUytnZkFiYm5V?= =?utf-8?B?L2p2dW9pRW5IOWtEZ09vZWtZWFFQR2E3bTgvcVdTUmwxNWVldyttQ1dmSFo0?= =?utf-8?B?blEvTVNWYnFvRUxCeWlmV1ByU2NpalBhenYvLzVoU3hXV0MvNE1NZ2tYbHZX?= =?utf-8?B?VkJua2NqYkpMRk9tZGV6bjc5cWJITkJwaDY4dWt0Y2JPTEp3RWF6Ukc1RThL?= =?utf-8?B?R3VpMjg3RXBFK3RxZmd5UURZdTZkZkQ3NjEwUjVyRTh1NUdQM3VSRnF0UU5n?= =?utf-8?B?YjVYR01GZUxCT2JzTnh0OXU3b3pUMFgxV01WNE9jVTVyaGdDK3d4VGRMM3lL?= =?utf-8?B?Zlg0UDdnVHpteXl4cnl3MnZlVmhxcVFLcFN1SXIrRHVURW9vV29Bcm14MGhC?= =?utf-8?B?QUhtUFZ0QmFQOVdVMEhRSDA4dVFqN3RDNDU5Y2F4bENGUjB0ejduQ2drUU1w?= =?utf-8?B?VUxPc3pXck9sbmh2VCtvVjJwWElXaExhRnB3YnIwNmY5M1pkVkJEcEpDd1Iz?= =?utf-8?B?dmpqbGxqaFNIUkZxVmJaUm1xM3NVNWFQSERFV0FaTlJNU0Y5YUxrUXprNTEy?= =?utf-8?B?NXRPNEdRUDlBPT0=?= x-microsoft-antispam-prvs: x-forefront-prvs: 0967749BC1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(376002)(366004)(396003)(39850400004)(199004)(27574002)(189003)(6506007)(6306002)(2906002)(5640700003)(9326002)(4743002)(7736002)(5660300002)(2501003)(55016002)(6916009)(52536013)(81166006)(186003)(105586002)(2351001)(229853002)(106356001)(14454004)(8936002)(9686003)(236005)(33656002)(6436002)(53936002)(71200400001)(8676002)(54896002)(81156014)(71190400001)(99286004)(14444005)(256004)(5024004)(3846002)(97736004)(86362001)(6246003)(790700001)(6116002)(476003)(486006)(966005)(478600001)(66066001)(74316002)(606006)(7696005)(25786009)(26005)(102836004)(53546011)(316002)(68736007)(99936001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR19MB1378; H:BN6PR19MB1618.namprd19.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Y3vGLXaeojGMI9lhhKh160930cJ9GkL2xFz8Xek8L8lB27kk7KMa+xFlwuTVntvDL7EjCWVxt0EthEfRc028n9s95+11SOlAKP5R8RCIPS1JJeMqyf+bX7sT8BzRPlApGwg9aZsWYNf7TdidzriBAaJyF8veNxN4Qo3Zgq6KTc2AArlTR/Pl1S2pEUdyOC7D+SwBoMlHSc0RKxFx2v0ki4fflwsmp5HECaUsSgP4bOHyWOzd1DCadVzfNa5Yx8ducwTaEfRTcfx01wUpzmtK651bUQdBymGNEBZkjyjs7DN1LmbJa3xuEZXKnitQMvZA/PZYBFthVDds99wDIc9eYyFRySUxtdKsas0SM+rM635IKirqviLwRNidd+VY7MuqnQnJQ0HlNNKbtEPwj5/ggioTU7nv5msm5Pba0mvvlDw= MIME-Version: 1.0 X-OriginatorOrg: parallelwireless.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9776fa7f-80f3-4328-64f3-08d6a17ec361 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2019 15:25:13.3453 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 991bd471-bf03-47c4-af97-0c3362264c70 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR19MB1378 X-MC-Unique: IMO1QgRiOH2QCAYCb2_lDA-1 X-Mimecast-Spam-Score: 0 Content-Type: multipart/mixed; boundary="_004_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_" X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --_004_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_ Content-Type: multipart/alternative; boundary="_000_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_" --_000_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 SGksDQoNCkZvciBzb21lIHJlYXNvbiBJIGFtIG5vdCBhYmxlIHRvIHJlcHJvZHVjZSB0aGUgaGFu ZyB3aXRoIHNmdHBfd3JpdGVfbm9uYmxvY2suYyBidXQgSSBkaWQgZmluZCB0aGUgc2FtZSB0aGlu ZyBoYXBwZW4gd2l0aCB0aGUgY3VybC4gSSBoYXZlIGVuYWJsZWQgdGhlIGRlYnVnIG9wdGlvbiBh bmQgYWRkZWQgdGhlIGxpYnNzaDJfdHJhY2UgYXMgbWVudGlvbmVkIGJ5IHlvdS4NCg0KQXR0YWNo aW5nIHRoZSBsb2cgZmlsZS4gSXQgaGFzIGJvdGggbGliY3VybCBkZWJ1ZyBtZXNzYWdlcyAmIGxp YnNzaDIgZGVidWcgbWVzc2FnZXMuIFBsZWFzZSB0YWtlIGEgbG9vayBhdCB0aGUgbG9nIGZpbGUg YW5kIEkgd2lsbCB0cnkgYWdhaW4gdG8gcmVwcm9kdWNlIHRoZSBoYW5nIHdpdGggc2Z0cF93cml0 ZV9ub25ibG9jay5jIGV4YW1wbGUuIEkgd2lsbCBzZW5kIHRoZSBkZWJ1ZyBsb2cgZm9yIHRoYXQg b25jZSBJIHJlcHJvZHVjZSB0aGUgaXNzdWUuDQoNClRoYW5rcywNCktldHVsDQoNCkZyb206IGxp YnNzaDItZGV2ZWwgPGxpYnNzaDItZGV2ZWwtYm91bmNlc0Bjb29sLmhheHguc2U+IE9uIEJlaGFs ZiBPZiBsaWJzc2gyLWRldmVsLXJlcXVlc3RAY29vbC5oYXh4LnNlDQpTZW50OiBTYXR1cmRheSwg TWFyY2ggMDIsIDIwMTkgNjowMCBBTQ0KVG86IGxpYnNzaDItZGV2ZWxAY29vbC5oYXh4LnNlDQpT dWJqZWN0OiBsaWJzc2gyLWRldmVsIERpZ2VzdCwgVm9sIDExNywgSXNzdWUgMQ0KDQpTZW5kIGxp YnNzaDItZGV2ZWwgbWFpbGluZyBsaXN0IHN1Ym1pc3Npb25zIHRvDQpsaWJzc2gyLWRldmVsQGNv b2wuaGF4eC5zZTxtYWlsdG86bGlic3NoMi1kZXZlbEBjb29sLmhheHguc2U+DQoNClRvIHN1YnNj cmliZSBvciB1bnN1YnNjcmliZSB2aWEgdGhlIFdvcmxkIFdpZGUgV2ViLCB2aXNpdA0KaHR0cHM6 Ly9jb29sLmhheHguc2UvY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL2xpYnNzaDItZGV2ZWw8aHR0 cHM6Ly9jb29sLmhheHguc2UvY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL2xpYnNzaDItZGV2ZWw+ DQpvciwgdmlhIGVtYWlsLCBzZW5kIGEgbWVzc2FnZSB3aXRoIHN1YmplY3Qgb3IgYm9keSAnaGVs cCcgdG8NCmxpYnNzaDItZGV2ZWwtcmVxdWVzdEBjb29sLmhheHguc2U8bWFpbHRvOmxpYnNzaDIt ZGV2ZWwtcmVxdWVzdEBjb29sLmhheHguc2U+DQoNCllvdSBjYW4gcmVhY2ggdGhlIHBlcnNvbiBt YW5hZ2luZyB0aGUgbGlzdCBhdA0KbGlic3NoMi1kZXZlbC1vd25lckBjb29sLmhheHguc2U8bWFp bHRvOmxpYnNzaDItZGV2ZWwtb3duZXJAY29vbC5oYXh4LnNlPg0KDQpXaGVuIHJlcGx5aW5nLCBw bGVhc2UgZWRpdCB5b3VyIFN1YmplY3QgbGluZSBzbyBpdCBpcyBtb3JlIHNwZWNpZmljDQp0aGFu ICJSZTogQ29udGVudHMgb2YgbGlic3NoMi1kZXZlbCBkaWdlc3QuLi4iDQoNCg0KVG9kYXkncyBU b3BpY3M6DQoNCjEuIFJlOiBTRlRQIHRyYW5zZmVyIGhhbmdzIHdoZW4gdGhlIHNlcnZlciBjb25u ZWN0aW9uIGhhcyBoaWdoDQpsYXRlbmN5IFJUVCBhcm91bmQgNTAwIG1zIGFuZCAzMCUgcGFja2V0 IGxvc3MgKFBldGVyIFN0dWdlKQ0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCg0KTWVzc2FnZTogMQ0KRGF0 ZTogRnJpLCAxIE1hciAyMDE5IDE3OjAxOjE0ICswMDAwDQpGcm9tOiBQZXRlciBTdHVnZSA8cGV0 ZXJAc3R1Z2Uuc2U8bWFpbHRvOnBldGVyQHN0dWdlLnNlPj4NClRvOiBsaWJzc2gyLWRldmVsQGNv b2wuaGF4eC5zZTxtYWlsdG86bGlic3NoMi1kZXZlbEBjb29sLmhheHguc2U+DQpTdWJqZWN0OiBS ZTogU0ZUUCB0cmFuc2ZlciBoYW5ncyB3aGVuIHRoZSBzZXJ2ZXIgY29ubmVjdGlvbiBoYXMgaGln aA0KbGF0ZW5jeSBSVFQgYXJvdW5kIDUwMCBtcyBhbmQgMzAlIHBhY2tldCBsb3NzDQpNZXNzYWdl LUlEOiA8MjAxOTAzMDExNzAxMTQuMjI4MDUucW1haWxAc3R1Z2Uuc2U8bWFpbHRvOjIwMTkwMzAx MTcwMTE0LjIyODA1LnFtYWlsQHN0dWdlLnNlPj4NCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsg Y2hhcnNldD11cy1hc2NpaQ0KDQpIaSwNCg0KS2V0dWwgQmFyb3Qgd3JvdGU6DQo+IFRvIGVsaW1p bmF0ZSBpZiBsaWJzc2gyIGlzIHRoZSByZWFsIHJlYXNvbiBmb3IgdGhlIGhhbmcuIEkgdXNlZA0K PiBzZnRwX3dyaXRlX25vbmJsb2NrLmMgYXMgYW4gZXhhbXBsZSBmcm9tIHRoZSBsaWJzc2gyIGV4 YW1wbGVzIGFuZA0KPiB1c2VkIHRoYXQgdG8gdXBsb2FkIGEgZmlsZSBpbiBteSBzZXR1cCBhbmQg aGVyZSB0byBJIGFtIHNlZWluZyB0aGUNCj4gc2FtZSBiZWhhdmlvciB0aGF0IHRoZSBzZnRwX3dy aXRlX25vbmJsb2NrIGFwcGxpY2F0aW9uIGdldCdzIGh1bmcuDQo+DQo+IFdvdWxkIGdyZWF0bHkg YXBwcmVjaWF0ZSBpZiBzb21lIG9uZSBjYW4gbG9vayBpbiB0byB0aGlzLiBBbHNvLCBJDQo+IGNh biBwcm92aWRlIGFueSBleHRyYSBkZWJ1ZyBpbmZvcm1hdGlvbiB0aGF0IHdvdWxkIGhlbHAgdG8g cmVzb2x2ZQ0KPiB0aGlzIGlzc3VlLg0KDQpZZXMsIHlvdSB3aWxsIGhhdmUgdG8gcHJvdmlkZSBk ZWJ1ZyBpbmZvcm1hdGlvbiBmb3IgYW55b25lIHRvIGJlIGFibGUNCnRvIGFuYWx5emUgeW91ciBw cm9ibGVtLg0KDQpJZGVhbGx5IGJ1aWxkIHRoZSBjdXJyZW50IGxpYnNzaDIgbWFzdGVyIGNvZGUg d2l0aCBkZWJ1ZyBtZXNzYWdlcw0KZW5hYmxlZCwgYW5kIGFkZCBhIGNhbGwgbGlrZSBsaWJzc2gy X3RyYWNlKHNlc3Npb24sIH4wKTsgaW4NCnNmdHBfd3JpdGVfbm9uYmxvY2suYyBtYXliZSBhZnRl ciB0aGUgbGlic3NoMl91c2VyYXV0aF8gY2FsbHMsIGJlZm9yZQ0KdGhlIGZpcnN0IGxpYnNzaDJf c2Z0cF8gY2FsbC4NCg0KVGhlbiBzZW5kIHRoZSBmdWxsIG91dHB1dCBmcm9tIHRoYXQgcHJvZ3Jh bSBmb3IgYSBydW4gd2hlcmUgdGhlIGVycm9yDQpoYXBwZW5zIHRvIHRoZSBsaXN0LiBQbGVhc2Ug bG9nIHRvIGEgdGV4dCBmaWxlIGFuZCBhdHRhY2ggdGhhdCBmaWxlDQp0byB5b3VyIG1haWwsIHNv IHRoYXQgYWxsIGluZm9ybWF0aW9uIGlzIGtlcHQgaW50YWN0LiBUaGFua3MhDQoNCg0KLy9QZXRl cg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQpTdWJqZWN0OiBEaWdlc3Qg Rm9vdGVyDQoNCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f DQpsaWJzc2gyLWRldmVsIG1haWxpbmcgbGlzdA0KbGlic3NoMi1kZXZlbEBjb29sLmhheHguc2U8 bWFpbHRvOmxpYnNzaDItZGV2ZWxAY29vbC5oYXh4LnNlPg0KaHR0cHM6Ly9jb29sLmhheHguc2Uv Y2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL2xpYnNzaDItZGV2ZWw8aHR0cHM6Ly9jb29sLmhheHgu c2UvY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL2xpYnNzaDItZGV2ZWw+DQoNCg0KLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCkVuZCBvZiBsaWJzc2gyLWRldmVsIERpZ2VzdCwgVm9s IDExNywgSXNzdWUgMQ0KKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqDQo= --_000_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_ Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6 IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ Zm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQph OmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xv cjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFuLk1z b0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpwdXJw bGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpwLm1zb25vcm1hbDAsIGxpLm1zb25v cm1hbDAsIGRpdi5tc29ub3JtYWwwDQoJe21zby1zdHlsZS1uYW1lOm1zb25vcm1hbDsNCgltc28t bWFyZ2luLXRvcC1hbHQ6YXV0bzsNCgltYXJnaW4tcmlnaHQ6MGluOw0KCW1zby1tYXJnaW4tYm90 dG9tLWFsdDphdXRvOw0KCW1hcmdpbi1sZWZ0OjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21z by1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5z LXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxl LXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlv bjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGlu O30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHlsZT48 IS0tW2lmIGd0ZSBtc28gOV0+PHhtbD4NCjxvOnNoYXBlZGVmYXVsdHMgdjpleHQ9ImVkaXQiIHNw aWRtYXg9IjEwMjYiIC8+DQo8L3htbD48IVtlbmRpZl0tLT48IS0tW2lmIGd0ZSBtc28gOV0+PHht bD4NCjxvOnNoYXBlbGF5b3V0IHY6ZXh0PSJlZGl0Ij4NCjxvOmlkbWFwIHY6ZXh0PSJlZGl0IiBk YXRhPSIxIiAvPg0KPC9vOnNoYXBlbGF5b3V0PjwveG1sPjwhW2VuZGlmXS0tPg0KPC9oZWFkPg0K PGJvZHkgbGFuZz0iRU4tVVMiIGxpbms9ImJsdWUiIHZsaW5rPSJwdXJwbGUiPg0KPGRpdiBjbGFz cz0iV29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPkhpLDxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0i TXNvTm9ybWFsIj5Gb3Igc29tZSByZWFzb24gSSBhbSBub3QgYWJsZSB0byByZXByb2R1Y2UgdGhl IGhhbmcgd2l0aCBzZnRwX3dyaXRlX25vbmJsb2NrLmMgYnV0IEkgZGlkIGZpbmQgdGhlIHNhbWUg dGhpbmcgaGFwcGVuIHdpdGggdGhlIGN1cmwuIEkgaGF2ZSBlbmFibGVkIHRoZSBkZWJ1ZyBvcHRp b24gYW5kIGFkZGVkIHRoZSBsaWJzc2gyX3RyYWNlIGFzIG1lbnRpb25lZCBieSB5b3UuDQo8bzpw PjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+QXR0YWNoaW5nIHRoZSBsb2cgZmlsZS4gSXQgaGFzIGJvdGgg bGliY3VybCBkZWJ1ZyBtZXNzYWdlcyAmIGxpYnNzaDIgZGVidWcgbWVzc2FnZXMuIFBsZWFzZSB0 YWtlIGEgbG9vayBhdCB0aGUgbG9nIGZpbGUgYW5kIEkgd2lsbCB0cnkgYWdhaW4gdG8gcmVwcm9k dWNlIHRoZSBoYW5nIHdpdGggc2Z0cF93cml0ZV9ub25ibG9jay5jIGV4YW1wbGUuIEkgd2lsbCBz ZW5kIHRoZSBkZWJ1ZyBsb2cgZm9yIHRoYXQgb25jZQ0KIEkgcmVwcm9kdWNlIHRoZSBpc3N1ZS48 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhhbmtzLDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCI+S2V0dWw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxv OnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRl ci10b3A6c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxiPkZyb206PC9iPiBsaWJzc2gyLWRldmVsICZsdDtsaWJzc2gy LWRldmVsLWJvdW5jZXNAY29vbC5oYXh4LnNlJmd0Ow0KPGI+T24gQmVoYWxmIE9mIDwvYj5saWJz c2gyLWRldmVsLXJlcXVlc3RAY29vbC5oYXh4LnNlPGJyPg0KPGI+U2VudDo8L2I+IFNhdHVyZGF5 LCBNYXJjaCAwMiwgMjAxOSA2OjAwIEFNPGJyPg0KPGI+VG86PC9iPiBsaWJzc2gyLWRldmVsQGNv b2wuaGF4eC5zZTxicj4NCjxiPlN1YmplY3Q6PC9iPiBsaWJzc2gyLWRldmVsIERpZ2VzdCwgVm9s IDExNywgSXNzdWUgMTxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2Rpdj4NCjxwIGNsYXNzPSJN c29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+U2Vu ZCBsaWJzc2gyLWRldmVsIG1haWxpbmcgbGlzdCBzdWJtaXNzaW9ucyB0bzxicj4NCjxhIGhyZWY9 Im1haWx0bzpsaWJzc2gyLWRldmVsQGNvb2wuaGF4eC5zZSI+bGlic3NoMi1kZXZlbEBjb29sLmhh eHguc2U8L2E+PGJyPg0KPGJyPg0KVG8gc3Vic2NyaWJlIG9yIHVuc3Vic2NyaWJlIHZpYSB0aGUg V29ybGQgV2lkZSBXZWIsIHZpc2l0PGJyPg0KPGEgaHJlZj0iaHR0cHM6Ly9jb29sLmhheHguc2Uv Y2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL2xpYnNzaDItZGV2ZWwiPmh0dHBzOi8vY29vbC5oYXh4 LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9saWJzc2gyLWRldmVsPC9hPjxicj4NCm9yLCB2 aWEgZW1haWwsIHNlbmQgYSBtZXNzYWdlIHdpdGggc3ViamVjdCBvciBib2R5ICdoZWxwJyB0bzxi cj4NCjxhIGhyZWY9Im1haWx0bzpsaWJzc2gyLWRldmVsLXJlcXVlc3RAY29vbC5oYXh4LnNlIj5s aWJzc2gyLWRldmVsLXJlcXVlc3RAY29vbC5oYXh4LnNlPC9hPjxicj4NCjxicj4NCllvdSBjYW4g cmVhY2ggdGhlIHBlcnNvbiBtYW5hZ2luZyB0aGUgbGlzdCBhdDxicj4NCjxhIGhyZWY9Im1haWx0 bzpsaWJzc2gyLWRldmVsLW93bmVyQGNvb2wuaGF4eC5zZSI+bGlic3NoMi1kZXZlbC1vd25lckBj b29sLmhheHguc2U8L2E+PGJyPg0KPGJyPg0KV2hlbiByZXBseWluZywgcGxlYXNlIGVkaXQgeW91 ciBTdWJqZWN0IGxpbmUgc28gaXQgaXMgbW9yZSBzcGVjaWZpYzxicj4NCnRoYW4gJnF1b3Q7UmU6 IENvbnRlbnRzIG9mIGxpYnNzaDItZGV2ZWwgZGlnZXN0Li4uJnF1b3Q7PGJyPg0KPGJyPg0KPGJy Pg0KVG9kYXkncyBUb3BpY3M6PGJyPg0KPGJyPg0KMS4gUmU6IFNGVFAgdHJhbnNmZXIgaGFuZ3Mg d2hlbiB0aGUgc2VydmVyIGNvbm5lY3Rpb24gaGFzIGhpZ2g8YnI+DQpsYXRlbmN5IFJUVCBhcm91 bmQgNTAwIG1zIGFuZCAzMCUgcGFja2V0IGxvc3MgKFBldGVyIFN0dWdlKTxicj4NCjxicj4NCjxi cj4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS08YnI+DQo8YnI+DQpNZXNzYWdlOiAxPGJyPg0KRGF0ZTogRnJpLCAx IE1hciAyMDE5IDE3OjAxOjE0ICswMDAwPGJyPg0KRnJvbTogUGV0ZXIgU3R1Z2UgJmx0OzxhIGhy ZWY9Im1haWx0bzpwZXRlckBzdHVnZS5zZSI+cGV0ZXJAc3R1Z2Uuc2U8L2E+Jmd0Ozxicj4NClRv OiA8YSBocmVmPSJtYWlsdG86bGlic3NoMi1kZXZlbEBjb29sLmhheHguc2UiPmxpYnNzaDItZGV2 ZWxAY29vbC5oYXh4LnNlPC9hPjxicj4NClN1YmplY3Q6IFJlOiBTRlRQIHRyYW5zZmVyIGhhbmdz IHdoZW4gdGhlIHNlcnZlciBjb25uZWN0aW9uIGhhcyBoaWdoPGJyPg0KbGF0ZW5jeSBSVFQgYXJv dW5kIDUwMCBtcyBhbmQgMzAlIHBhY2tldCBsb3NzPGJyPg0KTWVzc2FnZS1JRDogJmx0OzxhIGhy ZWY9Im1haWx0bzoyMDE5MDMwMTE3MDExNC4yMjgwNS5xbWFpbEBzdHVnZS5zZSI+MjAxOTAzMDEx NzAxMTQuMjI4MDUucW1haWxAc3R1Z2Uuc2U8L2E+Jmd0Ozxicj4NCkNvbnRlbnQtVHlwZTogdGV4 dC9wbGFpbjsgY2hhcnNldD11cy1hc2NpaTxicj4NCjxicj4NCkhpLDxicj4NCjxicj4NCktldHVs IEJhcm90IHdyb3RlOjxicj4NCiZndDsgVG8gZWxpbWluYXRlIGlmIGxpYnNzaDIgaXMgdGhlIHJl YWwgcmVhc29uIGZvciB0aGUgaGFuZy4gSSB1c2VkPGJyPg0KJmd0OyBzZnRwX3dyaXRlX25vbmJs b2NrLmMgYXMgYW4gZXhhbXBsZSBmcm9tIHRoZSBsaWJzc2gyIGV4YW1wbGVzIGFuZDxicj4NCiZn dDsgdXNlZCB0aGF0IHRvIHVwbG9hZCBhIGZpbGUgaW4gbXkgc2V0dXAgYW5kIGhlcmUgdG8gSSBh bSBzZWVpbmcgdGhlPGJyPg0KJmd0OyBzYW1lIGJlaGF2aW9yIHRoYXQgdGhlIHNmdHBfd3JpdGVf bm9uYmxvY2sgYXBwbGljYXRpb24gZ2V0J3MgaHVuZy48YnI+DQomZ3Q7IDxicj4NCiZndDsgV291 bGQgZ3JlYXRseSBhcHByZWNpYXRlIGlmIHNvbWUgb25lIGNhbiBsb29rIGluIHRvIHRoaXMuIEFs c28sIEk8YnI+DQomZ3Q7IGNhbiBwcm92aWRlIGFueSBleHRyYSBkZWJ1ZyBpbmZvcm1hdGlvbiB0 aGF0IHdvdWxkIGhlbHAgdG8gcmVzb2x2ZTxicj4NCiZndDsgdGhpcyBpc3N1ZS48YnI+DQo8YnI+ DQpZZXMsIHlvdSB3aWxsIGhhdmUgdG8gcHJvdmlkZSBkZWJ1ZyBpbmZvcm1hdGlvbiBmb3IgYW55 b25lIHRvIGJlIGFibGU8YnI+DQp0byBhbmFseXplIHlvdXIgcHJvYmxlbS48YnI+DQo8YnI+DQpJ ZGVhbGx5IGJ1aWxkIHRoZSBjdXJyZW50IGxpYnNzaDIgbWFzdGVyIGNvZGUgd2l0aCBkZWJ1ZyBt ZXNzYWdlczxicj4NCmVuYWJsZWQsIGFuZCBhZGQgYSBjYWxsIGxpa2UgbGlic3NoMl90cmFjZShz ZXNzaW9uLCB+MCk7IGluPGJyPg0Kc2Z0cF93cml0ZV9ub25ibG9jay5jIG1heWJlIGFmdGVyIHRo ZSBsaWJzc2gyX3VzZXJhdXRoXyBjYWxscywgYmVmb3JlPGJyPg0KdGhlIGZpcnN0IGxpYnNzaDJf c2Z0cF8gY2FsbC48YnI+DQo8YnI+DQpUaGVuIHNlbmQgdGhlIGZ1bGwgb3V0cHV0IGZyb20gdGhh dCBwcm9ncmFtIGZvciBhIHJ1biB3aGVyZSB0aGUgZXJyb3I8YnI+DQpoYXBwZW5zIHRvIHRoZSBs aXN0LiBQbGVhc2UgbG9nIHRvIGEgdGV4dCBmaWxlIGFuZCBhdHRhY2ggdGhhdCBmaWxlPGJyPg0K dG8geW91ciBtYWlsLCBzbyB0aGF0IGFsbCBpbmZvcm1hdGlvbiBpcyBrZXB0IGludGFjdC4gVGhh bmtzITxicj4NCjxicj4NCjxicj4NCi8vUGV0ZXI8YnI+DQo8YnI+DQo8YnI+DQotLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS08YnI+DQo8YnI+DQpTdWJqZWN0OiBEaWdlc3QgRm9vdGVyPGJy Pg0KPGJyPg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188 YnI+DQpsaWJzc2gyLWRldmVsIG1haWxpbmcgbGlzdDxicj4NCjxhIGhyZWY9Im1haWx0bzpsaWJz c2gyLWRldmVsQGNvb2wuaGF4eC5zZSI+bGlic3NoMi1kZXZlbEBjb29sLmhheHguc2U8L2E+PGJy Pg0KPGEgaHJlZj0iaHR0cHM6Ly9jb29sLmhheHguc2UvY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZv L2xpYnNzaDItZGV2ZWwiPmh0dHBzOi8vY29vbC5oYXh4LnNlL2NnaS1iaW4vbWFpbG1hbi9saXN0 aW5mby9saWJzc2gyLWRldmVsPC9hPjxicj4NCjxicj4NCjxicj4NCi0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLTxicj4NCjxicj4NCkVuZCBvZiBsaWJzc2gyLWRldmVsIERpZ2VzdCwgVm9s IDExNywgSXNzdWUgMTxicj4NCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo= --_000_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_-- --_004_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_ Content-Type: text/plain; name=libssh2_log.txt; charset=WINDOWS-1252 Content-Description: libssh2_log.txt Content-Disposition: attachment; filename="libssh2_log.txt"; size=34776; creation-date="Tue, 05 Mar 2019 15:05:51 GMT"; modification-date="Tue, 05 Mar 2019 15:05:51 GMT" Content-Transfer-Encoding: base64 TWFyICA0IDIxOjI5OjAxIFVuaVRhc2s6ICogU1RBVEU6IElOSVQgPT4gQ09OTkVDVCBoYW5kbGUg MHgxYzI2ZTg4OyBsaW5lIDE0MjggKGNvbm5lY3Rpb24gIy01MDAwKQ0KTWFyICA0IDIxOjI5OjAx IFVuaVRhc2s6ICogQWRkZWQgY29ubmVjdGlvbiAwLiBUaGUgY2FjaGUgbm93IGNvbnRhaW5zIDEg bWVtYmVycw0KTWFyICA0IDIxOjI5OjAxIFVuaVRhc2s6ICogICBUcnlpbmcgMTAuNDAuOTUuMTgx Li4uDQpNYXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBUQ1BfTk9ERUxBWSBzZXQNCk1hciAgNCAy MToyOTowMSBVbmlUYXNrOiAqIE5hbWUgJzEwLjUwLjMwLjQ2JyBmYW1pbHkgMiByZXNvbHZlZCB0 byAnMTAuNTAuMzAuNDYnIGZhbWlseSAyDQpNYXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBMb2Nh bCBwb3J0OiAwDQpNYXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBTVEFURTogQ09OTkVDVCA9PiBX QUlUQ09OTkVDVCBoYW5kbGUgMHgxYzI2ZTg4OyBsaW5lIDE0ODAgKGNvbm5lY3Rpb24gIzApDQpN YXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBDb25uZWN0ZWQgdG8gMTAuNDAuOTUuMTgxICgxMC40 MC45NS4xODEpIHBvcnQgMjAyNCAoIzApDQpNYXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBTVEFU RTogV0FJVENPTk5FQ1QgPT4gU0VORFBST1RPQ09OTkVDVCBoYW5kbGUgMHgxYzI2ZTg4OyBsaW5l IDE1OTkgKGNvbm5lY3Rpb24gIzApDQpNYXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBNYXJrZWQg Zm9yIFtrZWVwIGFsaXZlXTogU1NIIGRlZmF1bHQNCk1hciAgNCAyMToyOTowMSBVbmlUYXNrOiAq IFNGVFAgMHgxYzJjMWU4IHN0YXRlIGNoYW5nZSBmcm9tIFNTSF9TVE9QIHRvIFNTSF9JTklUDQpN YXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogKiBTRlRQIDB4MWMyYzFlOCBzdGF0ZSBjaGFuZ2UgZnJv bSBTU0hfSU5JVCB0byBTU0hfU19TVEFSVFVQDQpNYXIgIDQgMjE6Mjk6MDEgVW5pVGFzazogW2xp YnNzaDJdIDE2ODAuNTI2Njg2IFRyYW5zcG9ydDogc2Vzc2lvbl9zdGFydHVwIGZvciBzb2NrZXQg MTMNCk1hciAgNCAyMToyOTowMSBVbmlUYXNrOiBbbGlic3NoMl0gMTY4MC41MjY3NzIgVHJhbnNw b3J0OiBTZW5kaW5nIEJhbm5lcjogU1NILTIuMC1saWJzc2gyXzEuNy4wDQpNYXIgIDQgMjE6Mjk6 MDEgVW5pVGFzazogW2xpYnNzaDJdIDE2ODAuNTI3MTg2IFNvY2tldDogU2VudCAyMy8yMyBieXRl cyBhdCAweDIwM2UwMGY0KzANCk1hciAgNCAyMToyOTowMSBVbmlUYXNrOiAqIFNUQVRFOiBTRU5E UFJPVE9DT05ORUNUID0+IFBST1RPQ09OTkVDVCBoYW5kbGUgMHgxYzI2ZTg4OyBsaW5lIDE2MTMg KGNvbm5lY3Rpb24gIzApDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEu MDU1MzYyIFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5p VGFzazogW2xpYnNzaDJdIDE2ODEuMDU1NDE1IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVy DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU1NDMyIFNvY2tldDog UmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJd IDE2ODEuMDU1NDQ3IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6 MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU1NDU5IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMg YmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU1NDcwIFNv Y2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xp YnNzaDJdIDE2ODEuMDU1NDgxIFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU1ODEwIFNvY2tldDogUmVjdmVkIDEg Ynl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU1 ODQwIFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFz azogW2xpYnNzaDJdIDE2ODEuMDU1ODUzIFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpN YXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2MTIzIFNvY2tldDogUmVj dmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2 ODEuMDU2MTc3IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIg VW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2MjM4IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFu bmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2MjU0IFNvY2tl dDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNz aDJdIDE2ODEuMDU2MjY1IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6 Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2MzY0IFNvY2tldDogUmVjdmVkIDEgYnl0 ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2Mzc4 IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazog W2xpYnNzaDJdIDE2ODEuMDU2NDYzIFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIg IDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2NDg1IFNvY2tldDogUmVjdmVk IDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEu MDU2NTg4IFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVyDQpNYXIgIDQgMjE6Mjk6MDIgVW5p VGFzazogW2xpYnNzaDJdIDE2ODEuMDU2NjEyIFNvY2tldDogUmVjdmVkIDEgYnl0ZXMgYmFubmVy DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2NjM0IFRyYW5zcG9y dDogUmVjZWl2ZWQgQmFubmVyOiBTU0gtMi4wLU9wZW5TU0hfNy40DQpNYXIgIDQgMjE6Mjk6MDIg VW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU2NzE4IEtleSBFeDogU2VudCBLRVg6IGRpZmZpZS1o ZWxsbWFuLWdyb3VwLWV4Y2hhbmdlLXNoYTI1NixkaWZmaWUtaGVsbG1hbi1ncm91cC1leGNoYW5n ZS1zaGExLGRpZmZpZS1oZWxsbWFuLWdyb3VwMTQtc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDEt c2hhMQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgxLjA1NjczOCBLZXkg RXg6IFNlbnQgSE9TVEtFWTogc3NoLXJzYSxzc2gtZHNzDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFz azogW2xpYnNzaDJdIDE2ODEuMDU2NzkwIEtleSBFeDogU2VudCBDUllQVF9DUzogYWVzMTI4LWN0 cixhZXMxOTItY3RyLGFlczI1Ni1jdHIsYWVzMjU2LWNiYyxyaWpuZGFlbC1jYmNAbHlzYXRvci5s aXUuc2UsYWVzMTkyLWNiYyxhZXMxMjgtY2JjLGJsb3dmaXNoLWNiYyxhcmNmb3VyMTI4LGFyY2Zv dXIsY2FzdDEyOC1jYmMsM2Rlcy1jYmMNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiBbbGlic3No Ml0gMTY4MS4wNTY4NzYgS2V5IEV4OiBTZW50IENSWVBUX1NDOiBhZXMxMjgtY3RyLGFlczE5Mi1j dHIsYWVzMjU2LWN0cixhZXMyNTYtY2JjLHJpam5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZSxhZXMx OTItY2JjLGFlczEyOC1jYmMsYmxvd2Zpc2gtY2JjLGFyY2ZvdXIxMjgsYXJjZm91cixjYXN0MTI4 LWNiYywzZGVzLWNiYw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgxLjA1 NzA3NyBLZXkgRXg6IFNlbnQgTUFDX0NTOiBobWFjLXNoYTItMjU2LGhtYWMtc2hhMi01MTIsaG1h Yy1zaGExLGhtYWMtc2hhMS05NixobWFjLW1kNSxobWFjLW1kNS05Ng0KTWFyICA0IDIxOjI5OjAy IFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgxLjA1NzA4OCBLZXkgRXg6IFNlbnQgTUFDX1NDOiBobWFj LXNoYTItMjU2LGhtYWMtc2hhMi01MTIsaG1hYy1zaGExLGhtYWMtc2hhMS05NixobWFjLW1kNSxo bWFjLW1kNS05Ng0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgxLjA1NzA5 OCBLZXkgRXg6IFNlbnQgQ09NUF9DUzogbm9uZQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFts aWJzc2gyXSAxNjgxLjA1NzEwNiBLZXkgRXg6IFNlbnQgQ09NUF9TQzogbm9uZQ0KTWFyICA0IDIx OjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgxLjA1NzExMyBLZXkgRXg6IFNlbnQgTEFOR19D UzogDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuMDU3MjY5IEtleSBF eDogU2VudCBMQU5HX1NDOiANCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiA9PiBsaWJzc2gyX3Ry YW5zcG9ydF93cml0ZSBwbGFpbiAoNjQ1IGJ5dGVzKQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6 IDAwMDA6IDE0IDA0IEQzIEE5IDRGIDY0IENCIDQyICBFRCA1QyBBNyBFNiAxNCA3RiA5QiA3RCA6 IC4uLi5PZC5CLlwuLi4uLn0NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDEwOiAxNSAwMCAw MCAwMCA3RSA2NCA2OSA2NiAgNjYgNjkgNjUgMkQgNjggNjUgNkMgNkMgOiAuLi4ufmRpZmZpZS1o ZWxsDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDAyMDogNkQgNjEgNkUgMkQgNjcgNzIgNkYg NzUgIDcwIDJEIDY1IDc4IDYzIDY4IDYxIDZFIDogbWFuLWdyb3VwLWV4Y2hhbg0KTWFyICA0IDIx OjI5OjAyIFVuaVRhc2s6IDAwMzA6IDY3IDY1IDJEIDczIDY4IDYxIDMyIDM1ICAzNiAyQyA2NCA2 OSA2NiA2NiA2OSA2NSA6IGdlLXNoYTI1NixkaWZmaWUNCk1hciAgNCAyMToyOTowMiBVbmlUYXNr OiAwMDQwOiAyRCA2OCA2NSA2QyA2QyA2RCA2MSA2RSAgMkQgNjcgNzIgNkYgNzUgNzAgMkQgNjUg OiAtaGVsbG1hbi1ncm91cC1lDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA1MDogNzggNjMg NjggNjEgNkUgNjcgNjUgMkQgIDczIDY4IDYxIDMxIDJDIDY0IDY5IDY2IDogeGNoYW5nZS1zaGEx LGRpZg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwNjA6IDY2IDY5IDY1IDJEIDY4IDY1IDZD IDZDICA2RCA2MSA2RSAyRCA2NyA3MiA2RiA3NSA6IGZpZS1oZWxsbWFuLWdyb3UNCk1hciAgNCAy MToyOTowMiBVbmlUYXNrOiAwMDcwOiA3MCAzMSAzNCAyRCA3MyA2OCA2MSAzMSAgMkMgNjQgNjkg NjYgNjYgNjkgNjUgMkQgOiBwMTQtc2hhMSxkaWZmaWUtDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFz azogMDA4MDogNjggNjUgNkMgNkMgNkQgNjEgNkUgMkQgIDY3IDcyIDZGIDc1IDcwIDMxIDJEIDcz IDogaGVsbG1hbi1ncm91cDEtcw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwOTA6IDY4IDYx IDMxIDAwIDAwIDAwIDBGIDczICA3MyA2OCAyRCA3MiA3MyA2MSAyQyA3MyA6IGhhMS4uLi5zc2gt cnNhLHMNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMGEwOiA3MyA2OCAyRCA2NCA3MyA3MyAw MCAwMCAgMDAgOTIgNjEgNjUgNzMgMzEgMzIgMzggOiBzaC1kc3MuLi4uYWVzMTI4DQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogMDBiMDogMkQgNjMgNzQgNzIgMkMgNjEgNjUgNzMgIDMxIDM5IDMy IDJEIDYzIDc0IDcyIDJDIDogLWN0cixhZXMxOTItY3RyLA0KTWFyICA0IDIxOjI5OjAyIFVuaVRh c2s6IDAwYzA6IDYxIDY1IDczIDMyIDM1IDM2IDJEIDYzICA3NCA3MiAyQyA2MSA2NSA3MyAzMiAz NSA6IGFlczI1Ni1jdHIsYWVzMjUNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMGQwOiAzNiAy RCA2MyA2MiA2MyAyQyA3MiA2OSAgNkEgNkUgNjQgNjEgNjUgNkMgMkQgNjMgOiA2LWNiYyxyaWpu ZGFlbC1jDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDBlMDogNjIgNjMgNDAgNkMgNzkgNzMg NjEgNzQgIDZGIDcyIDJFIDZDIDY5IDc1IDJFIDczIDogYmNAbHlzYXRvci5saXUucw0KTWFyICA0 IDIxOjI5OjAyIFVuaVRhc2s6IDAwZjA6IDY1IDJDIDYxIDY1IDczIDMxIDM5IDMyICAyRCA2MyA2 MiA2MyAyQyA2MSA2NSA3MyA6IGUsYWVzMTkyLWNiYyxhZXMNCk1hciAgNCAyMToyOTowMiBVbmlU YXNrOiAwMTAwOiAzMSAzMiAzOCAyRCA2MyA2MiA2MyAyQyAgNjIgNkMgNkYgNzcgNjYgNjkgNzMg NjggOiAxMjgtY2JjLGJsb3dmaXNoDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDExMDogMkQg NjMgNjIgNjMgMkMgNjEgNzIgNjMgIDY2IDZGIDc1IDcyIDMxIDMyIDM4IDJDIDogLWNiYyxhcmNm b3VyMTI4LA0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxMjA6IDYxIDcyIDYzIDY2IDZGIDc1 IDcyIDJDICA2MyA2MSA3MyA3NCAzMSAzMiAzOCAyRCA6IGFyY2ZvdXIsY2FzdDEyOC0NCk1hciAg NCAyMToyOTowMiBVbmlUYXNrOiAwMTMwOiA2MyA2MiA2MyAyQyAzMyA2NCA2NSA3MyAgMkQgNjMg NjIgNjMgMDAgMDAgMDAgOTIgOiBjYmMsM2Rlcy1jYmMuLi4uDQpNYXIgIDQgMjE6Mjk6MDIgVW5p VGFzazogMDE0MDogNjEgNjUgNzMgMzEgMzIgMzggMkQgNjMgIDc0IDcyIDJDIDYxIDY1IDczIDMx IDM5IDogYWVzMTI4LWN0cixhZXMxOQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxNTA6IDMy IDJEIDYzIDc0IDcyIDJDIDYxIDY1ICA3MyAzMiAzNSAzNiAyRCA2MyA3NCA3MiA6IDItY3RyLGFl czI1Ni1jdHINCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMTYwOiAyQyA2MSA2NSA3MyAzMiAz NSAzNiAyRCAgNjMgNjIgNjMgMkMgNzIgNjkgNkEgNkUgOiAsYWVzMjU2LWNiYyxyaWpuDQpNYXIg IDQgMjE6Mjk6MDIgVW5pVGFzazogMDE3MDogNjQgNjEgNjUgNkMgMkQgNjMgNjIgNjMgIDQwIDZD IDc5IDczIDYxIDc0IDZGIDcyIDogZGFlbC1jYmNAbHlzYXRvcg0KTWFyICA0IDIxOjI5OjAyIFVu aVRhc2s6IDAxODA6IDJFIDZDIDY5IDc1IDJFIDczIDY1IDJDICA2MSA2NSA3MyAzMSAzOSAzMiAy RCA2MyA6IC5saXUuc2UsYWVzMTkyLWMNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMTkwOiA2 MiA2MyAyQyA2MSA2NSA3MyAzMSAzMiAgMzggMkQgNjMgNjIgNjMgMkMgNjIgNkMgOiBiYyxhZXMx MjgtY2JjLGJsDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDFhMDogNkYgNzcgNjYgNjkgNzMg NjggMkQgNjMgIDYyIDYzIDJDIDYxIDcyIDYzIDY2IDZGIDogb3dmaXNoLWNiYyxhcmNmbw0KTWFy ICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxYjA6IDc1IDcyIDMxIDMyIDM4IDJDIDYxIDcyICA2MyA2 NiA2RiA3NSA3MiAyQyA2MyA2MSA6IHVyMTI4LGFyY2ZvdXIsY2ENCk1hciAgNCAyMToyOTowMiBV bmlUYXNrOiAwMWMwOiA3MyA3NCAzMSAzMiAzOCAyRCA2MyA2MiAgNjMgMkMgMzMgNjQgNjUgNzMg MkQgNjMgOiBzdDEyOC1jYmMsM2Rlcy1jDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDFkMDog NjIgNjMgMDAgMDAgMDAgNDcgNjggNkQgIDYxIDYzIDJEIDczIDY4IDYxIDMyIDJEIDogYmMuLi5H aG1hYy1zaGEyLQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxZTA6IDMyIDM1IDM2IDJDIDY4 IDZEIDYxIDYzICAyRCA3MyA2OCA2MSAzMiAyRCAzNSAzMSA6IDI1NixobWFjLXNoYTItNTENCk1h ciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMWYwOiAzMiAyQyA2OCA2RCA2MSA2MyAyRCA3MyAgNjgg NjEgMzEgMkMgNjggNkQgNjEgNjMgOiAyLGhtYWMtc2hhMSxobWFjDQpNYXIgIDQgMjE6Mjk6MDIg VW5pVGFzazogMDIwMDogMkQgNzMgNjggNjEgMzEgMkQgMzkgMzYgIDJDIDY4IDZEIDYxIDYzIDJE IDZEIDY0IDogLXNoYTEtOTYsaG1hYy1tZA0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyMTA6 IDM1IDJDIDY4IDZEIDYxIDYzIDJEIDZEICA2NCAzNSAyRCAzOSAzNiAwMCAwMCAwMCA6IDUsaG1h Yy1tZDUtOTYuLi4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjIwOiA0NyA2OCA2RCA2MSA2 MyAyRCA3MyA2OCAgNjEgMzIgMkQgMzIgMzUgMzYgMkMgNjggOiBHaG1hYy1zaGEyLTI1NixoDQpN YXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDIzMDogNkQgNjEgNjMgMkQgNzMgNjggNjEgMzIgIDJE IDM1IDMxIDMyIDJDIDY4IDZEIDYxIDogbWFjLXNoYTItNTEyLGhtYQ0KTWFyICA0IDIxOjI5OjAy IFVuaVRhc2s6IDAyNDA6IDYzIDJEIDczIDY4IDYxIDMxIDJDIDY4ICA2RCA2MSA2MyAyRCA3MyA2 OCA2MSAzMSA6IGMtc2hhMSxobWFjLXNoYTENCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjUw OiAyRCAzOSAzNiAyQyA2OCA2RCA2MSA2MyAgMkQgNkQgNjQgMzUgMkMgNjggNkQgNjEgOiAtOTYs aG1hYy1tZDUsaG1hDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDI2MDogNjMgMkQgNkQgNjQg MzUgMkQgMzkgMzYgIDAwIDAwIDAwIDA0IDZFIDZGIDZFIDY1IDogYy1tZDUtOTYuLi4ubm9uZQ0K TWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyNzA6IDAwIDAwIDAwIDA0IDZFIDZGIDZFIDY1ICAw MCAwMCAwMCAwMCAwMCAwMCAwMCAwMCA6IC4uLi5ub25lLi4uLi4uLi4NCk1hciAgNCAyMToyOTow MiBVbmlUYXNrOiAwMjgwOiAwMCAwMCAwMCAwMCAwMCAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgOiAuLi4uLg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgx LjA1OTIyMCBTb2NrZXQ6IFNlbnQgNjU2LzY1NiBieXRlcyBhdCAweDFjMzIzNDQNCk1hciAgNCAy MToyOTowMiBVbmlUYXNrOiA9PiBsaWJzc2gyX3RyYW5zcG9ydF93cml0ZSBzZW5kKCkgKDY1NiBi eXRlcykNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDAwOiAwMCAwMCAwMiA4QyAwNiAxNCAw NCBEMyAgQTkgNEYgNjQgQ0IgNDIgRUQgNUMgQTcgOiAuLi4uLi4uLi5PZC5CLlwuDQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogMDAxMDogRTYgMTQgN0YgOUIgN0QgMTUgMDAgMDAgIDAwIDdFIDY0 IDY5IDY2IDY2IDY5IDY1IDogLi4uLn0uLi4ufmRpZmZpZQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRh c2s6IDAwMjA6IDJEIDY4IDY1IDZDIDZDIDZEIDYxIDZFICAyRCA2NyA3MiA2RiA3NSA3MCAyRCA2 NSA6IC1oZWxsbWFuLWdyb3VwLWUNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDMwOiA3OCA2 MyA2OCA2MSA2RSA2NyA2NSAyRCAgNzMgNjggNjEgMzIgMzUgMzYgMkMgNjQgOiB4Y2hhbmdlLXNo YTI1NixkDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA0MDogNjkgNjYgNjYgNjkgNjUgMkQg NjggNjUgIDZDIDZDIDZEIDYxIDZFIDJEIDY3IDcyIDogaWZmaWUtaGVsbG1hbi1ncg0KTWFyICA0 IDIxOjI5OjAyIFVuaVRhc2s6IDAwNTA6IDZGIDc1IDcwIDJEIDY1IDc4IDYzIDY4ICA2MSA2RSA2 NyA2NSAyRCA3MyA2OCA2MSA6IG91cC1leGNoYW5nZS1zaGENCk1hciAgNCAyMToyOTowMiBVbmlU YXNrOiAwMDYwOiAzMSAyQyA2NCA2OSA2NiA2NiA2OSA2NSAgMkQgNjggNjUgNkMgNkMgNkQgNjEg NkUgOiAxLGRpZmZpZS1oZWxsbWFuDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA3MDogMkQg NjcgNzIgNkYgNzUgNzAgMzEgMzQgIDJEIDczIDY4IDYxIDMxIDJDIDY0IDY5IDogLWdyb3VwMTQt c2hhMSxkaQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwODA6IDY2IDY2IDY5IDY1IDJEIDY4 IDY1IDZDICA2QyA2RCA2MSA2RSAyRCA2NyA3MiA2RiA6IGZmaWUtaGVsbG1hbi1ncm8NCk1hciAg NCAyMToyOTowMiBVbmlUYXNrOiAwMDkwOiA3NSA3MCAzMSAyRCA3MyA2OCA2MSAzMSAgMDAgMDAg MDAgMEYgNzMgNzMgNjggMkQgOiB1cDEtc2hhMS4uLi5zc2gtDQpNYXIgIDQgMjE6Mjk6MDIgVW5p VGFzazogMDBhMDogNzIgNzMgNjEgMkMgNzMgNzMgNjggMkQgIDY0IDczIDczIDAwIDAwIDAwIDky IDYxIDogcnNhLHNzaC1kc3MuLi4uYQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwYjA6IDY1 IDczIDMxIDMyIDM4IDJEIDYzIDc0ICA3MiAyQyA2MSA2NSA3MyAzMSAzOSAzMiA6IGVzMTI4LWN0 cixhZXMxOTINCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMGMwOiAyRCA2MyA3NCA3MiAyQyA2 MSA2NSA3MyAgMzIgMzUgMzYgMkQgNjMgNzQgNzIgMkMgOiAtY3RyLGFlczI1Ni1jdHIsDQpNYXIg IDQgMjE6Mjk6MDIgVW5pVGFzazogMDBkMDogNjEgNjUgNzMgMzIgMzUgMzYgMkQgNjMgIDYyIDYz IDJDIDcyIDY5IDZBIDZFIDY0IDogYWVzMjU2LWNiYyxyaWpuZA0KTWFyICA0IDIxOjI5OjAyIFVu aVRhc2s6IDAwZTA6IDYxIDY1IDZDIDJEIDYzIDYyIDYzIDQwICA2QyA3OSA3MyA2MSA3NCA2RiA3 MiAyRSA6IGFlbC1jYmNAbHlzYXRvci4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMGYwOiA2 QyA2OSA3NSAyRSA3MyA2NSAyQyA2MSAgNjUgNzMgMzEgMzkgMzIgMkQgNjMgNjIgOiBsaXUuc2Us YWVzMTkyLWNiDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDEwMDogNjMgMkMgNjEgNjUgNzMg MzEgMzIgMzggIDJEIDYzIDYyIDYzIDJDIDYyIDZDIDZGIDogYyxhZXMxMjgtY2JjLGJsbw0KTWFy ICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxMTA6IDc3IDY2IDY5IDczIDY4IDJEIDYzIDYyICA2MyAy QyA2MSA3MiA2MyA2NiA2RiA3NSA6IHdmaXNoLWNiYyxhcmNmb3UNCk1hciAgNCAyMToyOTowMiBV bmlUYXNrOiAwMTIwOiA3MiAzMSAzMiAzOCAyQyA2MSA3MiA2MyAgNjYgNkYgNzUgNzIgMkMgNjMg NjEgNzMgOiByMTI4LGFyY2ZvdXIsY2FzDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDEzMDog NzQgMzEgMzIgMzggMkQgNjMgNjIgNjMgIDJDIDMzIDY0IDY1IDczIDJEIDYzIDYyIDogdDEyOC1j YmMsM2Rlcy1jYg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxNDA6IDYzIDAwIDAwIDAwIDky IDYxIDY1IDczICAzMSAzMiAzOCAyRCA2MyA3NCA3MiAyQyA6IGMuLi4uYWVzMTI4LWN0ciwNCk1h ciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMTUwOiA2MSA2NSA3MyAzMSAzOSAzMiAyRCA2MyAgNzQg NzIgMkMgNjEgNjUgNzMgMzIgMzUgOiBhZXMxOTItY3RyLGFlczI1DQpNYXIgIDQgMjE6Mjk6MDIg VW5pVGFzazogMDE2MDogMzYgMkQgNjMgNzQgNzIgMkMgNjEgNjUgIDczIDMyIDM1IDM2IDJEIDYz IDYyIDYzIDogNi1jdHIsYWVzMjU2LWNiYw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxNzA6 IDJDIDcyIDY5IDZBIDZFIDY0IDYxIDY1ICA2QyAyRCA2MyA2MiA2MyA0MCA2QyA3OSA6ICxyaWpu ZGFlbC1jYmNAbHkNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMTgwOiA3MyA2MSA3NCA2RiA3 MiAyRSA2QyA2OSAgNzUgMkUgNzMgNjUgMkMgNjEgNjUgNzMgOiBzYXRvci5saXUuc2UsYWVzDQpN YXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDE5MDogMzEgMzkgMzIgMkQgNjMgNjIgNjMgMkMgIDYx IDY1IDczIDMxIDMyIDM4IDJEIDYzIDogMTkyLWNiYyxhZXMxMjgtYw0KTWFyICA0IDIxOjI5OjAy IFVuaVRhc2s6IDAxYTA6IDYyIDYzIDJDIDYyIDZDIDZGIDc3IDY2ICA2OSA3MyA2OCAyRCA2MyA2 MiA2MyAyQyA6IGJjLGJsb3dmaXNoLWNiYywNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMWIw OiA2MSA3MiA2MyA2NiA2RiA3NSA3MiAzMSAgMzIgMzggMkMgNjEgNzIgNjMgNjYgNkYgOiBhcmNm b3VyMTI4LGFyY2ZvDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDFjMDogNzUgNzIgMkMgNjMg NjEgNzMgNzQgMzEgIDMyIDM4IDJEIDYzIDYyIDYzIDJDIDMzIDogdXIsY2FzdDEyOC1jYmMsMw0K TWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxZDA6IDY0IDY1IDczIDJEIDYzIDYyIDYzIDAwICAw MCAwMCA0NyA2OCA2RCA2MSA2MyAyRCA6IGRlcy1jYmMuLi5HaG1hYy0NCk1hciAgNCAyMToyOTow MiBVbmlUYXNrOiAwMWUwOiA3MyA2OCA2MSAzMiAyRCAzMiAzNSAzNiAgMkMgNjggNkQgNjEgNjMg MkQgNzMgNjggOiBzaGEyLTI1NixobWFjLXNoDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDFm MDogNjEgMzIgMkQgMzUgMzEgMzIgMkMgNjggIDZEIDYxIDYzIDJEIDczIDY4IDYxIDMxIDogYTIt NTEyLGhtYWMtc2hhMQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyMDA6IDJDIDY4IDZEIDYx IDYzIDJEIDczIDY4ICA2MSAzMSAyRCAzOSAzNiAyQyA2OCA2RCA6ICxobWFjLXNoYTEtOTYsaG0N Ck1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjEwOiA2MSA2MyAyRCA2RCA2NCAzNSAyQyA2OCAg NkQgNjEgNjMgMkQgNkQgNjQgMzUgMkQgOiBhYy1tZDUsaG1hYy1tZDUtDQpNYXIgIDQgMjE6Mjk6 MDIgVW5pVGFzazogMDIyMDogMzkgMzYgMDAgMDAgMDAgNDcgNjggNkQgIDYxIDYzIDJEIDczIDY4 IDYxIDMyIDJEIDogOTYuLi5HaG1hYy1zaGEyLQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAy MzA6IDMyIDM1IDM2IDJDIDY4IDZEIDYxIDYzICAyRCA3MyA2OCA2MSAzMiAyRCAzNSAzMSA6IDI1 NixobWFjLXNoYTItNTENCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjQwOiAzMiAyQyA2OCA2 RCA2MSA2MyAyRCA3MyAgNjggNjEgMzEgMkMgNjggNkQgNjEgNjMgOiAyLGhtYWMtc2hhMSxobWFj DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDI1MDogMkQgNzMgNjggNjEgMzEgMkQgMzkgMzYg IDJDIDY4IDZEIDYxIDYzIDJEIDZEIDY0IDogLXNoYTEtOTYsaG1hYy1tZA0KTWFyICA0IDIxOjI5 OjAyIFVuaVRhc2s6IDAyNjA6IDM1IDJDIDY4IDZEIDYxIDYzIDJEIDZEICA2NCAzNSAyRCAzOSAz NiAwMCAwMCAwMCA6IDUsaG1hYy1tZDUtOTYuLi4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAw MjcwOiAwNCA2RSA2RiA2RSA2NSAwMCAwMCAwMCAgMDQgNkUgNkYgNkUgNjUgMDAgMDAgMDAgOiAu bm9uZS4uLi5ub25lLi4uDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDI4MDogMDAgMDAgMDAg MDAgMDAgMDAgMDAgMDAgIDAwIDAwIERCIEI3IDZDIERCIDgxIDQxIDogLi4uLi4uLi4uLi4ubC4u QQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgxLjA2MDY5MyBUcmFuc3Bv cnQ6IExvb2tpbmcgZm9yIHBhY2tldCBvZiB0eXBlOiAyMA0KTWFyICA0IDIxOjI5OjAyIFVuaVRh c2s6IFtsaWJzc2gyXSAxNjgxLjU1NTIxNyBTb2NrZXQ6IFJlY3ZlZCA2NzIvMTYzODQgYnl0ZXMg dG8gMHgxYzJlMzFjKzANCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiA9PiBsaWJzc2gyX3RyYW5z cG9ydF9yZWFkKCkgcmF3ICg2NzIgYnl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDAw MDogMDAgMDAgMDIgOUMgMEEgMTQgMjIgOEEgIENCIDM5IEVEIDFEIDkzIDdEIDBFIEVCIDogLi4u Li4uIi4uOS4uLn0uLg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwMTA6IDIwIEZGIEYyIDAz IDkzIEE2IDAwIDAwICAwMSA0MCA2MyA3NSA3MiA3NiA2NSAzMiA6ICAuLi4uLi4uLkBjdXJ2ZTIN Ck1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDIwOiAzNSAzNSAzMSAzOSAyRCA3MyA2OCA2MSAg MzIgMzUgMzYgMkMgNjMgNzUgNzIgNzYgOiA1NTE5LXNoYTI1NixjdXJ2DQpNYXIgIDQgMjE6Mjk6 MDIgVW5pVGFzazogMDAzMDogNjUgMzIgMzUgMzUgMzEgMzkgMkQgNzMgIDY4IDYxIDMyIDM1IDM2 IDQwIDZDIDY5IDogZTI1NTE5LXNoYTI1NkBsaQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAw NDA6IDYyIDczIDczIDY4IDJFIDZGIDcyIDY3ICAyQyA2NSA2MyA2NCA2OCAyRCA3MyA2OCA6IGJz c2gub3JnLGVjZGgtc2gNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDUwOiA2MSAzMiAyRCA2 RSA2OSA3MyA3NCA3MCAgMzIgMzUgMzYgMkMgNjUgNjMgNjQgNjggOiBhMi1uaXN0cDI1NixlY2Ro DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA2MDogMkQgNzMgNjggNjEgMzIgMkQgNkUgNjkg IDczIDc0IDcwIDMzIDM4IDM0IDJDIDY1IDogLXNoYTItbmlzdHAzODQsZQ0KTWFyICA0IDIxOjI5 OjAyIFVuaVRhc2s6IDAwNzA6IDYzIDY0IDY4IDJEIDczIDY4IDYxIDMyICAyRCA2RSA2OSA3MyA3 NCA3MCAzNSAzMiA6IGNkaC1zaGEyLW5pc3RwNTINCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAw MDgwOiAzMSAyQyA2NCA2OSA2NiA2NiA2OSA2NSAgMkQgNjggNjUgNkMgNkMgNkQgNjEgNkUgOiAx LGRpZmZpZS1oZWxsbWFuDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA5MDogMkQgNjcgNzIg NkYgNzUgNzAgMkQgNjUgIDc4IDYzIDY4IDYxIDZFIDY3IDY1IDJEIDogLWdyb3VwLWV4Y2hhbmdl LQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwYTA6IDczIDY4IDYxIDMyIDM1IDM2IDJDIDY0 ICA2OSA2NiA2NiA2OSA2NSAyRCA2OCA2NSA6IHNoYTI1NixkaWZmaWUtaGUNCk1hciAgNCAyMToy OTowMiBVbmlUYXNrOiAwMGIwOiA2QyA2QyA2RCA2MSA2RSAyRCA2NyA3MiAgNkYgNzUgNzAgMzEg MzYgMkQgNzMgNjggOiBsbG1hbi1ncm91cDE2LXNoDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazog MDBjMDogNjEgMzUgMzEgMzIgMkMgNjQgNjkgNjYgIDY2IDY5IDY1IDJEIDY4IDY1IDZDIDZDIDog YTUxMixkaWZmaWUtaGVsbA0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwZDA6IDZEIDYxIDZF IDJEIDY3IDcyIDZGIDc1ICA3MCAzMSAzOCAyRCA3MyA2OCA2MSAzNSA6IG1hbi1ncm91cDE4LXNo YTUNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMGUwOiAzMSAzMiAyQyA2NCA2OSA2NiA2NiA2 OSAgNjUgMkQgNjggNjUgNkMgNkMgNkQgNjEgOiAxMixkaWZmaWUtaGVsbG1hDQpNYXIgIDQgMjE6 Mjk6MDIgVW5pVGFzazogMDBmMDogNkUgMkQgNjcgNzIgNkYgNzUgNzAgMkQgIDY1IDc4IDYzIDY4 IDYxIDZFIDY3IDY1IDogbi1ncm91cC1leGNoYW5nZQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6 IDAxMDA6IDJEIDczIDY4IDYxIDMxIDJDIDY0IDY5ICA2NiA2NiA2OSA2NSAyRCA2OCA2NSA2QyA6 IC1zaGExLGRpZmZpZS1oZWwNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMTEwOiA2QyA2RCA2 MSA2RSAyRCA2NyA3MiA2RiAgNzUgNzAgMzEgMzQgMkQgNzMgNjggNjEgOiBsbWFuLWdyb3VwMTQt c2hhDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDEyMDogMzIgMzUgMzYgMkMgNjQgNjkgNjYg NjYgIDY5IDY1IDJEIDY4IDY1IDZDIDZDIDZEIDogMjU2LGRpZmZpZS1oZWxsbQ0KTWFyICA0IDIx OjI5OjAyIFVuaVRhc2s6IDAxMzA6IDYxIDZFIDJEIDY3IDcyIDZGIDc1IDcwICAzMSAzNCAyRCA3 MyA2OCA2MSAzMSAyQyA6IGFuLWdyb3VwMTQtc2hhMSwNCk1hciAgNCAyMToyOTowMiBVbmlUYXNr OiAwMTQwOiA2NCA2OSA2NiA2NiA2OSA2NSAyRCA2OCAgNjUgNkMgNkMgNkQgNjEgNkUgMkQgNjcg OiBkaWZmaWUtaGVsbG1hbi1nDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDE1MDogNzIgNkYg NzUgNzAgMzEgMkQgNzMgNjggIDYxIDMxIDAwIDAwIDAwIDQxIDczIDczIDogcm91cDEtc2hhMS4u LkFzcw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxNjA6IDY4IDJEIDcyIDczIDYxIDJDIDcy IDczICA2MSAyRCA3MyA2OCA2MSAzMiAyRCAzNSA6IGgtcnNhLHJzYS1zaGEyLTUNCk1hciAgNCAy MToyOTowMiBVbmlUYXNrOiAwMTcwOiAzMSAzMiAyQyA3MiA3MyA2MSAyRCA3MyAgNjggNjEgMzIg MkQgMzIgMzUgMzYgMkMgOiAxMixyc2Etc2hhMi0yNTYsDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFz azogMDE4MDogNjUgNjMgNjQgNzMgNjEgMkQgNzMgNjggIDYxIDMyIDJEIDZFIDY5IDczIDc0IDcw IDogZWNkc2Etc2hhMi1uaXN0cA0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxOTA6IDMyIDM1 IDM2IDJDIDczIDczIDY4IDJEICA2NSA2NCAzMiAzNSAzNSAzMSAzOSAwMCA6IDI1Nixzc2gtZWQy NTUxOS4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMWEwOiAwMCAwMCAyMCA2MSA2NSA3MyAz MSAzMiAgMzggMkQgNjMgNzQgNzIgMkMgNjEgNjUgOiAuLiBhZXMxMjgtY3RyLGFlDQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogMDFiMDogNzMgMzEgMzkgMzIgMkQgNjMgNzQgNzIgIDJDIDYxIDY1 IDczIDMyIDM1IDM2IDJEIDogczE5Mi1jdHIsYWVzMjU2LQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRh c2s6IDAxYzA6IDYzIDc0IDcyIDAwIDAwIDAwIDIwIDYxICA2NSA3MyAzMSAzMiAzOCAyRCA2MyA3 NCA6IGN0ci4uLiBhZXMxMjgtY3QNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMWQwOiA3MiAy QyA2MSA2NSA3MyAzMSAzOSAzMiAgMkQgNjMgNzQgNzIgMkMgNjEgNjUgNzMgOiByLGFlczE5Mi1j dHIsYWVzDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDFlMDogMzIgMzUgMzYgMkQgNjMgNzQg NzIgMDAgIDAwIDAwIDM0IDY4IDZEIDYxIDYzIDJEIDogMjU2LWN0ci4uLjRobWFjLQ0KTWFyICA0 IDIxOjI5OjAyIFVuaVRhc2s6IDAxZjA6IDczIDY4IDYxIDMxIDJDIDY4IDZEIDYxICA2MyAyRCA3 MiA2OSA3MCA2NSA2RCA2NCA6IHNoYTEsaG1hYy1yaXBlbWQNCk1hciAgNCAyMToyOTowMiBVbmlU YXNrOiAwMjAwOiAzMSAzNiAzMCAyQyA2OCA2RCA2MSA2MyAgMkQgNzMgNjggNjEgMzIgMkQgMzIg MzUgOiAxNjAsaG1hYy1zaGEyLTI1DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDIxMDogMzYg MkMgNjggNkQgNjEgNjMgMkQgNzMgIDY4IDYxIDMyIDJEIDM1IDMxIDMyIDAwIDogNixobWFjLXNo YTItNTEyLg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyMjA6IDAwIDAwIDM0IDY4IDZEIDYx IDYzIDJEICA3MyA2OCA2MSAzMSAyQyA2OCA2RCA2MSA6IC4uNGhtYWMtc2hhMSxobWENCk1hciAg NCAyMToyOTowMiBVbmlUYXNrOiAwMjMwOiA2MyAyRCA3MiA2OSA3MCA2NSA2RCA2NCAgMzEgMzYg MzAgMkMgNjggNkQgNjEgNjMgOiBjLXJpcGVtZDE2MCxobWFjDQpNYXIgIDQgMjE6Mjk6MDIgVW5p VGFzazogMDI0MDogMkQgNzMgNjggNjEgMzIgMkQgMzIgMzUgIDM2IDJDIDY4IDZEIDYxIDYzIDJE IDczIDogLXNoYTItMjU2LGhtYWMtcw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyNTA6IDY4 IDYxIDMyIDJEIDM1IDMxIDMyIDAwICAwMCAwMCAxNSA2RSA2RiA2RSA2NSAyQyA6IGhhMi01MTIu Li4ubm9uZSwNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjYwOiA3QSA2QyA2OSA2MiA0MCA2 RiA3MCA2NSAgNkUgNzMgNzMgNjggMkUgNjMgNkYgNkQgOiB6bGliQG9wZW5zc2guY29tDQpNYXIg IDQgMjE6Mjk6MDIgVW5pVGFzazogMDI3MDogMDAgMDAgMDAgMTUgNkUgNkYgNkUgNjUgIDJDIDdB IDZDIDY5IDYyIDQwIDZGIDcwIDogLi4uLm5vbmUsemxpYkBvcA0KTWFyICA0IDIxOjI5OjAyIFVu aVRhc2s6IDAyODA6IDY1IDZFIDczIDczIDY4IDJFIDYzIDZGICA2RCAwMCAwMCAwMCAwMCAwMCAw MCAwMCA6IGVuc3NoLmNvbS4uLi4uLi4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjkwOiAw MCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgOiAuLi4uLi4u Li4uLi4uLi4uDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogPT4gbGlic3NoMl90cmFuc3BvcnRf cmVhZCgpIHBsYWluICg2NTcgYnl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDAwMDog MTQgMjIgOEEgQ0IgMzkgRUQgMUQgOTMgIDdEIDBFIEVCIDIwIEZGIEYyIDAzIDkzIDogLiIuLjku Li59Li4gLi4uLg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwMTA6IEE2IDAwIDAwIDAxIDQw IDYzIDc1IDcyICA3NiA2NSAzMiAzNSAzNSAzMSAzOSAyRCA6IC4uLi5AY3VydmUyNTUxOS0NCk1h ciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDIwOiA3MyA2OCA2MSAzMiAzNSAzNiAyQyA2MyAgNzUg NzIgNzYgNjUgMzIgMzUgMzUgMzEgOiBzaGEyNTYsY3VydmUyNTUxDQpNYXIgIDQgMjE6Mjk6MDIg VW5pVGFzazogMDAzMDogMzkgMkQgNzMgNjggNjEgMzIgMzUgMzYgIDQwIDZDIDY5IDYyIDczIDcz IDY4IDJFIDogOS1zaGEyNTZAbGlic3NoLg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwNDA6 IDZGIDcyIDY3IDJDIDY1IDYzIDY0IDY4ICAyRCA3MyA2OCA2MSAzMiAyRCA2RSA2OSA6IG9yZyxl Y2RoLXNoYTItbmkNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDUwOiA3MyA3NCA3MCAzMiAz NSAzNiAyQyA2NSAgNjMgNjQgNjggMkQgNzMgNjggNjEgMzIgOiBzdHAyNTYsZWNkaC1zaGEyDQpN YXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA2MDogMkQgNkUgNjkgNzMgNzQgNzAgMzMgMzggIDM0 IDJDIDY1IDYzIDY0IDY4IDJEIDczIDogLW5pc3RwMzg0LGVjZGgtcw0KTWFyICA0IDIxOjI5OjAy IFVuaVRhc2s6IDAwNzA6IDY4IDYxIDMyIDJEIDZFIDY5IDczIDc0ICA3MCAzNSAzMiAzMSAyQyA2 NCA2OSA2NiA6IGhhMi1uaXN0cDUyMSxkaWYNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMDgw OiA2NiA2OSA2NSAyRCA2OCA2NSA2QyA2QyAgNkQgNjEgNkUgMkQgNjcgNzIgNkYgNzUgOiBmaWUt aGVsbG1hbi1ncm91DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDA5MDogNzAgMkQgNjUgNzgg NjMgNjggNjEgNkUgIDY3IDY1IDJEIDczIDY4IDYxIDMyIDM1IDogcC1leGNoYW5nZS1zaGEyNQ0K TWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwYTA6IDM2IDJDIDY0IDY5IDY2IDY2IDY5IDY1ICAy RCA2OCA2NSA2QyA2QyA2RCA2MSA2RSA6IDYsZGlmZmllLWhlbGxtYW4NCk1hciAgNCAyMToyOTow MiBVbmlUYXNrOiAwMGIwOiAyRCA2NyA3MiA2RiA3NSA3MCAzMSAzNiAgMkQgNzMgNjggNjEgMzUg MzEgMzIgMkMgOiAtZ3JvdXAxNi1zaGE1MTIsDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDBj MDogNjQgNjkgNjYgNjYgNjkgNjUgMkQgNjggIDY1IDZDIDZDIDZEIDYxIDZFIDJEIDY3IDogZGlm ZmllLWhlbGxtYW4tZw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAwZDA6IDcyIDZGIDc1IDcw IDMxIDM4IDJEIDczICA2OCA2MSAzNSAzMSAzMiAyQyA2NCA2OSA6IHJvdXAxOC1zaGE1MTIsZGkN Ck1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMGUwOiA2NiA2NiA2OSA2NSAyRCA2OCA2NSA2QyAg NkMgNkQgNjEgNkUgMkQgNjcgNzIgNkYgOiBmZmllLWhlbGxtYW4tZ3JvDQpNYXIgIDQgMjE6Mjk6 MDIgVW5pVGFzazogMDBmMDogNzUgNzAgMkQgNjUgNzggNjMgNjggNjEgIDZFIDY3IDY1IDJEIDcz IDY4IDYxIDMxIDogdXAtZXhjaGFuZ2Utc2hhMQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAx MDA6IDJDIDY0IDY5IDY2IDY2IDY5IDY1IDJEICA2OCA2NSA2QyA2QyA2RCA2MSA2RSAyRCA6ICxk aWZmaWUtaGVsbG1hbi0NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMTEwOiA2NyA3MiA2RiA3 NSA3MCAzMSAzNCAyRCAgNzMgNjggNjEgMzIgMzUgMzYgMkMgNjQgOiBncm91cDE0LXNoYTI1Nixk DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDEyMDogNjkgNjYgNjYgNjkgNjUgMkQgNjggNjUg IDZDIDZDIDZEIDYxIDZFIDJEIDY3IDcyIDogaWZmaWUtaGVsbG1hbi1ncg0KTWFyICA0IDIxOjI5 OjAyIFVuaVRhc2s6IDAxMzA6IDZGIDc1IDcwIDMxIDM0IDJEIDczIDY4ICA2MSAzMSAyQyA2NCA2 OSA2NiA2NiA2OSA6IG91cDE0LXNoYTEsZGlmZmkNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAw MTQwOiA2NSAyRCA2OCA2NSA2QyA2QyA2RCA2MSAgNkUgMkQgNjcgNzIgNkYgNzUgNzAgMzEgOiBl LWhlbGxtYW4tZ3JvdXAxDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDE1MDogMkQgNzMgNjgg NjEgMzEgMDAgMDAgMDAgIDQxIDczIDczIDY4IDJEIDcyIDczIDYxIDogLXNoYTEuLi5Bc3NoLXJz YQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxNjA6IDJDIDcyIDczIDYxIDJEIDczIDY4IDYx ICAzMiAyRCAzNSAzMSAzMiAyQyA3MiA3MyA6ICxyc2Etc2hhMi01MTIscnMNCk1hciAgNCAyMToy OTowMiBVbmlUYXNrOiAwMTcwOiA2MSAyRCA3MyA2OCA2MSAzMiAyRCAzMiAgMzUgMzYgMkMgNjUg NjMgNjQgNzMgNjEgOiBhLXNoYTItMjU2LGVjZHNhDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazog MDE4MDogMkQgNzMgNjggNjEgMzIgMkQgNkUgNjkgIDczIDc0IDcwIDMyIDM1IDM2IDJDIDczIDog LXNoYTItbmlzdHAyNTYscw0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAxOTA6IDczIDY4IDJE IDY1IDY0IDMyIDM1IDM1ICAzMSAzOSAwMCAwMCAwMCAyMCA2MSA2NSA6IHNoLWVkMjU1MTkuLi4g YWUNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMWEwOiA3MyAzMSAzMiAzOCAyRCA2MyA3NCA3 MiAgMkMgNjEgNjUgNzMgMzEgMzkgMzIgMkQgOiBzMTI4LWN0cixhZXMxOTItDQpNYXIgIDQgMjE6 Mjk6MDIgVW5pVGFzazogMDFiMDogNjMgNzQgNzIgMkMgNjEgNjUgNzMgMzIgIDM1IDM2IDJEIDYz IDc0IDcyIDAwIDAwIDogY3RyLGFlczI1Ni1jdHIuLg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6 IDAxYzA6IDAwIDIwIDYxIDY1IDczIDMxIDMyIDM4ICAyRCA2MyA3NCA3MiAyQyA2MSA2NSA3MyA6 IC4gYWVzMTI4LWN0cixhZXMNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMWQwOiAzMSAzOSAz MiAyRCA2MyA3NCA3MiAyQyAgNjEgNjUgNzMgMzIgMzUgMzYgMkQgNjMgOiAxOTItY3RyLGFlczI1 Ni1jDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDFlMDogNzQgNzIgMDAgMDAgMDAgMzQgNjgg NkQgIDYxIDYzIDJEIDczIDY4IDYxIDMxIDJDIDogdHIuLi40aG1hYy1zaGExLA0KTWFyICA0IDIx OjI5OjAyIFVuaVRhc2s6IDAxZjA6IDY4IDZEIDYxIDYzIDJEIDcyIDY5IDcwICA2NSA2RCA2NCAz MSAzNiAzMCAyQyA2OCA6IGhtYWMtcmlwZW1kMTYwLGgNCk1hciAgNCAyMToyOTowMiBVbmlUYXNr OiAwMjAwOiA2RCA2MSA2MyAyRCA3MyA2OCA2MSAzMiAgMkQgMzIgMzUgMzYgMkMgNjggNkQgNjEg OiBtYWMtc2hhMi0yNTYsaG1hDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDIxMDogNjMgMkQg NzMgNjggNjEgMzIgMkQgMzUgIDMxIDMyIDAwIDAwIDAwIDM0IDY4IDZEIDogYy1zaGEyLTUxMi4u LjRobQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyMjA6IDYxIDYzIDJEIDczIDY4IDYxIDMx IDJDICA2OCA2RCA2MSA2MyAyRCA3MiA2OSA3MCA6IGFjLXNoYTEsaG1hYy1yaXANCk1hciAgNCAy MToyOTowMiBVbmlUYXNrOiAwMjMwOiA2NSA2RCA2NCAzMSAzNiAzMCAyQyA2OCAgNkQgNjEgNjMg MkQgNzMgNjggNjEgMzIgOiBlbWQxNjAsaG1hYy1zaGEyDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFz azogMDI0MDogMkQgMzIgMzUgMzYgMkMgNjggNkQgNjEgIDYzIDJEIDczIDY4IDYxIDMyIDJEIDM1 IDogLTI1NixobWFjLXNoYTItNQ0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IDAyNTA6IDMxIDMy IDAwIDAwIDAwIDE1IDZFIDZGICA2RSA2NSAyQyA3QSA2QyA2OSA2MiA0MCA6IDEyLi4uLm5vbmUs emxpYkANCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjYwOiA2RiA3MCA2NSA2RSA3MyA3MyA2 OCAyRSAgNjMgNkYgNkQgMDAgMDAgMDAgMTUgNkUgOiBvcGVuc3NoLmNvbS4uLi5uDQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogMDI3MDogNkYgNkUgNjUgMkMgN0EgNkMgNjkgNjIgIDQwIDZGIDcw IDY1IDZFIDczIDczIDY4IDogb25lLHpsaWJAb3BlbnNzaA0KTWFyICA0IDIxOjI5OjAyIFVuaVRh c2s6IDAyODA6IDJFIDYzIDZGIDZEIDAwIDAwIDAwIDAwICAwMCAwMCAwMCAwMCAwMCAwMCAwMCAw MCA6IC5jb20uLi4uLi4uLi4uLi4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiAwMjkwOiAwMCAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgOiAuDQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuNTU4NjE2IFRyYW5zcG9ydDogUGFja2V0 IHR5cGUgMjAgcmVjZWl2ZWQsIGxlbmd0aD02NTcNCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiBb bGlic3NoMl0gMTY4MS41NTg2NTcgVHJhbnNwb3J0OiBMb29raW5nIGZvciBwYWNrZXQgb2YgdHlw ZTogMjANCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiBbbGlic3NoMl0gMTY4MS41NTg2OTkgS2V5 IEV4OiBBZ3JlZWQgb24gS0VYIG1ldGhvZDogZGlmZmllLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Ut c2hhMjU2DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuNTU4NzE0IEtl eSBFeDogQWdyZWVkIG9uIEhPU1RLRVkgbWV0aG9kOiBzc2gtcnNhDQpNYXIgIDQgMjE6Mjk6MDIg VW5pVGFzazogW2xpYnNzaDJdIDE2ODEuNTU4NzI2IEtleSBFeDogQWdyZWVkIG9uIENSWVBUX0NT IG1ldGhvZDogYWVzMTI4LWN0cg0KTWFyICA0IDIxOjI5OjAyIFVuaVRhc2s6IFtsaWJzc2gyXSAx NjgxLjU1ODc3NiBLZXkgRXg6IEFncmVlZCBvbiBDUllQVF9TQyBtZXRob2Q6IGFlczEyOC1jdHIN Ck1hciAgNCAyMToyOTowMiBVbmlUYXNrOiBbbGlic3NoMl0gMTY4MS41NTg3OTEgS2V5IEV4OiBB Z3JlZWQgb24gTUFDX0NTIG1ldGhvZDogaG1hYy1zaGEyLTI1Ng0KTWFyICA0IDIxOjI5OjAyIFVu aVRhc2s6IFtsaWJzc2gyXSAxNjgxLjU1ODgwMCBLZXkgRXg6IEFncmVlZCBvbiBNQUNfU0MgbWV0 aG9kOiBobWFjLXNoYTItMjU2DQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2 ODEuNTU4ODA5IEtleSBFeDogQWdyZWVkIG9uIENPTVBfQ1MgbWV0aG9kOiBub25lDQpNYXIgIDQg MjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJdIDE2ODEuNTU4ODE3IEtleSBFeDogQWdyZWVkIG9u IENPTVBfU0MgbWV0aG9kOiBub25lDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xpYnNzaDJd IDE2ODEuNTU4ODMwIEtleSBFeDogSW5pdGlhdGluZyBEaWZmaWUtSGVsbG1hbiBHcm91cC1FeGNo YW5nZSAoTmV3IE1ldGhvZCBTSEEyNTYpDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogPT4gbGli c3NoMl90cmFuc3BvcnRfd3JpdGUgcGxhaW4gKDEzIGJ5dGVzKQ0KTWFyICA0IDIxOjI5OjAyIFVu aVRhc2s6IDAwMDA6IDIyIDAwIDAwIDA0IDAwIDAwIDAwIDA2ICAwMCAwMCAwMCAwOCAwMCAgICAg ICAgICA6ICIuLi4uLi4uLi4uLi4NCk1hciAgNCAyMToyOTowMiBVbmlUYXNrOiBbbGlic3NoMl0g MTY4MS41NTk0NjkgU29ja2V0OiBTZW50IDI0LzI0IGJ5dGVzIGF0IDB4MWMzMjM0NA0KTWFyICA0 IDIxOjI5OjAyIFVuaVRhc2s6ID0+IGxpYnNzaDJfdHJhbnNwb3J0X3dyaXRlIHNlbmQoKSAoMjQg Ynl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogMDAwMDogMDAgMDAgMDAgMTQgMDYgMjIg MDAgMDAgIDA0IDAwIDAwIDAwIDA2IDAwIDAwIDAwIDogLi4uLi4iLi4uLi4uLi4uLg0KTWFyICA0 IDIxOjI5OjAyIFVuaVRhc2s6IDAwMTA6IDA4IDAwIEEzIEFEIDNCIDMzIDdEIDE5ICAgICAgICAg ICAgICAgICAgICAgICAgICA6IC4uLi47M30uDQpNYXIgIDQgMjE6Mjk6MDIgVW5pVGFzazogW2xp YnNzaDJdIDE2ODEuNTU5NjE1IFRyYW5zcG9ydDogTG9va2luZyBmb3IgcGFja2V0IG9mIHR5cGU6 IDMxDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogKiBtdWx0aV9kb25lDQpNYXIgIDQgMjE6Mjk6 MDMgVW5pVGFzazogKiBTRlRQIDB4MWMyYzFlOCBzdGF0ZSBjaGFuZ2UgZnJvbSBTU0hfU19TVEFS VFVQIHRvIFNTSF9TRlRQX0NMT1NFDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogKiBTRlRQIERP TkUgZG9uZQ0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6ICogU0ZUUCAweDFjMmMxZTggc3RhdGUg Y2hhbmdlIGZyb20gU1NIX1NGVFBfQ0xPU0UgdG8gU1NIX1NUT1ANCk1hciAgNCAyMToyOTowMyBV bmlUYXNrOiAqIFNTSCBESVNDT05ORUNUIHN0YXJ0cyBub3cNCk1hciAgNCAyMToyOTowMyBVbmlU YXNrOiAqIFNGVFAgMHgxYzJjMWU4IHN0YXRlIGNoYW5nZSBmcm9tIFNTSF9TVE9QIHRvIFNTSF9T RlRQX1NIVVRET1dODQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogKiBTRlRQIDB4MWMyYzFlOCBz dGF0ZSBjaGFuZ2UgZnJvbSBTU0hfU0ZUUF9TSFVURE9XTiB0byBTU0hfU0VTU0lPTl9ESVNDT05O RUNUDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogKiBFbnRlcmluZyBsaWJzc2gyX3Nlc3Npb25f ZGlzY29ubmVjdA0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgyLjAyMzMy NiBUcmFuc3BvcnQ6IERpc2Nvbm5lY3Rpbmc6IHJlYXNvbj0xMSwgZGVzYz1TaHV0ZG93biwgbGFu Zz0NCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiBbbGlic3NoMl0gMTY4Mi4wMjMzNTAgVHJhbnNw b3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90 cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3No Ml9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiBbbGlic3NoMl0g MTY4Mi4wNjY4NzMgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFu Z2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6 IFtsaWJzc2gyXSAxNjgyLjA2NjkzNyBTb2NrZXQ6IFJlY3ZlZCAyMTYvMTYzODQgYnl0ZXMgdG8g MHgxYzJlMzFjKzANCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiA9PiBsaWJzc2gyX3RyYW5zcG9y dF9yZWFkKCkgcmF3ICgyMTYgYnl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDAwMDog MDAgMDAgMDAgRDQgMDggMUYgMDAgMDAgIDAwIEMxIDAwIEY0IEVFIDE1IEYyIDJFIDogLi4uLi4u Li4uLi4uLi4uLg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwMTA6IDVGIDQ5IDk5IDdBIDAy IDc3IDY5IDY1ICA2RCBGMCAyNCAwNSA5OCBDOSA0NyAwQyA6IF9JLnoud2llbS4kLi4uRy4NCk1h ciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDIwOiA3RCA2NyBBNyBENyBEQSAyNyA3NyA4OCAgM0Mg MUMgMjQgM0EgNkYgM0QgMDQgRTEgOiB9Zy4uLid3LjwuJDpvPS4uDQpNYXIgIDQgMjE6Mjk6MDMg VW5pVGFzazogMDAzMDogQ0YgQTYgQTAgMzUgMEIgMTYgNUUgQ0EgIEJFIDg5IEE2IDg0IEMxIDFB IEJCIDdFIDogLi4uNS4uXi4uLi4uLi4ufg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwNDA6 IDVCIDkzIEI1IDRGIEQ2IEVBIEM4IDVCICBCQSA5RiAyMyBDNiAzMCA2RSA0OCA1QiA6IFsuLk8u Li5bLi4jLjBuSFsNCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDUwOiBCOSBBQyA1NSAxNSBB QiBDNyAzOSBDRSAgOUIgMUEgNzkgRjcgREUgRjYgRDAgMEIgOiAuLlUuLi45Li4ueS4uLi4uDQpN YXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDA2MDogNjQgMzggNTYgREIgOTAgM0UgMjMgRTcgIEY5 IDg1IEVEIENBIEZGIDg2IDdGIEUxIDogZDhWLi4+Iy4uLi4uLi4uLg0KTWFyICA0IDIxOjI5OjAz IFVuaVRhc2s6IDAwNzA6IDU0IDk4IEU3IEVGIDZBIDkxIDA1IDdEICBFMyAzNyBBOSBBQSBFRCBF OSA0MSBDOSA6IFQuLi5qLi59LjcuLi4uQS4NCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDgw OiAzNCBFNiA1MiA0MyBBQyA3OCA4OCBBMyAgM0MgNzggRkIgMjQgOTAgQkIgQTIgQkEgOiA0LlJD LnguLjx4LiQuLi4uDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDA5MDogMDYgRjEgOEUgQ0Mg NTEgREUgOUEgQTUgIDRCIEFEIEQwIDYxIENDIDVCIEUxIEVBIDogLi4uLlEuLi5LLi5hLlsuLg0K TWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwYTA6IDA2IDBDIEMzIDIxIDdDIEExIDFFIDI2ICA3 NyAyQiBEMCA4OCA4OSA4RCAyOCA4MiA6IC4uLiF8Li4mdysuLi4uKC4NCk1hciAgNCAyMToyOTow MyBVbmlUYXNrOiAwMGIwOiBDQiA0OSBBOSBGRiA0MCAxNiA4RSA0OSAgQUUgNkEgOTAgRUUgMUYg NjEgMTMgMkUgOiAuSS4uQC4uSS5qLi4uYS4uDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDBj MDogMUIgNkUgNEUgN0YgOTkgNzkgN0QgQUUgIEFGIDdBIEQ3IDAwIDAwIDAwIDAxIDA1IDogLm5O Li55fS4uei4uLi4uLg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwZDA6IDAwIDAwIDAwIDAw IDAwIDAwIDAwIDAwICAgICAgICAgICAgICAgICAgICAgICAgICA6IC4uLi4uLi4uDQpNYXIgIDQg MjE6Mjk6MDMgVW5pVGFzazogPT4gbGlic3NoMl90cmFuc3BvcnRfcmVhZCgpIHBsYWluICgyMDMg Ynl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDAwMDogMUYgMDAgMDAgMDAgQzEgMDAg RjQgRUUgIDE1IEYyIDJFIDVGIDQ5IDk5IDdBIDAyIDogLi4uLi4uLi4uLi5fSS56Lg0KTWFyICA0 IDIxOjI5OjAzIFVuaVRhc2s6IDAwMTA6IDc3IDY5IDY1IDZEIEYwIDI0IDA1IDk4ICBDOSA0NyAw QyA3RCA2NyBBNyBENyBEQSA6IHdpZW0uJC4uLkcufWcuLi4NCk1hciAgNCAyMToyOTowMyBVbmlU YXNrOiAwMDIwOiAyNyA3NyA4OCAzQyAxQyAyNCAzQSA2RiAgM0QgMDQgRTEgQ0YgQTYgQTAgMzUg MEIgOiAndy48LiQ6bz0uLi4uLjUuDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDAzMDogMTYg NUUgQ0EgQkUgODkgQTYgODQgQzEgIDFBIEJCIDdFIDVCIDkzIEI1IDRGIEQ2IDogLl4uLi4uLi4u Ln5bLi5PLg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwNDA6IEVBIEM4IDVCIEJBIDlGIDIz IEM2IDMwICA2RSA0OCA1QiBCOSBBQyA1NSAxNSBBQiA6IC4uWy4uIy4wbkhbLi5VLi4NCk1hciAg NCAyMToyOTowMyBVbmlUYXNrOiAwMDUwOiBDNyAzOSBDRSA5QiAxQSA3OSBGNyBERSAgRjYgRDAg MEIgNjQgMzggNTYgREIgOTAgOiAuOS4uLnkuLi4uLmQ4Vi4uDQpNYXIgIDQgMjE6Mjk6MDMgVW5p VGFzazogMDA2MDogM0UgMjMgRTcgRjkgODUgRUQgQ0EgRkYgIDg2IDdGIEUxIDU0IDk4IEU3IEVG IDZBIDogPiMuLi4uLi4uLi5ULi4uag0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwNzA6IDkx IDA1IDdEIEUzIDM3IEE5IEFBIEVEICBFOSA0MSBDOSAzNCBFNiA1MiA0MyBBQyA6IC4ufS43Li4u LkEuNC5SQy4NCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDgwOiA3OCA4OCBBMyAzQyA3OCBG QiAyNCA5MCAgQkIgQTIgQkEgMDYgRjEgOEUgQ0MgNTEgOiB4Li48eC4kLi4uLi4uLi5RDQpNYXIg IDQgMjE6Mjk6MDMgVW5pVGFzazogMDA5MDogREUgOUEgQTUgNEIgQUQgRDAgNjEgQ0MgIDVCIEUx IEVBIDA2IDBDIEMzIDIxIDdDIDogLi4uSy4uYS5bLi4uLi4hfA0KTWFyICA0IDIxOjI5OjAzIFVu aVRhc2s6IDAwYTA6IEExIDFFIDI2IDc3IDJCIEQwIDg4IDg5ICA4RCAyOCA4MiBDQiA0OSBBOSBG RiA0MCA6IC4uJncrLi4uLiguLkkuLkANCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMGIwOiAx NiA4RSA0OSBBRSA2QSA5MCBFRSAxRiAgNjEgMTMgMkUgMUIgNkUgNEUgN0YgOTkgOiAuLkkuai4u LmEuLi5uTi4uDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDBjMDogNzkgN0QgQUUgQUYgN0Eg RDcgMDAgMDAgIDAwIDAxIDA1ICAgICAgICAgICAgICAgIDogeX0uLnouLi4uLi4NCk1hciAgNCAy MToyOTowMyBVbmlUYXNrOiBbbGlic3NoMl0gMTY4Mi4wNjc3MjAgVHJhbnNwb3J0OiBQYWNrZXQg dHlwZSAzMSByZWNlaXZlZCwgbGVuZ3RoPTIwMw0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IFts aWJzc2gyXSAxNjgyLjA2Nzc4MSBUcmFuc3BvcnQ6IExvb2tpbmcgZm9yIHBhY2tldCBvZiB0eXBl OiAzMQ0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgyLjE3NjA1MCBLZXkg RXg6IFNlbmRpbmcgS0VYIHBhY2tldCAzMg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6ID0+IGxp YnNzaDJfdHJhbnNwb3J0X3dyaXRlIHBsYWluICgxOTcgYnl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDMg VW5pVGFzazogMDAwMDogMjAgMDAgMDAgMDAgQzAgMEMgNzIgMkUgIDQzIDNBIERGIEExIERDIDc1 IDZEIDI3IDogIC4uLi4uci5DOi4uLnVtJw0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwMTA6 IDNCIEZBIENCIEI0IDFFIEQzIDREIDBDICBENSBEMyAxOSBGNiA4MiA4QSA5MCAyNiA6IDsuLi4u Lk0uLi4uLi4uLiYNCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDIwOiBCOSA5NSA2RCAxOSBB NSBGRiBCNCA0RCAgRjUgRjIgNzYgREUgMTQgNDIgMjggNjQgOiAuLm0uLi4uTS4udi4uQihkDQpN YXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDAzMDogQTYgQjggQzEgNjQgNzMgRUYgMEMgQ0EgIDZG IEY5IDFBIDAwIEI5IDk0IEY1IDZFIDogLi4uZHMuLi5vLi4uLi4ubg0KTWFyICA0IDIxOjI5OjAz IFVuaVRhc2s6IDAwNDA6IEZDIDZCIDU2IDE5IEZFIEY3IDUyIEEzICA2QiBCNiBDNiBFQiA5NiBB MCBDNyA1NSA6IC5rVi4uLlIuay4uLi4uLlUNCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDUw OiAzRCBEQSA5MiBFMSAxOSA0QyA0MCAzRCAgQzQgRTYgMUQgODUgMEEgNUUgRjEgRTEgOiA9Li4u LkxAPS4uLi4uXi4uDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDA2MDogRTkgODYgMTkgNTcg RDcgMzggQkMgNTMgIERBIDI0IEE5IEZCIDhBIDk0IDhDIEE5IDogLi4uVy44LlMuJC4uLi4uLg0K TWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwNzA6IDM2IEU5IEJBIDRFIDAxIDM1IDAzIDlFICBC QiA3OSAwMyA3MSA5NyBGRCA0MyA2MSA6IDYuLk4uNS4uLnkucS4uQ2ENCk1hciAgNCAyMToyOTow MyBVbmlUYXNrOiAwMDgwOiAwMSA4OCA4OSBEMSAzOCAxQiBDQSAxNyAgMEUgQzggODEgQzAgRjAg RDIgQzggNkYgOiAuLi4uOC4uLi4uLi4uLi5vDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDA5 MDogMTEgRDggQ0MgMzcgMUYgQ0MgQzAgRUIgIEQ1IDg0IENEIEFEIDI1IEYxIDFCIDQwIDogLi4u Ny4uLi4uLi4uJS4uQA0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwYTA6IDFCIDg1IENCIEJE IDA2IDYzIDYyIDRDICA3RiAwMyBCMyBEQyA0MCBGNyAxNyA1NyA6IC4uLi4uY2JMLi4uLkAuLlcN Ck1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMGIwOiA4QiBDNSA2RCAyNyAxQiA4QSA1RiAwQSAg QjIgMUEgMjMgREEgM0UgMEIgNzEgNzIgOiAuLm0nLi5fLi4uIy4+LnFyDQpNYXIgIDQgMjE6Mjk6 MDMgVW5pVGFzazogMDBjMDogNDYgOUYgMTEgNTYgOUIgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIDogRi4uVi4NCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiBbbGlic3NoMl0gMTY4 Mi4xNzgwNDUgU29ja2V0OiBTZW50IDIwOC8yMDggYnl0ZXMgYXQgMHgxYzMyMzQ0DQpNYXIgIDQg MjE6Mjk6MDMgVW5pVGFzazogPT4gbGlic3NoMl90cmFuc3BvcnRfd3JpdGUgc2VuZCgpICgyMDgg Ynl0ZXMpDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDAwMDogMDAgMDAgMDAgQ0MgMDYgMjAg MDAgMDAgIDAwIEMwIDBDIDcyIDJFIDQzIDNBIERGIDogLi4uLi4gLi4uLi5yLkM6Lg0KTWFyICA0 IDIxOjI5OjAzIFVuaVRhc2s6IDAwMTA6IEExIERDIDc1IDZEIDI3IDNCIEZBIENCICBCNCAxRSBE MyA0RCAwQyBENSBEMyAxOSA6IC4udW0nOy4uLi4uTS4uLi4NCk1hciAgNCAyMToyOTowMyBVbmlU YXNrOiAwMDIwOiBGNiA4MiA4QSA5MCAyNiBCOSA5NSA2RCAgMTkgQTUgRkYgQjQgNEQgRjUgRjIg NzYgOiAuLi4uJi4ubS4uLi5NLi52DQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDAzMDogREUg MTQgNDIgMjggNjQgQTYgQjggQzEgIDY0IDczIEVGIDBDIENBIDZGIEY5IDFBIDogLi5CKGQuLi5k cy4uLm8uLg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwNDA6IDAwIEI5IDk0IEY1IDZFIEZD IDZCIDU2ICAxOSBGRSBGNyA1MiBBMyA2QiBCNiBDNiA6IC4uLi5uLmtWLi4uUi5rLi4NCk1hciAg NCAyMToyOTowMyBVbmlUYXNrOiAwMDUwOiBFQiA5NiBBMCBDNyA1NSAzRCBEQSA5MiAgRTEgMTkg NEMgNDAgM0QgQzQgRTYgMUQgOiAuLi4uVT0uLi4uTEA9Li4uDQpNYXIgIDQgMjE6Mjk6MDMgVW5p VGFzazogMDA2MDogODUgMEEgNUUgRjEgRTEgRTkgODYgMTkgIDU3IEQ3IDM4IEJDIDUzIERBIDI0 IEE5IDogLi5eLi4uLi5XLjguUy4kLg0KTWFyICA0IDIxOjI5OjAzIFVuaVRhc2s6IDAwNzA6IEZC IDhBIDk0IDhDIEE5IDM2IEU5IEJBICA0RSAwMSAzNSAwMyA5RSBCQiA3OSAwMyA6IC4uLi4uNi4u Ti41Li4ueS4NCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMDgwOiA3MSA5NyBGRCA0MyA2MSAw MSA4OCA4OSAgRDEgMzggMUIgQ0EgMTcgMEUgQzggODEgOiBxLi5DYS4uLi44Li4uLi4uDQpNYXIg IDQgMjE6Mjk6MDMgVW5pVGFzazogMDA5MDogQzAgRjAgRDIgQzggNkYgMTEgRDggQ0MgIDM3IDFG IENDIEMwIEVCIEQ1IDg0IENEIDogLi4uLm8uLi43Li4uLi4uLg0KTWFyICA0IDIxOjI5OjAzIFVu aVRhc2s6IDAwYTA6IEFEIDI1IEYxIDFCIDQwIDFCIDg1IENCICBCRCAwNiA2MyA2MiA0QyA3RiAw MyBCMyA6IC4lLi5ALi4uLi5jYkwuLi4NCk1hciAgNCAyMToyOTowMyBVbmlUYXNrOiAwMGIwOiBE QyA0MCBGNyAxNyA1NyA4QiBDNSA2RCAgMjcgMUIgOEEgNUYgMEEgQjIgMUEgMjMgOiAuQC4uVy4u bScuLl8uLi4jDQpNYXIgIDQgMjE6Mjk6MDMgVW5pVGFzazogMDBjMDogREEgM0UgMEIgNzEgNzIg NDYgOUYgMTEgIDU2IDlCIEZCIDU2IDEyIDI1IDk5IDREIDogLj4ucXJGLi5WLi5WLiUuTQ0KTWFy ICA0IDIxOjI5OjAzIFVuaVRhc2s6IFtsaWJzc2gyXSAxNjgyLjE3OTg0MiBUcmFuc3BvcnQ6IExv b2tpbmcgZm9yIHBhY2tldCBvZiB0eXBlOiAzMw0KTWFyICA0IDIxOjI5OjA0IFVuaVRhc2s6ICog RW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOTowNCBVbmlU YXNrOiBbbGlic3NoMl0gMTY4My4xODAwNzYgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRo ZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIx OjI5OjA1IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1h ciAgNCAyMToyOTowNSBVbmlUYXNrOiBbbGlic3NoMl0gMTY4NC4xODA3NjIgVHJhbnNwb3J0OiBS ZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3Bv cnRfc2VuZA0KTWFyICA0IDIxOjI5OjA2IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNz aW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOTowNiBVbmlUYXNrOiBbbGlic3NoMl0gMTY4NS4x ODA5MzUgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJv bSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjA3IFVuaVRhc2s6ICogRW50 ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOTowNyBVbmlUYXNr OiBbbGlic3NoMl0gMTY4Ni4xODEwNTIgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBr ZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5 OjA4IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAg NCAyMToyOTowOCBVbmlUYXNrOiBbbGlic3NoMl0gMTY4Ny4xODEzNjIgVHJhbnNwb3J0OiBSZWRp cmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRf c2VuZA0KTWFyICA0IDIxOjI5OjA5IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9u X2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOTowOSBVbmlUYXNrOiBbbGlic3NoMl0gMTY4OC4xODE2 ODkgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBf bGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjEwIFVuaVRhc2s6ICogRW50ZXJp bmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToxMCBVbmlUYXNrOiBb bGlic3NoMl0gMTY4OS4xODIwMTYgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkg cmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjEx IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAy MToyOToxMSBVbmlUYXNrOiBbbGlic3NoMl0gMTY5MC4xODIyMzkgVHJhbnNwb3J0OiBSZWRpcmVj dGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2Vu ZA0KTWFyICA0IDIxOjI5OjEyIFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rp c2Nvbm5lY3QNCk1hciAgNCAyMToyOToxMiBVbmlUYXNrOiBbbGlic3NoMl0gMTY5MS4xODI2MzYg VHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGli c3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjEzIFVuaVRhc2s6ICogRW50ZXJpbmcg bGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToxMyBVbmlUYXNrOiBbbGli c3NoMl0gMTY5Mi4xODMxOTYgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUt ZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjE0IFVu aVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToy OToxNCBVbmlUYXNrOiBbbGlic3NoMl0gMTY5My4xODMzODggVHJhbnNwb3J0OiBSZWRpcmVjdGlu ZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0K TWFyICA0IDIxOjI5OjE1IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nv bm5lY3QNCk1hciAgNCAyMToyOToxNSBVbmlUYXNrOiBbbGlic3NoMl0gMTY5NC4xODQxNjEgVHJh bnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3No Ml90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjE2IFVuaVRhc2s6ICogRW50ZXJpbmcgbGli c3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToxNiBVbmlUYXNrOiBbbGlic3No Ml0gMTY5NS4xODUxOTQgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhj aGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjE3IFVuaVRh c2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOTox NyBVbmlUYXNrOiBbbGlic3NoMl0gMTY5Ni4xODU1ODcgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBp bnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFy ICA0IDIxOjI5OjE4IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5l Y3QNCk1hciAgNCAyMToyOToxOCBVbmlUYXNrOiBbbGlic3NoMl0gMTY5Ny4xODYxNTAgVHJhbnNw b3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90 cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjE5IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3No Ml9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToxOSBVbmlUYXNrOiBbbGlic3NoMl0g MTY5OC4xODY4MzUgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFu Z2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjIwIFVuaVRhc2s6 ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToyMCBV bmlUYXNrOiBbbGlic3NoMl0gMTY5OS4xODcxMjMgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRv IHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0 IDIxOjI5OjIxIFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QN Ck1hciAgNCAyMToyOToyMSBVbmlUYXNrOiBbbGlic3NoMl0gMTcwMC4xODc2ODYgVHJhbnNwb3J0 OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFu c3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjIyIFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9z ZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToyMiBVbmlUYXNrOiBbbGlic3NoMl0gMTcw MS4xODgxMDMgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2Ug ZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjIzIFVuaVRhc2s6ICog RW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToyMyBVbmlU YXNrOiBbbGlic3NoMl0gMTcwMi4xODgyMzIgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRo ZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIx OjI5OjI0IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1h ciAgNCAyMToyOToyNCBVbmlUYXNrOiBbbGlic3NoMl0gMTcwMy4xODg2NTkgVHJhbnNwb3J0OiBS ZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3Bv cnRfc2VuZA0KTWFyICA0IDIxOjI5OjI1IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNz aW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToyNSBVbmlUYXNrOiBbbGlic3NoMl0gMTcwNC4x ODk1MDMgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJv bSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5OjI2IFVuaVRhc2s6ICogRW50 ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAgNCAyMToyOToyNiBVbmlUYXNr OiBbbGlic3NoMl0gMTcwNS4xODk3NzEgVHJhbnNwb3J0OiBSZWRpcmVjdGluZyBpbnRvIHRoZSBr ZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRfc2VuZA0KTWFyICA0IDIxOjI5 OjI3IFVuaVRhc2s6ICogRW50ZXJpbmcgbGlic3NoMl9zZXNzaW9uX2Rpc2Nvbm5lY3QNCk1hciAg NCAyMToyOToyNyBVbmlUYXNrOiBbbGlic3NoMl0gMTcwNi4xOTA0OTkgVHJhbnNwb3J0OiBSZWRp cmVjdGluZyBpbnRvIHRoZSBrZXkgcmUtZXhjaGFuZ2UgZnJvbSBfbGlic3NoMl90cmFuc3BvcnRf c2VuZA0K --_004_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_ Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --_004_BN6PR19MB16185456A9DBC7E8E6180629BF720BN6PR19MB1618namp_-- From libssh2-devel-bounces@cool.haxx.se Thu Mar 7 09:33:35 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x278WvFL007091; Thu, 7 Mar 2019 09:33:25 +0100 Received: from sonic310-16.consmr.mail.bf2.yahoo.com (sonic310-16.consmr.mail.bf2.yahoo.com [74.6.135.126]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x278Wsmd006999 for ; Thu, 7 Mar 2019 09:32:55 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com; s=s2048; t=1551947560; bh=TtMOkhJKTkrmrteqm5hGMP4N7oPHcCBGCVrG/tDP3YQ=; h=From:Subject:To:Date:From:Subject; b=VB+qKgGe+41vCrjdTgJtRuGhGXsH9H84hf8/oLg6Y3JzO4s7rE87pwaesbfAdkCUdfmDg4Yyx5cTCdJJZRBeLFJDiHfF4eSzyFO7zg3Oj++c3F35674Q0Sb483phjTgIrK53XW89BDX9z27bUllSL5FYbOeyzZWSVE/RTXZH8WHiVKy3cYRuYs/eUr0k15Tm2mHiB9svcPsQ3fNQulP3/r7sd+VIx6x5t2u7KgaZMb0JLTQS7XxyO9u5Ga5Md2AD029RByjh7U5YxguaXmDSYFpAPXn1x71g7GEz7Y3ZKENvfk4tMxV9AwoYafK6FAggUE7H3yOuVNF0LJQEVLHqLg== X-YMail-OSG: JDt5degVM1mp2pMnRBG2ueEbUsrKsaeBv.szghmkuWHUT_lVLwLfw1DK5qJj76C sRSon.YaLR5JakaphCTf9TWAC9vusgOgC1JM_HF09jFn80HrTBMoFOq_jB1hl8.YsVep5dL0RX7B tUxrLIkye14d1KX.H5uudoohLlldxRk6BTx89xGoor4H.uQQ7X8DH3GG.iDKjLEhXGpN_Hi0WHIT DHW9diVVfUXOcJfYaYfrtf_Yl16Tx928oYBJlqoq9vwsSgdND3yS7D0Qc0HdyB5T4nx8tozpao5L KByeoFccGOO0nkVJRu9UKDbmJNoMAlJl62RcJg2ac5uHnoh_QX4tYoPDqzeANu4UB2AKTnyqA86X DA_4rBg4DyavgTI57jphVIGkCTtozKfFI2FoK1tMj40hq4sS8OZrS8tVTvYAXupD4_GaNqW5S9Xu _omRR0dZSEN6x2AD7BB.ajSWBdOn5BSonL8B_DL79pIZUNl67XkGFrvRe4f6vlNCsgKRou4aJ.FN hL.FQdkydwCIrLOsDuyI7Oz8c092oAhinFN729VP4fVo0ou0Zs7gWXsud_l4d6hgFhUHDoDH.YmP R0Si48GCLy3ct3xUJ68PCMfcbdNDg.lEGhY8g7Gv7lq3K76Ic_Eem7ulJ8iqAa73vVN3QHLy2s2K D3UqjqadEJciizC3KGUrvFQpSohnZ683bBe11UKjF8ij4herxWbCz_lilL9x5k6722gZUGZA1YTw Nk6nB3hNwl3r5jTwrUZnMssSaFgrzrRbYEsV.lXuvXcLhuNdjm1q0tslsUljuGrHcuSSwlr6THCi XZj.BUyORSXnbZUKnfyWgZ_v.mVvyFvGIkqsXFnmsDhnD.ca7_bLHyHncekQxSwMAuT6SmpYaMCR bm0Get8trVaaFz3e5hAFnmzMqchC701PeateKC4MR8BqkG7glYWgU8jjLny71a6E6KvCtfajO6T8 mzAm6rsM7zhC2b0iRhnCs3EhooxdG78UWKRT5jDCYL9iomL9MBBzdn6jfYuDtnSGlnfxp6eKMn1F 9bbA52tZEqXMXrfjcmJyX4PQUxotpstVAZfu6HZPecS3Sf80- Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.bf2.yahoo.com with HTTP; Thu, 7 Mar 2019 08:32:40 +0000 Received: from CPE0c473df4b163-CM0c473df4b160.cpe.net.cable.rogers.com (EHLO Leos-iMac.local) ([99.231.1.52]) by smtp406.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 4de00fa9d9d2466ee2f73b690fbe7af2 for ; Thu, 07 Mar 2019 08:32:38 +0000 (UTC) From: Leo Subject: libssh crash on Mac To: libssh2 development Message-ID: <06f444aa-383a-8431-9da0-0f1f8cd51e07@rogers.com> Date: Thu, 7 Mar 2019 03:32:37 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x278WvFL007091 Hi all, I recently ran into the following strange issue: I have two Xcode projects - for two apps - that, among other things, are using libssh to connect to SFTP. When it comes to SFTP connection, the projects are almost identical (one started as a copy of another). The apps worked for years with no issues. However, recently one of the apps started crashing on attempt to connect to SFTP. Another app connects with no problems. After running tons of tests, I just can't find any differences in the two projects that could explain the crash in one of the apps. The crash happens when invoking a contentsOfDirectoryAtPath method in a third party class that's using libssh. The Xcode debugger indicates exactly where the crash happens - I included the details below. I wonder if anyone can give me any pointers regarding what should I look for in my project that could cause a crash in that specific place? File: kex.c Function: diffie_hellman_sha1 The exact line/error: {             libssh2_sha1_ctx fingerprint_ctx;             libssh2_sha1_init(&fingerprint_ctx);             libssh2_sha1_update(fingerprint_ctx, session->server_hostkey,  <-------------Thread 1: EXC_BAD_ACCESS (code=1, address=0x0)                                 session->server_hostkey_len);             libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1);         } Some basic project details: libssh2-1.4.3 Xcode 10.1 macOS 10.14 (but the crash happens on earlier versions too) 64-bit I realize that I may need to provide additional info - please let me know what info can be helpful then. Thanks for any help, Leo _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Mar 7 12:26:05 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x27BPZwZ026429; Thu, 7 Mar 2019 12:25:58 +0100 Received: from foo.stuge.se (foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x27BPXJd026284 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 7 Mar 2019 12:25:34 +0100 Received: (qmail 18090 invoked by uid 1000); 7 Mar 2019 11:25:28 -0000 Message-ID: <20190307112528.18089.qmail@stuge.se> Date: Thu, 7 Mar 2019 11:25:28 +0000 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: libssh crash on Mac References: <06f444aa-383a-8431-9da0-0f1f8cd51e07@rogers.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <06f444aa-383a-8431-9da0-0f1f8cd51e07@rogers.com> X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x27BPZwZ026429 Leo wrote: > File: kex.c .. >             libssh2_sha1_update(fingerprint_ctx, > session->server_hostkey,  <-------------Thread 1: EXC_BAD_ACCESS > (code=1, address=0x0) >                                 session->server_hostkey_len); So you could either try to debug this, e.g. by outputing the values of session, session->server_hostkey and session->server_hostkey_len to a debug log, or.. > Some basic project details: > > libssh2-1.4.3 ..you could just upgrade from this >6 year old version, and see if your bug has already been fixed. //Peter _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Mar 11 11:33:53 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2BAX82b027886; Mon, 11 Mar 2019 11:33:40 +0100 Received: from sonic314-23.consmr.mail.ne1.yahoo.com (sonic314-23.consmr.mail.ne1.yahoo.com [66.163.189.149]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2BAX6r6027859 for ; Mon, 11 Mar 2019 11:33:07 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com; s=s2048; t=1552300376; bh=JncPjBtaPVVLvltTd3HBN50S2U8XdDYpA2IgPvMOjDg=; h=From:Subject:To:References:Date:In-Reply-To:From:Subject; b=izX46WtfF0ruPS7jovDS0tM5yxZ69kLZlc2tqFMHGSm0Az+12qYCw+b00yAnDfW1tO+GFYxmgA3d4p8gNUBQX/86/97dChQhXi7MMlBsQ6Dw1ei1GRyy6iv7kvdX6btC6/XMceUlLrnEIh3A72J2qTpwA4MooM3WWKJDL3UeU84v7pzbjBaaeCsK6IZF8lWnSFse8dHgauGRAIUV0vdW19RR/1oj1wU05rC9D1GUBp1ScCFXeX9uZ+WOarcPvIwDdMYTdlV4rPO9yeC+b+SU95wsT3bpOBclxvGd432qILWjIcrFh80Np+O1YvizYnAM/OZ2MrwtLpABc4Tc6/kGBw== X-YMail-OSG: 4L6UZDwVM1lzZcw0jicn0jN40fL0Iz60MPqFsvi0IAh6jKFAretmJpkamVPuKz2 WKfp7KPwklgwL4fvut_Mkq7rwnveU8tLjDy4YHMeWXidpe.iFXwxu5Q05G1tvEDHD5FvhVj7CARJ wPQ1HrTy6D5sgP_bSuZ_ZJagvMvimGO1GfZRDP.h4oRkS3uhGQ3_5lcYLRDJ1sjAd.eI0CQuACIR p81xZh.cQgXCQ7h.HX.glUtHnkAqIWGW7S6RGJFw8MNuXzIXrW9Szz6CNgsDS2pZ0R0QqzbKKvbM KfvjO20lYRKQbNeBRP_sIZfBN9mI2BI4DCSqyRu13pKAwHUDUD9HG9dtcwe0jm1P.t75Lpn.IczR kQd8fuknxMjVM_lYipfpxPKIckm5JIHxKUellNSPuGKEHwaEqCPkh5sQiv7ibZwAm6.nSt8yexLu Y1E9Kb7Q1hAz8mOMu_6aK7E2yfhLXXpdpEjTIjhq5R872d8P0MWnw2P3QQqksMfZhUz5cWHN0xSe QuQfVHUL1yjMqAzuxFUM6zubQnOsLZ09e8pk1SmePZCyYSE07Ijm5T4dwmaXKyRe3CsibC8tX9L3 IAFRM12KSV5d4tERJiRKqpCETV1YwAqbbVs6HJ2gMGFhnd8RE.zgZZj5hstEK5A22P_uRNsPrnpf nMO3pYAbnEH6BcuoOtgf7_iXrfQT4SicIyR4vFnGH2AtV.jk0yYyE8OXixVFeR8ZA_hy06432UnO TB6HttP0vX2ES_v.PbnWgciw_iwuH.idPfjuCE8USmGxBTp1.NrPwZzwYODYB2YlLpLKSiSSaG6Z a2r23jleAMi5wc06DZ4HZNL4tpE.l3f6kIxCgLZ1v.fsBdOsQ8dDv1p2gig6TV.anjzfS2q2eq.h TQgkL1.AwLCTSujwJspadMehEBlHUH81n0Uomalpj78QO4pmiCDVJeaePq3GWEfUJIvXTryz0e6P OLNHbhKdPSkKXH.S.vKc5CkcFIUd7aek0nwbXFfFpNEiZirA8Yo852Th6VqEZZhm.28AdT0D7Vva 1ugRbJ09A61jR9kBMFrp243V19kvOI5igL9qzYgohhy8KW_YyHE2UaPa84OBsoakhURs- Received: from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.ne1.yahoo.com with HTTP; Mon, 11 Mar 2019 10:32:56 +0000 Received: from CPE0c473df4b163-CM0c473df4b160.cpe.net.cable.rogers.com (EHLO Leos-iMac.local) ([99.231.1.52]) by smtp418.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 7960c295c1408d8b026ad247b3ec6fc8 for ; Mon, 11 Mar 2019 10:32:52 +0000 (UTC) From: Leo Subject: Re: libssh crash on Mac To: libssh2 development References: <06f444aa-383a-8431-9da0-0f1f8cd51e07@rogers.com> <20190307112528.18089.qmail@stuge.se> Message-ID: <34d20f30-473f-c317-d5f3-cce8bf3f7c60@rogers.com> Date: Mon, 11 Mar 2019 06:32:51 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190307112528.18089.qmail@stuge.se> Content-Language: en-US X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2BAX82b027886 Hi Peter, Thank you for the prompt reply! On 3/7/19 6:25 AM, Peter Stuge wrote: > Leo wrote: >> File: kex.c > .. >>             libssh2_sha1_update(fingerprint_ctx, >> session->server_hostkey,  <-------------Thread 1: EXC_BAD_ACCESS >> (code=1, address=0x0) >>                                 session->server_hostkey_len); > So you could either try to debug this, e.g. by outputing the values of > session, session->server_hostkey and session->server_hostkey_len to a > debug log, or.. The Xcode debugger output for these values is as follows: successful connection: session: 0x10288d400 fingerprint_ctx: session->server_hostkey: "" session->server_hostkey_len: 279 crash: session: 0x102213400 fingerprint_ctx: session->server_hostkey: "" session->server_hostkey_len: 279 The only difference is the 'session' value. Frankly, I don't know what that means and if it can help find what causes the crash in the second project. Do you have a better idea by any chance? >> Some basic project details: >> >> libssh2-1.4.3 > ..you could just upgrade from this >6 year old version, and see if > your bug has already been fixed. I had to mention in my original post that it was my first thought, of course. I spent a week trying to include the latest version of libssh2 in my Xcode project - but all attempts to compile, unfortunately, failed. In a rare case that the project did compile, the app could only run on the same machine - and crashed on others. I looked up tons of info on the problems I experienced, as well as the info on libssh2 implementation in Xcode in general. Still no luck. After a week I had to give up on that, for now. I decided to first try to solve the crash with libssh2-1.4.3, if possible - as at least it compiles and does work in one app. If I won't be able to solve this crash, then I'll post a separate question regarding Xcode integration of the current version. Sincerely, Leo _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 17 17:57:18 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2HGueW3030117; Sun, 17 Mar 2019 17:57:08 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2HGucZO030053 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 17 Mar 2019 17:56:38 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2HGucc2030048 for ; Sun, 17 Mar 2019 17:56:38 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Sun, 17 Mar 2019 17:56:38 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Code style and project status Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2HGueW3030117 Hi all, I've kept away from the project for a good while, mostly idling in the background as I've been determined to step down as maintainer completely. I'm back here now primarily to put together and push out a new release together with Will Cosgrove. I'm slightly disappointed in the current shape of the project and of code I've seen landed and that's one of the reasons why it now takes a lot more time than anticipated to get the release done. Some of the issues I found: - numerous compiler warnings with picky options have been introduced - no longer C89 compliant (//-comments and more) - TABs in the code - trailing whitespace all over - weird (inconsistent) code style used - more or less constant appveyor CI build failures - occasional VERY long source lines I've put in efforts to clean some things up and have landed: - Removed all compiler warnings a picky gcc shows - I added a travis CI build that uses "configure --enable-debug" to trigger more compiler warnings and make it harder to land bad code. - I added an --enable-werror option that sets -Werror in the build so that it will FAIL on any warning in the build (including examples), now used by the travis job. Possibly more controversial, what I want to land next is in PR 324 ( https://github.com/libssh2/libssh2/pull/324) - A code style checker job to the CI that will warn on basic code style violations, using the checksrc tool from the curl project. - It should cause the CI to fail on blatant style violations - it checks some of the most obvious things - but can still be foooled. It's not a replacement for human reviews. But as long as it warns on something, the code isn't code-style compliant. - A (rather large) code overhaul that unifies the style, white space, bracing, line lengths and some more to make sure that the new CI build still builds greeen. - The idea being that with (much) stricter tests and tooling, we will land more unified code and there will be less need for humans to point out the most obvious style violations in PRs. Thoughts? I realize I come here barging in, but I felt this was needed. I can be told I'm wrong and I certainly think we could discuss code style etc if that's what anyone wants. Especially I think the ones who actually write code in the project more frequently than I do should have a say in how to write it. I'm not married to a particular style but I will insist on the style to be consistent *and enforced*. -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Mar 18 08:01:43 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2I712Qr014234; Mon, 18 Mar 2019 08:01:31 +0100 Received: from m50-112.126.com (m50-112.126.com [123.125.50.112]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2I70woK014196 for ; Mon, 18 Mar 2019 08:00:59 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=Date:From:Subject:Mime-Version:Message-ID; bh=bDXdZ oQRJDkO+eHMPoBAJFIqyd/G+SERW8M8XSKE8ds=; b=hCa+BSmALFYcnaewcXBtt VyHfb9NaUofsOYbWJhd8zZnPtLlKJ7vm7gXP5zT3QJxUAxBs409dYFjqklGPhE86 +b06jQLjCFJnR9vrg4H4jQpa7u+2qM2UKJJh3OCMJQoyikPeA553yAX7dfUdZ+ob ofG5cC8l7Ugmj0gsbcEMnU= Received: from HUGELANDTECH (unknown [180.169.44.50]) by smtp6 (Coremail) with SMTP id j9KowADHF+8jQo9cF5S7BA--.867S2; Mon, 18 Mar 2019 15:00:53 +0800 (CST) Date: Mon, 18 Mar 2019 15:00:49 +0800 From: "Samuel Zhao" To: libssh2-devel Subject: blocked issue on libssh2_session_handshake() X-Priority: 3 X-Has-Attach: no X-Mailer: Foxmail 7, 2, 7, 21[cn] Mime-Version: 1.0 Message-ID: <201903181141119585365@126.com> X-CM-TRANSID: j9KowADHF+8jQo9cF5S7BA--.867S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxU4UGYUUUUU X-Originating-IP: [180.169.44.50] X-CM-SenderInfo: 5vdp3v5o2kt0a6rslhhfrp/1tbiWAV7O1pD7xYXkgAAs4 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: multipart/mixed; boundary="===============1625459026==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --===============1625459026== Content-Type: multipart/alternative; boundary="----=_001_NextPart647048214365_=----" This is a multi-part message in MIME format. ------=_001_NextPart647048214365_=---- Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: base64 IEhlbGxvLA0KDQpUaGUgZnVuY2l0b24gbGlic3NoMl9zZXNzaW9uX2hhbmRzaGFrZSgpIHdhcyBi bG9ja2VkIGFuZCBubyByZXR1cm4gZnJvbSBzZXJ2ZXIuIEl0IGNhdXNlcyB0aGUgbWFpbiBmdW5j dGlvbiBibG9ja2VkIG9uIHRoaXMgZnVuY3Rpb24uIEkgdHJpZWQgdG8gZGVidWcgaXQgYnV0IG5v IGFueSByZXN1bHQuIFdoYXQncyB3cm9uZz8NCg0KDQoNClNhbXVlbCBaaGFvDQo= ------=_001_NextPart647048214365_=---- Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable = =0A
 Hello,

The funciton&nb= sp;libssh2_session_handshake() was blocked and no return fr= om server. It causes the main function blocked on this function. I tried t= o debug it but no any result. What's wrong?
=0A

= =0A
=0A
Samuel Zhao
=0A ------=_001_NextPart647048214365_=------ --===============1625459026== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --===============1625459026==-- From libssh2-devel-bounces@cool.haxx.se Mon Mar 18 11:14:34 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2IADoQO013787; Mon, 18 Mar 2019 11:14:23 +0100 Received: from blaine.gmane.org ([195.159.176.226]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2IADnv9013780 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 18 Mar 2019 11:13:49 +0100 Received: from list by blaine.gmane.org with local (Exim 4.89) (envelope-from ) id 1h5pHC-000jAM-4X for libssh2-devel@cool.haxx.se; Mon, 18 Mar 2019 11:13:50 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: libssh2-devel@cool.haxx.se From: Salvador Fandino Subject: Re: Code style and project status Date: Mon, 18 Mar 2019 11:13:43 +0100 Message-ID: References: Mime-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 In-Reply-To: Content-Language: en-US X-MIME-Autoconverted: from quoted-printable to 8bit by giant.haxx.se id x2IADnv9013780 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2IADoQO013787 On 3/17/19 5:56 PM, Daniel Stenberg wrote: > Hi all, >  - A (rather large) code overhaul that unifies the style, white space, >    bracing, line lengths and some more to make sure that the new CI build >    still builds greeen. There are currently 36 open pull requests on GitHub. This code overhaul would probably break a large number of them. Is that a good idea? You have come back to the project and discovered that the code is quite rotten, and now you are trying to fix it fast but you are missing the real cause of the problem: there is not a real community around libssh2, nobody taking care of it as a whole, nobody systematically listening to users, fixing bugs, looking at the pull requests, etc. Don't get me wrong, There are still people investing their time into libssh2, but most of them seem to be concentrated on scratching their own itch or don't have enough time, well, I don't know... take for sure that I am not in any case trying to downplay their work... but what is obvious is that they are way under the critical mass required to make libssh2 a thrilling project. Just take a look at the contributor graphs: https://github.com/libssh2/libssh2/graphs/contributors Those 36 open pull requests belong to potential future libssh2 contributors and restyling the code may just send them the message "libssh2 doesn't care about your contributions" driving them away from the project and that is exactly the opposite of what it's needed. > >  - The idea being that with (much) stricter tests and tooling, we will > land >    more unified code and there will be less need for humans to point > out the >    most obvious style violations in PRs. > Thoughts? > > I realize I come here barging in, but I felt this was needed. I can be > told I'm wrong and I certainly think we could discuss code style etc if > that's what anyone wants. Especially I think the ones who actually write > code in the project more frequently than I do should have a say in how > to write it. > > I'm not married to a particular style but I will insist on the style to > be consistent *and enforced*. Note that I am not against that plan. I just think it shouldn't be done until at least the most recent PRs are reviewed. I would like to add that nowadays my interest in libssh2 is just marginal. Just last week somebody reported a issue on the Net::SSH2, the Perl wrapper for libssh2 for which I am still the maintainer, and I ended digging in libssh2 again and by chance, come to see your mail. It remembered me when some years ago I become enthusiastic about the project. I started fixing simple bugs that were breaking Net::SSH2, then finding more obscure ones usually related to robustness and finally just looking into the code and looking for places were it could be simplified and improved. But then, my pull requests become ignored, or just weren't replied in months and I just lost interest on libssh2 and moved to other things. I don't want to mean that as an accusation or anything like that, just as anecdotal evidence that the project is not very good at getting new people involved and to explain why I feel sympathetic with the people behind those pull request. Cheers! _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Mar 18 11:55:35 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2IAt8ED010052; Mon, 18 Mar 2019 11:55:27 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2IAt6oF010042 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 18 Mar 2019 11:55:06 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2IAt620010038 for ; Mon, 18 Mar 2019 11:55:06 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Mon, 18 Mar 2019 11:55:06 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: Code style and project status In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="1129329158-1220440853-1552906506=:22468" X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1129329158-1220440853-1552906506=:22468 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT On Mon, 18 Mar 2019, Salvador Fandino wrote: >>  - A (rather large) code overhaul that unifies the style, white space,    >> bracing, line lengths and some more to make sure that the new CI build    >> still builds greeen. > > There are currently 36 open pull requests on GitHub. This code overhaul > would probably break a large number of them. Is that a good idea? Thanks for your feedback and expressed concerns. I think it (the cleanup) still is a good idea. Even though I understand this will cause some merge conflicts and thus force authors to act and edit the PRs somewhat, I don't think doing things the other way around is productive. We've already drifted out on a tangent (code wise). I think we need to pull back from the bad trend and shape up rather than to continue down that path. > You have come back to the project and discovered that the code is quite > rotten, and now you are trying to fix it fast but you are missing the real > cause of the problem: there is not a real community around libssh2, nobody > taking care of it as a whole, nobody systematically listening to users, > fixing bugs, looking at the pull requests, etc. That's painfully obvious. I don't think it's possible to miss. I don't think I can fix that problem so I'll focus on some problems that I *can* work on. Things I think at least brings is a small step in the right direction. If people don't contribute and help out, the project is simply doomed to die. > Those 36 open pull requests belong to potential future libssh2 contributors > and restyling the code may just send them the message "libssh2 doesn't care > about your contributions" driving them away from the project and that is > exactly the opposite of what it's needed. Since - right now - nobody seems to be around in the project to welcome such contributions I figure that message seems apt. Everyone and anyone is more than welcome and encouraged to help out to carry libssh2 forward. > Note that I am not against that plan. I just think it shouldn't be done > until at least the most recent PRs are reviewed. Given the (lack of) feedback to most of the PRs, that is basically the same as saying it will never happen. I think landing the cleanup and stricter checks first will also make it easier to do reviews since the style checks will find and report on a lot of the nits that the PRs now violate and we need humans to point out. (The same non-existing humans that don't even point out those flaws...) > I don't want to mean that as an accusation or anything like that, just as > anecdotal evidence that the project is not very good at getting new people > involved and to explain why I feel sympathetic with the people behind those > pull request. "The project" is the people involved and it seems we basically have no people involved. So yeah, there isn't anybody around to welcome or guide newcomers. I'm at least as much to blame for this as much as anyone else, but unfortunately this fact does not magically give me more energy, time and ethusiasm. I don't think just giving up and declaring the project dead makes anything better either. -- / daniel.haxx.se --1129329158-1220440853-1552906506=:22468 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --1129329158-1220440853-1552906506=:22468-- From libssh2-devel-bounces@cool.haxx.se Mon Mar 18 22:43:21 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2ILgIm2018050; Mon, 18 Mar 2019 22:43:10 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2ILgGx1017954 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 18 Mar 2019 22:42:16 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2ILgFEf017948 for ; Mon, 18 Mar 2019 22:42:15 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Mon, 18 Mar 2019 22:42:15 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: [RELEASE] libssh2 1.8.1 Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2ILgIm2018050 Hello! I'm happy to announce that we have release libssh2 1.8.1. This release is a pure security release with no less than *nine* security fixes addressed. See also the separate security announcement following this email. As always, get it from https://www.libssh2.org/ The changes included in 1.8.1 are: o fixed possible integer overflow when reading a specially crafted packet (https://www.libssh2.org/CVE-2019-3855.html) o fixed possible integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings (https://www.libssh2.org/CVE-2019-3863.html) o fixed possible integer overflow if the server sent an extremely large number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html) o fixed possible out of bounds read when processing a specially crafted packet (https://www.libssh2.org/CVE-2019-3861.html) o fixed possible integer overflow when receiving a specially crafted exit signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html) o fixed possible out of bounds read when receiving a specially crafted exit status message channel packet (https://www.libssh2.org/CVE-2019-3862.html) o fixed possible zero byte allocation when reading a specially crafted SFTP packet (https://www.libssh2.org/CVE-2019-3858.html) o fixed possible out of bounds reads when processing specially crafted SFTP packets (https://www.libssh2.org/CVE-2019-3860.html) o fixed possible out of bounds reads in _libssh2_packet_require(v) (https://www.libssh2.org/CVE-2019-3859.html) -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Mar 18 22:43:51 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2ILhL64019089; Mon, 18 Mar 2019 22:43:51 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2ILgK4u018098 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Mar 2019 22:42:20 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2ILgJtH018063; Mon, 18 Mar 2019 22:42:19 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Mon, 18 Mar 2019 22:42:19 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development , oss-security@lists.openwall.com Subject: [SECURITY ADVISORIES] libssh2 Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2ILhL64019089 Hello! I'm writing you to announce the release of nine separate security advisories concerning libssh2. All these fixes are also included in the brand new libssh2 1.8.1 release, just shipped and available on https://www.libssh2.org/ CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3855.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3856.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch CVE-2019-3857 Possible integer overflow leading to zero-byte allocation and out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3857.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch CVE-2019-3858 Possible zero-byte allocation leading to an out-of-bounds read URL: https://www.libssh2.org/CVE-2019-3858.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch CVE-2019-3859 Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev` URL: https://www.libssh2.org/CVE-2019-3859.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch CVE-2019-3860 Out-of-bounds reads with specially crafted SFTP packets URL: https://www.libssh2.org/CVE-2019-3860.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch CVE-2019-3861 Out-of-bounds reads with specially crafted SSH packets URL: https://www.libssh2.org/CVE-2019-3861.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch CVE-2019-3862 Out-of-bounds memory comparison URL: https://www.libssh2.org/CVE-2019-3862.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch CVE-2019-3863 Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes URL: https://www.libssh2.org/CVE-2019-3863.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Tue Mar 19 23:13:12 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2JMCUDL020315; Tue, 19 Mar 2019 23:13:05 +0100 Received: from foo.stuge.se (foo.stuge.se [212.116.89.98]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2JMCS51020225 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 19 Mar 2019 23:12:29 +0100 Received: (qmail 7760 invoked by uid 1000); 19 Mar 2019 22:12:24 -0000 Message-ID: <20190319221224.7759.qmail@stuge.se> Date: Tue, 19 Mar 2019 22:12:24 +0000 From: Peter Stuge To: libssh2-devel@cool.haxx.se Subject: Re: Code style and project status References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2JMCUDL020315 Salvador Fandino wrote: > Note that I am not against that plan. I just think it shouldn't be > done until at least the most recent PRs are reviewed. Remember that what Daniel has found and addressed has happened because of a lack of basic peer review practice. That lack of review has certainly made the codebase even more of a mess than it already was, so it seems quite unlikely that there will magically be review to guide and finally incorporate open PRs. > anecdotal evidence that the project is not very good at getting new > people involved IMO it is always the responsibility of new people to get involved in the project, not the other way around. //Peter _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 09:17:08 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2K8GTJt007531; Wed, 20 Mar 2019 09:16:57 +0100 Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20:0:0:0:e32]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2K8GQWd007501 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 20 Mar 2019 09:16:27 +0100 Received: by mail-vs1-xe32.google.com with SMTP id e1so954406vsp.2 for ; Wed, 20 Mar 2019 01:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=AZnx0wQ9XS7pz4FBU9xO2A46sqocpVJc5/jf8puZIE4=; b=Dpbx+01WkyHRPBB0EDnU3nMPv/PbrK0nABjoeR8V//qumaeyBzCOk8YqVR0ekiHf9S 09lNQHQ/VZRS3cZHbeJXMIboY+7u3ZeRw3uG1giOds0UPVj8zbaCPnK3sjbSTOSwuXJd qog7KQp+wrZXULldpHeiVAWiAMajbfyzA9I9Lspfnt/6L4+YW5j4eWQFFjIBfVl0laJS DO0rDHO5FPmOmtQwY9Qa+V2QJC2tF8eikOZQb+gsbWtJCbWVD/p8NvOFZG6PazD+fb/S LwpI8NulcuBsVPLpyxkKP0QdM1IxUouKiddkVosBLaAdUrODwNHvAqtFhOgfynBYu9mC kzng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=AZnx0wQ9XS7pz4FBU9xO2A46sqocpVJc5/jf8puZIE4=; b=CUPZ0NP+PKGax+pxBx5e0DAJvKV2j4+d5t4a50kby1gfgnukm1ZnLkj4q+1psnaTrh YGQbvKK0y/AbKPpejmq17/a6Ib3lHstg5TtzSlNjYUvrjAJUWJ53cLQMMjTXJzv9FW/S SJL+PT+CpTM46kYUMjNUPiiH9ETw6v/Fl7hrmCUVJtakohgioCpBPR4z4wPLeLecuhmM qZIba6RHQ8BF5op2xQ8VyxANcZYi2EGrcBSX9VDob/NY9nBMH/HweGbJZ6YQKWpmKrDV ENeSUozvDIFXvoiIy4PRt3Jpd+jCXVCYzR72BPFIYYTiGH7L3QLyFXCbqWeDw0DV4Noj 3B3g== X-Gm-Message-State: APjAAAXh6u4fUahY5bOFUerH8OklSVxkbkxbZ/vvwtGvz+7tfiZMSZle QvVsuRVH/z8fu7+49q/8mn2gNWoRmfrpbYIYOzYcgQ== X-Google-Smtp-Source: APXvYqwuhVp5PtHKxp71BJVN6dSOhfrCBCUEc5CNq4h+sD6fE8xu/N5VxCbxM4s5yq4EPmOe5EoGsqrEjtgpWvtshuM= X-Received: by 2002:a67:ec8d:: with SMTP id h13mr3963218vsp.52.1553069781224; Wed, 20 Mar 2019 01:16:21 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Micka Date: Wed, 20 Mar 2019 09:16:09 +0100 Message-ID: Subject: Re: [RELEASE] libssh2 1.8.1 To: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2K8GTJt007531 Hi, when I switch to the version 1.8.1 with libcurl 7.64.1-DEV, I got this error: Unable to send userauth-publickey request When I switch back to the library 1.8.0 with libcurl, it works. What happen to this new lib of libssh2 ? how can I help to find the error ? Micka, On Mon, Mar 18, 2019 at 10:44 PM Daniel Stenberg wrote: > > Hello! > > I'm happy to announce that we have release libssh2 1.8.1. This release is a > pure security release with no less than *nine* security fixes addressed. See > also the separate security announcement following this email. > > As always, get it from https://www.libssh2.org/ > > The changes included in 1.8.1 are: > > o fixed possible integer overflow when reading a specially crafted packet > (https://www.libssh2.org/CVE-2019-3855.html) > o fixed possible integer overflow in userauth_keyboard_interactive with a > number of extremely long prompt strings > (https://www.libssh2.org/CVE-2019-3863.html) > o fixed possible integer overflow if the server sent an extremely large > number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html) > o fixed possible out of bounds read when processing a specially crafted > packet (https://www.libssh2.org/CVE-2019-3861.html) > o fixed possible integer overflow when receiving a specially crafted exit > signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html) > o fixed possible out of bounds read when receiving a specially crafted exit > status message channel packet (https://www.libssh2.org/CVE-2019-3862.html) > o fixed possible zero byte allocation when reading a specially crafted SFTP > packet (https://www.libssh2.org/CVE-2019-3858.html) > o fixed possible out of bounds reads when processing specially crafted SFTP > packets (https://www.libssh2.org/CVE-2019-3860.html) > o fixed possible out of bounds reads in _libssh2_packet_require(v) > (https://www.libssh2.org/CVE-2019-3859.html) > > -- > > / daniel.haxx.se > _______________________________________________ > libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 09:29:40 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2K8TNi4018253; Wed, 20 Mar 2019 09:29:38 +0100 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2K8TLrt018202 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 09:29:22 +0100 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D002C81E09; Wed, 20 Mar 2019 08:29:15 +0000 (UTC) Received: from kdudka-nb.localnet (unknown [10.43.2.82]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D1DA1001DC2; Wed, 20 Mar 2019 08:29:15 +0000 (UTC) From: Kamil Dudka To: Micka Subject: Re: [RELEASE] libssh2 1.8.1 Date: Wed, 20 Mar 2019 09:29:20 +0100 Message-ID: <2547502.xG52y0PfmE@kdudka-nb> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 20 Mar 2019 08:29:15 +0000 (UTC) X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Cc: libssh2-devel@cool.haxx.se Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2K8TNi4018253 On Wednesday, March 20, 2019 9:16:09 AM CET Micka wrote: > Hi, when I switch to the version 1.8.1 with libcurl 7.64.1-DEV, I got > this error: > > Unable to send userauth-publickey request > > > When I switch back to the library 1.8.0 with libcurl, it works. > > > What happen to this new lib of libssh2 ? how can I help to find the error ? > > > Micka, I believe that the following upstream commit will fix it: https://github.com/libssh2/libssh2/commit/ca274448 Kamil _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 15:27:29 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2KEQpGq003687; Wed, 20 Mar 2019 15:27:23 +0100 Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583:0:0:0:1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2KEQmfC003631 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 15:26:49 +0100 Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x2KENlXN010995 for ; Wed, 20 Mar 2019 14:26:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=mFWNRgM94x8CLL769dTWzTDdi7308iXYoo65G+sjjyU=; b=lwUwAhR9ojNDJn/+RDfW8muJHYF0Ok2IiRr0l7xB7LK8K0NF0shnRaBBDgJYdfRY3fS2 6ONAeHonFjQe4ceXzXdHArfj05VXBXXlzma6ZOka6b337/By20+Wr3b+m/qQpYvKjzuQ Q+NfShYQUzltElm8IFxpUWu+Kdr+lkz29M8a2PacmQMXaKdwVYd6h0wOX3oaSoPsKxMW l4XCCvoiuc8qlE4YhYMOUk5nnf2CfWnCMaN88F2OBRtxUGyFeQ3/mS73887tb6sNP44p 9hKf84uvZI8OoYyNMYLpcZtyvunKKZgEA0cq/aR9kjlRm9zmAX6/BtCA5leYH0JwmnEx Kg== Received: from prod-mail-ppoint3 (a96-6-114-86.deploy.static.akamaitechnologies.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2rbpfy872j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 14:26:47 +0000 Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x2KEHta0021338 for ; Wed, 20 Mar 2019 10:26:46 -0400 Received: from email.msg.corp.akamai.com ([172.27.25.31]) by prod-mail-ppoint3.akamai.com with ESMTP id 2r8vfyrehp-7 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 10:26:45 -0400 Received: from USTX2EX-DAG3MB3.msg.corp.akamai.com (172.27.27.24) by USTX2EX-DAG3MB6.msg.corp.akamai.com (172.27.27.28) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 20 Mar 2019 09:26:02 -0500 Received: from USTX2EX-DAG3MB3.msg.corp.akamai.com ([172.27.27.24]) by USTX2EX-DAG3MB3.msg.corp.akamai.com ([172.27.27.24]) with mapi id 15.00.1473.003; Wed, 20 Mar 2019 09:25:55 -0500 From: "Kelley, Ryan" To: libssh2 development Subject: RE: [RELEASE] libssh2 1.8.1 Thread-Topic: [RELEASE] libssh2 1.8.1 Thread-Index: AQHU3dOc7y9a+qtDLk+9bo4NJrAIx6YUgoKAgAATJHA= Date: Wed, 20 Mar 2019 14:25:55 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.42.122] MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-20_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903200110 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-20_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903200111 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: multipart/mixed; boundary="===============2042152305==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============2042152305== Content-Language: en-US Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0000_01D4DF07.4CCA52C0" ------=_NextPart_000_0000_01D4DF07.4CCA52C0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit I'd try grabbing the package again as they pulled the update due to a misapplied patch and then republished it the next day. If its still an issue after that then it needs further escalation for sure. Ryan Kelley -----Original Message----- From: Micka Sent: Wednesday, March 20, 2019 4:16 AM To: libssh2 development Subject: Re: [RELEASE] libssh2 1.8.1 Hi, when I switch to the version 1.8.1 with libcurl 7.64.1-DEV, I got this error: Unable to send userauth-publickey request When I switch back to the library 1.8.0 with libcurl, it works. What happen to this new lib of libssh2 ? how can I help to find the error ? Micka, On Mon, Mar 18, 2019 at 10:44 PM Daniel Stenberg wrote: > > Hello! > > I'm happy to announce that we have release libssh2 1.8.1. This release > is a pure security release with no less than *nine* security fixes > addressed. See also the separate security announcement following this email. > > As always, get it from https://www.libssh2.org/ > > The changes included in 1.8.1 are: > > o fixed possible integer overflow when reading a specially crafted packet > (https://www.libssh2.org/CVE-2019-3855.html) > o fixed possible integer overflow in userauth_keyboard_interactive with a > number of extremely long prompt strings > (https://www.libssh2.org/CVE-2019-3863.html) > o fixed possible integer overflow if the server sent an extremely large > number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html) > o fixed possible out of bounds read when processing a specially crafted > packet (https://www.libssh2.org/CVE-2019-3861.html) > o fixed possible integer overflow when receiving a specially crafted exit > signal message channel packet > (https://www.libssh2.org/CVE-2019-3857.html) > o fixed possible out of bounds read when receiving a specially crafted > exit > status message channel packet > (https://www.libssh2.org/CVE-2019-3862.html) > o fixed possible zero byte allocation when reading a specially crafted > SFTP > packet (https://www.libssh2.org/CVE-2019-3858.html) > o fixed possible out of bounds reads when processing specially crafted > SFTP > packets (https://www.libssh2.org/CVE-2019-3860.html) > o fixed possible out of bounds reads in _libssh2_packet_require(v) > (https://www.libssh2.org/CVE-2019-3859.html) > > -- > > / daniel.haxx.se > _______________________________________________ > libssh2-devel > https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel ------=_NextPart_000_0000_01D4DF07.4CCA52C0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISBDCCA60w ggKVoAMCAQICEHzz/GscXD6OTELtkPAFBCIwDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNQWth bWFpUEtJUm9vdDAeFw0wOTA0MjgxNDQzMjNaFw0yOTA0MjgxNDUzMjJaMBgxFjAUBgNVBAMTDUFr YW1haVBLSVJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHg35oORsqSDVtKlXN BH3kTPboZGPKhL6cxaBOAsPMu1icWBeIC+0u/7bPxNOIuToDkx2pVqEAjPpCfgsmv3Xx2UY9wKwj XE3Vu/M0YLSOgA64D/JDSkTb9nSYg2DzPTfH10DoKg/kU0SEt3sa1k2T6Ku3s9tZIon1BJcNFTAG nx+WF8+NQQbLMaR2EzGkVF2RY7HBIXNrjWy5/tN00u7jJbN0hOoYl3oSjhdigsJ+tn0Ge0CcrHId rFZle+C8uiYc8msazzDKCsTMnLdvXt2jWPM1Xc7UgoZ/en4UgmDj871gX8r+CtgOuA/bHLGkP6Dp FikbdxUCPT3XoQletC8pAgMBAAGjgfIwge8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w HQYDVR0OBBYEFNg9O/P+HDpCd+Bcyi9mE+TaoAUMMBAGCSsGAQQBgjcVAQQDAgEAMIGdBgNVHSAE gZUwgZIwgY8GCSoDBAUGBwgJDzCBgTBYBggrBgEFBQcCAjBMHkoAQQBrAGEAbQBhAGkAIABDAGUA cgB0AGkAZgBpAGMAYQB0AGUAIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0AGUAbQBlAG4AdDAl BggrBgEFBQcCARYZaHR0cDovL2FrYW1haXBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA NHT0cXtlfszRk0tbIPfDrXOMnvgW+N3NuJxW5ZhYQODM7KRiJQAgqynYhfFwXb0S94nAunGzzIa9 xCEDY6b98WDXM2Rr2bDaIcJS1OxWCH6J87/cEMZQf6gO4veseaveHjTiC4EDeWZ4nyYbUgT+6Rbz 3xsxdfEhze49yLrqCtUYsG3FCrix5y9xLMy0YVMWRzp0T7I34buJCvBIyOsdIMErQQptNpmlRspl 6B7MrV0AYY/FIxh8V3hHLu8HfrMQNsjRy08s9EiuKPe/1CFx5yZQOOt+8sn8EJ1NdXGUYTKBphD7 u/lazncPr6fpcmKidmk6+H8i+9E7o44WpaaV6DCCBjYwggUeoAMCAQICChsbaFcAAAAAAAQwDQYJ KoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMNQWthbWFpUEtJUm9vdDAeFw0wOTA2MDMxMzE2MjFaFw0x OTA2MDMxMzI2MjFaMF4xEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2Ft YWkxFDASBgoJkiaJk/IsZAEZFgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqPGGQN5Xz5QhjrAOiR5ZeKJ877eOxX2Ais/T5cL kVeRoJCv18uNcEhuRqbDl9G47784PzZi8nkjNbblwyXg8ZSweWnz1en5ZeDMdO6XQ8eQrKGMJ2FN 70WUbW8uDJRw6oGcnsLvcFiN3lKRi/RdSSuO649Tkfzq+A9zFcxABosmmYDCSJ1+B6noMarjHG62 AjwjPotnJo95wR7raXs+JRDsBVPXazas8aPduNyN/yBN/ianrjc/AKi2vzRETb98qvv3h2GWdif7 nBew1UN2dIKmImH3AA5djlfpjU4NtP+XCoBHUtaLg7Npi7+GsYLcmB0b63L02cs9QCXA4oOeawID AQABo4IDOjCCAzYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUB+y0jq9nhlSI772zFFdJz4JM vxQwCwYDVR0PBAQDAgGGMBAGCSsGAQQBgjcVAQQDAgECMCMGCSsGAQQBgjcVAgQWBBSoJ9lbQyx7 FwMht3LPL4u8ambeJDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBTYPTvz /hw6QnfgXMovZhPk2qAFDDCCATAGA1UdHwSCAScwggEjMIIBH6CCARugggEXhiJodHRwOi8vYWth bWFpcGtpL0FrYW1haVBLSVJvb3QuY3JshjhodHRwOi8vYWthbWFpcGtpLmRmdzAxLmNvcnAuYWth bWFpLmNvbS9Ba2FtYWlQS0lSb290LmNybIaBtmxkYXA6Ly8vQ049QWthbWFpUEtJUm9vdCxDTj11 c21hMWNhLXBraTAsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz LENOPUNvbmZpZ3VyYXRpb24sREM9ZnIsREM9YWRzdmM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz dD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIBTgYIKwYBBQUHAQEEggFA MIIBPDA7BggrBgEFBQcwAoYvaHR0cDovL2FrYW1haXBraS91c21hMWNhLXBraTBfQWthbWFpUEtJ Um9vdC5jcnQwUQYIKwYBBQUHMAKGRWh0dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWku Y29tL3VzbWExY2EtcGtpMF9Ba2FtYWlQS0lSb290LmNydDCBqQYIKwYBBQUHMAKGgZxsZGFwOi8v L0NOPUFrYW1haVBLSVJvb3QsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZnIsREM9YWRzdmM/Y0FDZXJ0aWZpY2F0ZT9iYXNl P29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEBADkq msMzAXzel+sFb7Z3lFZ3uydL4mgSW5taIvqlvy7gAFfWaAgkurkKqzDSVT4TRGH7eJP1yVK/L2R6 oII4e6NlJFM1iyD+AFhPR7qVzOAnrDlJD/v9q0JZBNDvNQSSApRMHQ0VYRuMC1HruQexFvqDBoqj J1oEGYWthlOt+sLWXwqQxBILOGt0vcsUx/QJX3FRhLjEri+aO0XVBdRaNiZyB50kmhNelgWRPT5O sDuz17HVVF6R8KpDzOKCJ1nS/eUxW9nkxH0E5/BC2Q0IMP9TGxKs4j8qKTW2gbqOBDekUsWFDgvv 6HJlYSDJNwqy0j38ANOSuw0LPg6v6nLsDx0wgggVMIIG/aADAgECAgpjGOerAAIACuHCMA0GCSqG SIb3DQEBBQUAMF4xEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkx FDASBgoJkiaJk/IsZAEZFgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nMB4XDTE4MTIx OTE2MTg1OFoXDTE5MDYwMzEzMjYyMVowazEcMBoGA1UEChMTQWthbWFpIFRlY2hub2xvZ2llczEW MBQGA1UECwwNU1NMX0JPUy1XUEk4TTEQMA4GA1UEAxMHcmtlbGxleTEhMB8GCSqGSIb3DQEJARYS cmtlbGxleUBha2FtYWkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUJY8vN9 1nObraWs2MJutWK9kj/TH+mXcanNxkj1Ta6ovSf/QQUT4b+2WTN309TwYFGOPMr5Rl52fQTc8oU3 PH8tR2W0WnbEMoL+xvWkT7rrKmne0GxdAlNYSgYVebNNXRskFlE/hklVL+6Nbqb+qfBCp7juW36t xA67hRXKeBsM4lTrk5p1Po0OxOSg0L5f/y0hvvg2MiCt4XMWth7piwf6dNukwJ587voJtgfHMKUh AeFAikEArIB9TKNws+JKvOm5EJOKjtPbed0awCDZkG9Xf9qE5Xq60MKAsVxM6i9lTGoBxUJ+sCSy orlXir20GXkfAJpbE1idWRSHMAlOiwIDAQABo4IExjCCBMIwCwYDVR0PBAQDAgWgMDMGA1UdJQQs MCoGCCsGAQUFBwMHBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYIKwYBBQUHAwQweAYJKoZIhvcNAQkP BGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglghkgB ZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNV HQ4EFgQUFIC3zJEyIbzylNS0Om2tQZndpEQwRgYDVR0RBD8wPYEScmtlbGxleUBha2FtYWkuY29t oCcGCisGAQQBgjcUAgOgGQwXcmtlbGxleUBjb3JwLmFrYW1haS5jb20wHwYDVR0jBBgwFoAUB+y0 jq9nhlSI772zFFdJz4JMvxQwggE5BgNVHR8EggEwMIIBLDCCASigggEkoIIBIIYlaHR0cDovL2Fr YW1haXBraS9Ba2FtYWlQS0lJc3N1aW5nLmNybIY7aHR0cDovL2FrYW1haXBraS5kZncwMS5jb3Jw LmFrYW1haS5jb20vQWthbWFpUEtJSXNzdWluZy5jcmyGgblsZGFwOi8vL0NOPUFrYW1haVBLSUlz c3VpbmcsQ049dXNtYTFjYS1wa2kxLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxD Tj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWZyLERDPWFkc3ZjP2NlcnRpZmljYXRlUmV2 b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCCAbwGCCsG AQUFBwEBBIIBrjCCAaowWQYIKwYBBQUHMAKGTWh0dHA6Ly9ha2FtYWlwa2kvdXNtYTFjYS1wa2kx LmtlbmRhbGwuY29ycC5ha2FtYWkuY29tX0FrYW1haVBLSUlzc3VpbmcoMikuY3J0MG8GCCsGAQUF BzAChmNodHRwOi8vYWthbWFpcGtpLmRmdzAxLmNvcnAuYWthbWFpLmNvbS91c21hMWNhLXBraTEu a2VuZGFsbC5jb3JwLmFrYW1haS5jb21fQWthbWFpUEtJSXNzdWluZygyKS5jcnQwgawGCCsGAQUF BzAChoGfbGRhcDovLy9DTj1Ba2FtYWlQS0lJc3N1aW5nLENOPUFJQSxDTj1QdWJsaWMlMjBLZXkl MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWZyLERDPWFkc3ZjP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MC0GCCsG AQUFBzABhiFodHRwOi8vYWthbWFpb2NzcC5ha2FtYWkuY29tL29jc3AwPAYJKwYBBAGCNxUHBC8w LQYlKwYBBAGCNxUIgs7lOoe41C2BhYsHouMhhtIPgUmE5N8FgZD6FAIBZAIBGzBBBgkrBgEEAYI3 FQoENDAyMAoGCCsGAQUFBwMHMAoGCCsGAQUFBwMCMAwGCisGAQQBgjcKAwQwCgYIKwYBBQUHAwQw DQYJKoZIhvcNAQEFBQADggEBACA27o6KASdp8tdE+bHoBGgvX99fI2cQ108wFjdK7xMejBCVbzYB jJN2RuATwUgDpzfPct8HXc6zvZyd2v3g7Rwfp6XQHU4fqfMiXuwuJHeo9Kgoen3JnUPmIavZlkUK gScnsIl6JRalFjpccleX6GsUARthHAd+AzvFEJX2JO6b8lqTJvWbKUvxEG1L8QDtLAf55jy/qxRV ACOxh+heUMcY2Utg2KX3uTVdOjJLrjjRKMXJLLEfYNriykvg5JjaJiT5CaHWGz4zR18nvHSM1LFE H8DfbJN4GfTw/ykxIEtF50ohE8EH85IUJJwZL4C12oaKaFJBShuPBFntlW2aUQwxggOGMIIDggIB ATBsMF4xEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkxFDASBgoJ kiaJk/IsZAEZFgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nAgpjGOerAAIACuHCMAkG BSsOAwIaBQCgggHvMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE5 MDMyMDE0MjU1NFowIwYJKoZIhvcNAQkEMRYEFKqtDRNgzThIKB6tHDDKSPGbpA/tMHsGCSsGAQQB gjcQBDFuMGwwXjETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmFrYW1haTEU MBIGCgmSJomT8ixkARkWBGNvcnAxGTAXBgNVBAMTEEFrYW1haVBLSUlzc3VpbmcCCmMY56sAAgAK 4cIwfQYLKoZIhvcNAQkQAgsxbqBsMF4xEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/Is ZAEZFgZha2FtYWkxFDASBgoJkiaJk/IsZAEZFgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1 aW5nAgpjGOerAAIACuHCMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFl AwQBFjAKBggqhkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIaMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwCwYJYIZIAWUDBAIBMA0GCSqG SIb3DQEBAQUABIIBAINous5qiT3VCA8vXSgwXc3PzSyHtEvmMv9r0c/gkRPDyDW4ei1TqpZ/g6mD +Ydds4lzHeMTSneaxhzBh86m3Kd0JqP5HDaon4XP4V+EMLoN7Y7vsF1uoP9h85uBITA6WNErHoK0 tj0qu2qWNVgF5I7RGjI4zHfSoevaD1CgfNUbTTizLG/uH08pLa9jLJd4inm1U/iG4eE4+W19aSxz wFAO5jg+BWwWTnCx9/kfh6Bm39xALrcY2FJcgTeS90HPgy7z4VgULg84zSNIEQ8fMnUm3HLkzlUU R2Ut+WBch+d8u4D/0blOWzkSTj2qvp3djvNyjlbwF/aUU5qmgYqDoGYAAAAAAAA= ------=_NextPart_000_0000_01D4DF07.4CCA52C0-- --===============2042152305== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --===============2042152305==-- From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 15:28:52 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2KESdvN005204; Wed, 20 Mar 2019 15:28:52 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2KEScX3005199 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 15:28:38 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2KEScBH005193 for ; Wed, 20 Mar 2019 15:28:38 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Wed, 20 Mar 2019 15:28:38 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: Code style and project status In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2KESdvN005204 On Sun, 17 Mar 2019, Daniel Stenberg wrote: > Some of the issues I found: This is now merged. With this, we should no longer land code that causes compiler warnings or code style warnings as the CI will yell at us if we try. I'm sure a few (most?) pull-requests now need to get rebased, but I think that's a necessary price to pay. The upside is that they will also now get checked much more critically and some of them will be get warnings to work on - fully automatically. 'make checsrc' in the source root runs the style checker if you build with configure. I might add a rule to do it automatically for --enable-debug builds in a future. That's how I do it in curl and I find it convenient and really helps to write code to stick to the style. I would appreciate some help in generating the similar make target made for cmake builds, as I still lack basic cmake skills... :-/ -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 15:35:40 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2KEZPO0009754; Wed, 20 Mar 2019 15:35:38 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2KEZOrQ009748 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 15:35:24 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2KEZOrJ009742 for ; Wed, 20 Mar 2019 15:35:24 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Wed, 20 Mar 2019 15:35:24 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Ship a 1.9.0 asap Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2KEZPO0009754 Hey, We have lots of users wanting fixes and enhancements merged since 1.8.0 that weren't incduded in the 1.8.1 release. I propose that we set a date on which we release 1.9.0 and until then we can merge some final bug-fixes if people have them and they look fine. Can we do March 27 or is it too aggressive? My second alternative is April 11. -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 22:52:54 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2KLpcAY015365; Wed, 20 Mar 2019 22:52:47 +0100 Received: from mail.panic.com (mail.panic.com [38.103.165.36]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2KLpZhS015301 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 22:51:36 +0100 Received: from [10.0.0.249] (unknown [10.0.0.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.panic.com (Postfix) with ESMTPSA id 5EA8129C for ; Wed, 20 Mar 2019 14:51:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=panic.com; s=dkim; t=1553118688; bh=T5LuVvjXEDLDlAqqdmN0pDvrk+/+TEckqfjWzPoC9qg=; h=From:Subject:Date:References:To:In-Reply-To; b=UE0hMy3Zb4e6o6AxQyaGpddU5oSkoNKxvzPKuxCaV6OYq/5/IuqUZBfDveh0JgBIJ hoTIc0PYKWWnMU/7XAQFWo56eJfyVK8wVn7unPrjPSKnqKuHIF2tzdJR3T429a/bFR hAc4vgLnJAa7L89NlrzDf7YI7tfZLFCW9EgH7DTg= From: Will Cosgrove Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Code style and project status Date: Wed, 20 Mar 2019 14:51:28 -0700 References: To: libssh2 development In-Reply-To: Message-Id: <5ACF04CA-F1EA-4200-80C4-56A741B1D32E@panic.com> X-Mailer: Apple Mail (2.3445.102.3) X-MIME-Autoconverted: from quoted-printable to 8bit by giant.haxx.se id x2KLpZhS015301 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2KLpcAY015365 Any chance we can extend the line length over 80 characters? Is there a reason to use this antiquated value? It makes using descriptive function & variable names problematic and also forces a lot of wrapping in if statements which makes them harder to parse. Thanks, Will > On Mar 20, 2019, at 7:28 AM, Daniel Stenberg wrote: > > On Sun, 17 Mar 2019, Daniel Stenberg wrote: > >> Some of the issues I found: > > This is now merged. > > With this, we should no longer land code that causes compiler warnings or code style warnings as the CI will yell at us if we try. _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 23:17:51 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2KMHUHO005956; Wed, 20 Mar 2019 23:17:45 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2KMHQu1005888 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 23:17:26 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2KMHQCc005840 for ; Wed, 20 Mar 2019 23:17:26 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Wed, 20 Mar 2019 23:17:26 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: Code style and project status In-Reply-To: <5ACF04CA-F1EA-4200-80C4-56A741B1D32E@panic.com> Message-ID: References: <5ACF04CA-F1EA-4200-80C4-56A741B1D32E@panic.com> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2KMHUHO005956 On Wed, 20 Mar 2019, Will Cosgrove wrote: > Any chance we can extend the line length over 80 characters? Is there a > reason to use this antiquated value? Some call it antiquated. I call it sensible. Seriously though, I'm open to discussing the rules as I believe consistency is more valuable than insisting on an exact style. Code style is a lot about taste and religion. So what do you say is a suitable max length? Let me state why I think code should be within 80 columns: - To allow many code editor windows next to each other on my screens (I often have several) - To fit in a "standard" terminal with when using regular command line tools - The above include sensible line widths when doing "git blame" and gdb'ing from command line - To let diff tools like the github diff viewer to sensibly show before and after in two columns in a not too crazily wide browser window. - For the same reason books and newspapers don't do overly wide lines: code gets less readable when very wide. > It makes using descriptive function & variable names problematic I actually think it works the other way around. It forces us to stop using ridiculously long and hard-to-read names and instead encourage us to use shorter names that are more readable and easier to remember. I do think we still have far too many very long names in libssh2. > and also forces a lot of wrapping in if statements which makes them harder > to parse. The easy fix for this is: shorter names, fewer indent levels. But I'm also used to code like this and I think multi-line statements are easier to read than very wide statements. Again: preference and taste. -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Wed Mar 20 23:34:19 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2KMXxJg017264; Wed, 20 Mar 2019 23:34:13 +0100 Received: from mail.panic.com (mail.panic.com [38.103.165.36]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2KMXv9Y017112 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 20 Mar 2019 23:33:58 +0100 Received: from [10.0.0.249] (unknown [10.0.0.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.panic.com (Postfix) with ESMTPSA id E38EF525 for ; Wed, 20 Mar 2019 15:33:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=panic.com; s=dkim; t=1553121232; bh=0i9eVO+pa65ar9y+iHrwOYg+pTEfil++C9h+8kbFY3Q=; h=From:Subject:Date:References:To:In-Reply-To; b=Y8ZyXxkaJuLTV0WKnDkVGc0icAmGGL1eW85NltoHzBYLvneS8osveHViOPwhMYd8C d3QqtLgAaK3Uu5zYHZM2YH3wNcMkvU1kp4uaCU1piczndyb9LzileTqNZbRfn30dvM rG2jJREZmDBms2klEA7Xv9FN7cwfguRzlvTiDg+4= From: Will Cosgrove Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Code style and project status Date: Wed, 20 Mar 2019 15:33:52 -0700 References: <5ACF04CA-F1EA-4200-80C4-56A741B1D32E@panic.com> To: libssh2 development In-Reply-To: Message-Id: <363DF874-FFFB-428F-A970-6A3816671023@panic.com> X-Mailer: Apple Mail (2.3445.102.3) X-MIME-Autoconverted: from quoted-printable to 8bit by giant.haxx.se id x2KMXv9Y017112 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2KMXxJg017264 >> Any chance we can extend the line length over 80 characters? Is there a reason to use this antiquated value? > > Some call it antiquated. I call it sensible. > > Seriously though, I'm open to discussing the rules as I believe consistency is more valuable than insisting on an exact style. Code style is a lot about taste and religion. > > So what do you say is a suitable max length? My first thought would be 100 characters. A modest increase. > I actually think it works the other way around. It forces us to stop using ridiculously long and hard-to-read names and instead encourage us to use shorter names that are more readable and easier to remember. I do think we still have far too many very long names in libssh2. The issue with shorter variables/function names is when people come into the project and do not know what they represent. There needs to be some balance. I error on the side of being verbose as you may have guessed. Thanks, Will _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Mar 21 15:40:38 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2LEe3KJ018732; Thu, 21 Mar 2019 15:40:30 +0100 Received: from milliways.cryptomilk.org (milliways.cryptomilk.org [78.46.80.163]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2LEe2hC018291 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 21 Mar 2019 15:40:02 +0100 Received: from magrathea.fritz.box (ppp-62-216-200-190.dynamic.mnet-online.de [62.216.200.190]) by milliways.cryptomilk.org (Postfix) with ESMTPSA id EA5B3E0E09; Thu, 21 Mar 2019 15:40:02 +0100 (CET) From: Andreas Schneider To: libssh2-devel@cool.haxx.se Subject: Re: Code style and project status Date: Thu, 21 Mar 2019 15:40:02 +0100 Message-ID: <3290451.hhWIiTcNl5@magrathea.fritz.box> In-Reply-To: References: <5ACF04CA-F1EA-4200-80C4-56A741B1D32E@panic.com> MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Cc: Daniel Stenberg Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2LEe3KJ018732 On Wednesday, March 20, 2019 11:17:26 PM CET Daniel Stenberg wrote: > On Wed, 20 Mar 2019, Will Cosgrove wrote: > > Any chance we can extend the line length over 80 characters? Is there a > > reason to use this antiquated value? > > Some call it antiquated. I call it sensible. It isn't antiquated at all, there is an important reason for this. This forces you to write cleaner code. If you start writing loops and if clause and you exceed 80 columns it is and indicator that you should create a new functions. For that reason the Samba project and the Kernel use 8 char tab stop. Personally I prefef 4 spaces but that's another discussion. The other reason is that a lot of people work with split windows :-) Also you should use one argument per line like: void my_very_long_function_name_with_dashes(struct my_super_duper_s arg1, struct my_super_duper_s arg2, bool x); What is the benefit of writing it like that or calling it like: my_very_long_function_name_with_dashes(arg1, arg2, x); If you later change the name of one argument, or add a new one the diff will be smaller and easier to review :-) Lessens learned in a project older than the Linux Kernel ;-) Just my 2 cents. Andreas -- Andreas Schneider asn@cryptomilk.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Thu Mar 21 15:41:54 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2LEfgL9019576; Thu, 21 Mar 2019 15:41:54 +0100 Received: from milliways.cryptomilk.org (milliways.cryptomilk.org [78.46.80.163]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2LEfedx019550 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 21 Mar 2019 15:41:40 +0100 Received: from magrathea.fritz.box (ppp-62-216-200-190.dynamic.mnet-online.de [62.216.200.190]) by milliways.cryptomilk.org (Postfix) with ESMTPSA id 29C6BE0E09; Thu, 21 Mar 2019 15:41:41 +0100 (CET) From: Andreas Schneider To: libssh2-devel@cool.haxx.se Subject: Re: Code style and project status Date: Thu, 21 Mar 2019 15:41:40 +0100 Message-ID: <5634236.aayujYU0rc@magrathea.fritz.box> In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Cc: Daniel Stenberg Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2LEfgL9019576 On Sunday, March 17, 2019 5:56:38 PM CET Daniel Stenberg wrote: > Hi all, Hi, > - It should cause the CI to fail on blatant style violations - it checks > some of the most obvious things - but can still be foooled. It's not a > replacement for human reviews. But as long as it warns on something, > the code isn't code-style compliant. you should look into https://cmocka.org/ and https://cwrap.org/ to improve tests. Just my 2 cents. Andreas -- Andreas Schneider asn@cryptomilk.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 24 00:15:57 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2NNFFuh005128; Sun, 24 Mar 2019 00:15:46 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2NNFDLn005078 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 24 Mar 2019 00:15:13 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2NNFDwd005073 for ; Sun, 24 Mar 2019 00:15:13 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Sun, 24 Mar 2019 00:15:13 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: commit messages and ABI Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2NNFFuh005128 Team! We also need to 1. Stick to the commit message style. The commit message SHOULD follow this template: [area]: [short description] [longer description] [Reported-by: XXX YYY - credit is important!] [Fixes/Closes #num] Personally, I find that alone is a mighty good reason to *not* use the merge button on github since then it's really hard to cleanup and make sure the commit message is fine and compliant. We only commit once (to master) but the commit might be read thousands of times. It is worth spending a little extra time on making it good. I find it really valuable when "git log" tells a good story of the changes without me having to actually read the diff to understand where and what the change was about. Unless of course I want to *exact* details, but that's not what I'm talking about here. 2. Do not break the ABI. I find it curious that nobody else had found this mistake, but changing variable types in a public struct is *not* okay (and it caused my application to get big fat warnings in the build). See https://github.com/libssh2/libssh2/pull/339. This suggests to me we're not ripe for a 1.9.0 release yet. We need more testing first. I'll try to do my part. -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 24 00:17:54 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2NNHi8B009265; Sun, 24 Mar 2019 00:17:54 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2NNHhdF009213 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 24 Mar 2019 00:17:43 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2NNHh0j009209 for ; Sun, 24 Mar 2019 00:17:43 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Sun, 24 Mar 2019 00:17:43 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: Ship a 1.9.0 asap In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2NNHi8B009265 On Wed, 20 Mar 2019, Daniel Stenberg wrote: > My second alternative is April 11. I don't think we're ready yet (and nobody else has said anything) so I'm now aiming for a release on April 11. Please help us out with tests, fixes and code reviews. -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Mon Mar 25 20:38:21 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2PJbILO030850; Mon, 25 Mar 2019 20:38:12 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2PJbG1D030758 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 25 Mar 2019 20:37:16 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2PJbGHE030752 for ; Mon, 25 Mar 2019 20:37:16 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Mon, 25 Mar 2019 20:37:16 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: RELEASE: libssh2 1.8.2 Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2PJbILO030850 Hi! I'm happy to announce a small update to the previous release as we managed to get a little hiccup included. Here's 1.8.2! Get it from https://www.libssh2.org/ as always! libssh2 1.8.2 This release includes the following bugfixes: o Fixed the misapplied userauth patch that broke 1.8.1 o moved the MAX size declarations from the public header This release would not have looked like this without help, code, reports and advice from friends like these: Will Cosgrove (1 contributors) -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Tue Mar 26 00:32:57 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2PNWDFK013996; Tue, 26 Mar 2019 00:32:47 +0100 Received: from gproxy6-pub.mail.unifiedlayer.com (outbound-ss-348.hostmonster.com [74.220.202.212]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2PNW91C013916 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 26 Mar 2019 00:32:10 +0100 Received: from cmgw14.unifiedlayer.com (unknown [10.9.0.14]) by gproxy6.mail.unifiedlayer.com (Postfix) with ESMTP id 0B79A1E1AE0 for ; Mon, 25 Mar 2019 17:26:18 -0600 (MDT) Received: from just14.justhost.com ([173.254.28.14]) by cmsmtp with ESMTP id 8YyvhXa2ZXFO58YyvhDK0X; Mon, 25 Mar 2019 17:26:18 -0600 X-Authority-Reason: nr=8 Received: from [12.52.229.43] (port=60914 helo=WilliamDesk) by just14.justhost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1h8Yyv-000JeA-Jf for libssh2-devel@cool.haxx.se; Mon, 25 Mar 2019 17:26:17 -0600 Message-ID: From: "William Shipley" To: "libssh2 development" References: In-Reply-To: Subject: LIBSSH2_ERROR_KEX_FAILURE Date: Mon, 25 Mar 2019 16:26:17 -0700 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3528.331 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - just14.justhost.com X-AntiAbuse: Original Domain - cool.haxx.se X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - schuylerhouse.com X-BWhitelist: no X-Source-IP: 12.52.229.43 X-Source-L: No X-Exim-ID: 1h8Yyv-000JeA-Jf X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: (WilliamDesk) [12.52.229.43]:60914 X-Source-Auth: william@schuylerhouse.com X-Email-Count: 18 X-Source-Cap: c2NodXlsZTY7c2NodXlsZTY7anVzdDE0Lmp1c3Rob3N0LmNvbQ== X-Local-Domain: yes X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2PNWDFK013996 I've built libssh2 with wincng and have been testing with the CrushFTP server. All has been working smoothly. In trying to install my software at a client site, they are attempting to use AWS SFTP service. When performing the libssh2_session_handshake I am failing with a KEX error. A log from the server indicates: Mar 25 13:58:14 pathlabsrv sshd[4988]: fatal: no matching cipher found: client aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com [preauth] And, indeed, we do not have a matching cipher. I would have expected Windows cryptography to be generally 'vanilla' and I would have expected Amazon to support pretty much anything. From my limited experience they seem to have used Open SSH. Has anyone encountered this? Can anyone give me guidance? Wm -----Original Message----- From: Daniel Stenberg Sent: Monday, March 25, 2019 12:37 PM To: libssh2 development Subject: RELEASE: libssh2 1.8.2 Hi! I'm happy to announce a small update to the previous release as we managed to get a little hiccup included. Here's 1.8.2! Get it from https://www.libssh2.org/ as always! libssh2 1.8.2 This release includes the following bugfixes: o Fixed the misapplied userauth patch that broke 1.8.1 o moved the MAX size declarations from the public header This release would not have looked like this without help, code, reports and advice from friends like these: Will Cosgrove (1 contributors) -- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Tue Mar 26 09:10:50 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2Q8A5S8010153; Tue, 26 Mar 2019 09:10:42 +0100 Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20:0:0:0:229]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2Q8A2mK010002 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 26 Mar 2019 09:10:03 +0100 Received: by mail-oi1-x229.google.com with SMTP id 67so9159826oif.10 for ; Tue, 26 Mar 2019 01:10:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=nbreBC8So4phmTu6lsdUdkGd9LlKdQRkgapZKznOfZI=; b=L6zJsxnucSHJ26U94pbf5S1tZw36c6f7gr+yEK9e50EzkGta9+xFM8EEzjVCFdspJy /B6R+BVhP8thGti6r9ykI2Wj0BEkOy672E5mUudmPdTfrNjFMpdUWKZyzQ4B8IC9estd 5oWaaAJSWMkK6zThVA8CSf/AjAjsQ7LlOtuvunTLzlWZqpxAySnW5H1wzwzC2u+qn2Tj PfrdfRAX3xVIgV5hS4QY/G/ek6XiHhUs8pGd4VWfNxBupaBdJX9xYraYjQDHer8j3oXb VnqWynMEnm6ihPqiNek6Ltrazuz2sV7yh1QYTEPdNiYceQIsg6b1oMYmDcYqfByvQz11 xsTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=nbreBC8So4phmTu6lsdUdkGd9LlKdQRkgapZKznOfZI=; b=QsUcmPts/0zFp+StKpOoNdS0h5ydqnDGDcxfXUui2pLLj8zv+Btu006ZGRoOCQPo6X ulV65bmqW4X4XgHtKaV9DDgG31fu9GFGkd1BdpetsjKdDZNH8KOZBnpHqRhi3WwXrf+A kCVY95SKky0GBVWfp8CKOgZ/Hd5it/OFE2Ci+2FfvjoJqRPfzvG5JrRltxPA6Zy+98+Z aGMUHgNh8lMyWxw/N87BZIbVrj0fMZhgzo9NizLf2rCK05PeH83uclnHwmS8PJMi5dZP ZAoAQ69+Hrjgs75fyw4qbY5U4mz0iGdtjQEp+AtQaRLhv9oszeM135FDetK1EmduV8vf 9odg== X-Gm-Message-State: APjAAAUNhGiHp+aydqmNGG5cwM8nG3V2rEKWCh91tR5uDPgw/4y8kCMi 4bS/U44hAQcjDfCjzY9tN7RMfGtaHiiXogbprxMJbA== X-Google-Smtp-Source: APXvYqxMvPMidJNIMPb/e2nSKG7p4zMpC6Fqtnasl17A7T+zlhx68dch/r929btV6dFkJP14z+izxb+vMhhUzS2MslU= X-Received: by 2002:aca:d595:: with SMTP id m143mr13964752oig.31.1553587796956; Tue, 26 Mar 2019 01:09:56 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?Daniel_Jeli=C5=84ski?= Date: Tue, 26 Mar 2019 09:09:45 +0100 Message-ID: Subject: Re: LIBSSH2_ERROR_KEX_FAILURE To: libssh2 development X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: multipart/mixed; boundary="===============2138808004==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============2138808004== Content-Type: multipart/alternative; boundary="000000000000c3da8d0584fad838" --000000000000c3da8d0584fad838 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, All ciphers provided by your client are insecure: RC4 is insecure, CBC mode of operation is insecure, client does not provide anything else. GCM is not supported by libssh2. CTR is not supported by wincng, though I think I saw some code to emulate it on top of ECB, wonder why it didn't work for you. I can't comment on chacha, but it may also be unimplemented in libssh2. Regards, Daniel wt., 26 mar 2019 o 00:34 William Shipley napisa=C5=82(a): > I've built libssh2 with wincng and have been testing with the CrushFTP > server. All has been working smoothly. In trying to install my software a= t > a > client site, they are attempting to use AWS SFTP service. When performing > the libssh2_session_handshake I am failing with a KEX error. > > A log from the server indicates: > > Mar 25 13:58:14 pathlabsrv sshd[4988]: fatal: no matching cipher found: > client > aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,a= rcfour,3des-cbc > > server > aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, > aes256-gcm@openssh.com,chacha20-poly1305@openssh.com > [preauth] > > And, indeed, we do not have a matching cipher. I would have expected > Windows > cryptography to be generally 'vanilla' and I would have expected Amazon t= o > support pretty much anything. From my limited experience they seem to hav= e > used Open SSH. > > Has anyone encountered this? Can anyone give me guidance? > > Wm > > -----Original Message----- > From: Daniel Stenberg > Sent: Monday, March 25, 2019 12:37 PM > To: libssh2 development > Subject: RELEASE: libssh2 1.8.2 > > Hi! > > I'm happy to announce a small update to the previous release as we manage= d > to > get a little hiccup included. Here's 1.8.2! > > Get it from https://www.libssh2.org/ as always! > > libssh2 1.8.2 > > This release includes the following bugfixes: > > o Fixed the misapplied userauth patch that broke 1.8.1 > o moved the MAX size declarations from the public header > > This release would not have looked like this without help, code, reports > and > advice from friends like these: > > Will Cosgrove > (1 contributors) > > -- > > / daniel.haxx.se > _______________________________________________ > libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel > > _______________________________________________ > libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel > --000000000000c3da8d0584fad838 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,
All ciphers provided by your client are insecure: = RC4 is insecure, CBC mode of operation is insecure, client does not provide= anything else.

GCM is not supported by libssh2. C= TR is not supported by wincng, though I think I saw some code to emulate it= on top of ECB, wonder why it didn't work for you. I can't comment = on chacha, but it may also be unimplemented in libssh2.
Regards,<= /div>
Daniel

wt., 26 mar 2019 o 00:34=C2=A0William Shipley <william@schuylerhouse.com>= napisa=C5=82(a):
rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3= des-cbc
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.= com
[preauth]

And, indeed, we do not have a matching cipher. I would have expected Window= s
cryptography to be generally 'vanilla' and I would have expected Am= azon to
support pretty much anything. From my limited experience they seem to have =
used Open SSH.

Has anyone encountered this? Can anyone give me guidance?

Wm

-----Original Message-----
From: Daniel Stenberg
Sent: Monday, March 25, 2019 12:37 PM
To: libssh2 development
Subject: RELEASE: libssh2 1.8.2

Hi!

I'm happy to announce a small update to the previous release as we mana= ged
to
get a little hiccup included. Here's 1.8.2!

Get it from https://www.libssh2.org/ as always!

libssh2 1.8.2

This release includes the following bugfixes:

=C2=A0 o Fixed the misapplied userauth patch that broke 1.8.1
=C2=A0 o moved the MAX size declarations from the public header

This release would not have looked like this without help, code, reports an= d
advice from friends like these:

=C2=A0 =C2=A0Will Cosgrove
=C2=A0 =C2=A0(1 contributors)

--

=C2=A0 / daniel.haxx.se
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bi= n/mailman/listinfo/libssh2-devel

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bi= n/mailman/listinfo/libssh2-devel
--000000000000c3da8d0584fad838-- --===============2138808004== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --===============2138808004==-- From libssh2-devel-bounces@cool.haxx.se Fri Mar 29 23:44:38 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2TMhpVB024671; Fri, 29 Mar 2019 23:44:29 +0100 Received: from gproxy4-pub.mail.unifiedlayer.com (gproxy4-pub.mail.unifiedlayer.com [69.89.23.142]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2TMhnJZ024653 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 Mar 2019 23:43:50 +0100 Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy4.mail.unifiedlayer.com (Postfix) with ESMTP id 0A3A4176AA7 for ; Fri, 29 Mar 2019 16:20:22 -0600 (MDT) Received: from just14.justhost.com ([173.254.28.14]) by cmsmtp with ESMTP id 9zrJhKpF9VLCb9zrJhpu7i; Fri, 29 Mar 2019 16:20:21 -0600 X-Authority-Reason: nr=8 X-Authority-Analysis: $(_cmae_reason Received: from [12.52.229.43] (port=59264 helo=WilliamDesk) by just14.justhost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1h9zrJ-003IuB-DF for libssh2-devel@cool.haxx.se; Fri, 29 Mar 2019 16:20:21 -0600 Message-ID: <4085848B398247BCA67719E0877AF4FF@WilliamDesk> From: "William Shipley" To: "libssh2 development" References: In-Reply-To: Subject: Re: LIBSSH2_ERROR_KEX_FAILURE Date: Fri, 29 Mar 2019 15:20:21 -0700 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3528.331 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - just14.justhost.com X-AntiAbuse: Original Domain - cool.haxx.se X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - schuylerhouse.com X-BWhitelist: no X-Source-IP: 12.52.229.43 X-Source-L: No X-Exim-ID: 1h9zrJ-003IuB-DF X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: (WilliamDesk) [12.52.229.43]:59264 X-Source-Auth: william@schuylerhouse.com X-Email-Count: 9 X-Source-Cap: c2NodXlsZTY7c2NodXlsZTY7anVzdDE0Lmp1c3Rob3N0LmNvbQ== X-Local-Domain: yes X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: multipart/mixed; boundary="===============0663659227==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This is a multi-part message in MIME format. --===============0663659227== Content-Type: multipart/alternative; boundary="----=_NextPart_000_01C3_01D4E642.ECB916D0" This is a multi-part message in MIME format. ------=_NextPart_000_01C3_01D4E642.ECB916D0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I guess my question is =E2=80=9Cwhat is the crypto backend that will = give my client the best chance of being able to connect to any unknown = SFTP server=E2=80=9D. Finding my way here, I initially built with = WinCNG since my application also supports Schannel TLS connections using = windows cryptography so I figured I already had the library loaded. And = most people should be able to connect to Windows stuff. So much for = that. Browsing various documents I get the impression that mbedtls would be a = good choice, but I want to be in the =E2=80=9Cmainstream=E2=80=9D of = libssh2 users. It would be nice to have a =E2=80=9Cfor the beginner.doc=E2=80=9D but = that=E2=80=99s one of the hardest things on any software package = =E2=80=93 documentation that doesn=E2=80=99t assume you know much about = it. William Shipley From: Daniel Jeli=C5=84ski=20 Sent: Tuesday, March 26, 2019 1:09 AM To: libssh2 development=20 Subject: Re: LIBSSH2_ERROR_KEX_FAILURE Hi,=20 All ciphers provided by your client are insecure: RC4 is insecure, CBC = mode of operation is insecure, client does not provide anything else. GCM is not supported by libssh2. CTR is not supported by wincng, though = I think I saw some code to emulate it on top of ECB, wonder why it = didn't work for you. I can't comment on chacha, but it may also be = unimplemented in libssh2. Regards, Daniel wt., 26 mar 2019 o 00:34 William Shipley = napisa=C5=82(a): I've built libssh2 with wincng and have been testing with the CrushFTP = server. All has been working smoothly. In trying to install my = software at a=20 client site, they are attempting to use AWS SFTP service. When = performing=20 the libssh2_session_handshake I am failing with a KEX error. A log from the server indicates: Mar 25 13:58:14 pathlabsrv sshd[4988]: fatal: no matching cipher = found:=20 client=20 = aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,a= rcfour,3des-cbc=20 server=20 = aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openss= h.com,chacha20-poly1305@openssh.com=20 [preauth] And, indeed, we do not have a matching cipher. I would have expected = Windows=20 cryptography to be generally 'vanilla' and I would have expected = Amazon to=20 support pretty much anything. From my limited experience they seem to = have=20 used Open SSH. Has anyone encountered this? Can anyone give me guidance? Wm -----Original Message-----=20 From: Daniel Stenberg Sent: Monday, March 25, 2019 12:37 PM To: libssh2 development Subject: RELEASE: libssh2 1.8.2 Hi! I'm happy to announce a small update to the previous release as we = managed=20 to get a little hiccup included. Here's 1.8.2! Get it from https://www.libssh2.org/ as always! libssh2 1.8.2 This release includes the following bugfixes: o Fixed the misapplied userauth patch that broke 1.8.1 o moved the MAX size declarations from the public header This release would not have looked like this without help, code, = reports and advice from friends like these: Will Cosgrove (1 contributors) --=20 / daniel.haxx.se _______________________________________________ libssh2-devel = https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel=20 _______________________________________________ libssh2-devel = https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel -------------------------------------------------------------------------= ------- _______________________________________________ libssh2-devel = https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel ------=_NextPart_000_01C3_01D4E642.ECB916D0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I guess my question is =E2=80=9Cwhat is the crypto backend that = will give my client=20 the best chance of being able to connect to any unknown SFTP = server=E2=80=9D. =20 Finding my way here, I initially built with WinCNG since my application = also=20 supports Schannel TLS connections using windows cryptography so I = figured I=20 already had the library loaded. And most people should be able to = connect to=20 Windows stuff. So much for that.

Browsing various documents I get = the=20 impression that mbedtls would be a good choice, but I want to be in the=20 =E2=80=9Cmainstream=E2=80=9D of libssh2 users.
 
It would be nice to have a =E2=80=9Cfor the beginner.doc=E2=80=9D = but that=E2=80=99s one of the=20 hardest things on any software package =E2=80=93 documentation that = doesn=E2=80=99t assume you=20 know much about it.
 
William Shipley
 
Sent: Tuesday, March 26, 2019 1:09 AM
Subject: Re: LIBSSH2_ERROR_KEX_FAILURE
 
Hi,=20
All ciphers provided by your client are insecure: RC4 is insecure, = CBC mode=20 of operation is insecure, client does not provide anything else.
 
GCM is not supported by libssh2. CTR is not supported by wincng, = though I=20 think I saw some code to emulate it on top of ECB, wonder why it didn't = work for=20 you. I can't comment on chacha, but it may also be unimplemented in=20 libssh2.
Regards,
Daniel
 
wt., 26 mar 2019 o 00:34 William = Shipley=20 <william@schuylerhouse.com> napisa=C5=82(a):
I've=20 built libssh2 with wincng and have been testing with the CrushFTP =
server.=20 All has been working smoothly. In trying to install my software at a=20
client site, they are attempting to use AWS SFTP service. When = performing=20
the libssh2_session_handshake I am failing with a KEX = error.

A log=20 from the server indicates:

Mar 25 13:58:14 pathlabsrv = sshd[4988]:=20 fatal: no matching cipher found:
client
aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arc= four128,arcfour,3des-cbc=20
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com =
[preauth]

And,=20 indeed, we do not have a matching cipher. I would have expected = Windows=20
cryptography to be generally 'vanilla' and I would have expected = Amazon to=20
support pretty much anything. From my limited experience they seem = to have=20
used Open SSH.

Has anyone encountered this? Can anyone give = me=20 guidance?

Wm

-----Original Message-----
From: Daniel = Stenberg
Sent: Monday, March 25, 2019 12:37 PM
To: libssh2=20 development
Subject: RELEASE: libssh2 1.8.2

Hi!

I'm = happy to=20 announce a small update to the previous release as we managed =
to
get a=20 little hiccup included. Here's 1.8.2!

Get it from https://www.libssh2.org/ as always!

libssh2 = 1.8.2

This release includes the following = bugfixes:

  o=20 Fixed the misapplied userauth patch that broke 1.8.1
  o moved = the MAX=20 size declarations from the public header

This release would not = have=20 looked like this without help, code, reports and
advice from = friends like=20 these:

   Will Cosgrove
   (1=20 contributors)

--

  / daniel.haxx.se
___________________________________= ____________
libssh2-devel=20 https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-dev= el=20 =

_______________________________________________
libssh2-devel = https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-dev= el

_______________________________________________
libssh2-devel=20 https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
------=_NextPart_000_01C3_01D4E642.ECB916D0-- --===============0663659227== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --===============0663659227==-- From libssh2-devel-bounces@cool.haxx.se Sat Mar 30 00:23:54 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2TNNUYU022571; Sat, 30 Mar 2019 00:23:49 +0100 Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2TNNTqO022559 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sat, 30 Mar 2019 00:23:29 +0100 Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x2TNNTYn022554 for ; Sat, 30 Mar 2019 00:23:29 +0100 X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs Date: Sat, 30 Mar 2019 00:23:29 +0100 (CET) From: Daniel Stenberg X-X-Sender: dast@giant.haxx.se To: libssh2 development Subject: Re: LIBSSH2_ERROR_KEX_FAILURE In-Reply-To: <4085848B398247BCA67719E0877AF4FF@WilliamDesk> Message-ID: References: <4085848B398247BCA67719E0877AF4FF@WilliamDesk> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) X-fromdanielhimself: yes MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="1129329158-1472655742-1553901809=:21529" X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1129329158-1472655742-1553901809=:21529 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Fri, 29 Mar 2019, William Shipley wrote: > I guess my question is “what is the crypto backend that will give my client > the best chance of being able to connect to any unknown SFTP server”. The oldest and (I guess) most tested backend is the OpenSSL one. -- / daniel.haxx.se --1129329158-1472655742-1553901809=:21529 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --1129329158-1472655742-1553901809=:21529-- From libssh2-devel-bounces@cool.haxx.se Sun Mar 31 13:24:14 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2VBNMbw007280; Sun, 31 Mar 2019 13:24:03 +0200 Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20:0:0:0:241]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2VBNJTU007250 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sun, 31 Mar 2019 13:23:19 +0200 Received: by mail-lj1-x241.google.com with SMTP id f23so5592099ljc.0 for ; Sun, 31 Mar 2019 04:23:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=YLS2tJKKnO/2CRSyoy6iH/38qI3eFgOhfz31yju3WNc=; b=W3L9pJd0RRLpZXI8kxaUOvII9whrS4sGr3PadxkvbeaK6tUBMdo0EoTQfP+gYc9RCv EO1aWQntNWf1+JX1+15IFKVj/muahiinJ2sEnXPWUsLEtpCUafRnvts9MqmUNrkhLB8M Zx8tcN7RisBhLZBq0xv3pfXaJ6f8F6QP5LPcCvwN+S+MS5T289r1Zboik/+IMdDaeIdi RfR0dQCkFqHX0c5LVEO9DLYxPNBXuh+uX/26O1DXr1ePapQBaYlxy6iCSo2pVUdF1b2N t1zGVkm8tspdGKQZSTVXpNxtVzHCfyJHexTPdMl/scN97Sjyi0vffhL1Dz+nauaPvMMs Gq3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=YLS2tJKKnO/2CRSyoy6iH/38qI3eFgOhfz31yju3WNc=; b=fERuK7YJdjvcu8pG9Bphft5aovxKvI7Rzrdt404HOFur45oSK9YP5fXv1KC2N9MYDt OznGgTz+oJt+YHVyB6W8Tb/AdfSfU6Y705HdrXtY+WT/Efchbsqpj0F8Rex7NbFo/rb/ kSJ1lPDYA64hPsrZj4fppYTHi+kdNxUDkJKdVn82OaqbweXYoTPYeUa6kkmaBwsSgNgB Ky58dPbvk80pYQ0eLoRnlzA/6aE9ayE9BY9vlif2CMt95GkQCXuvl3VlYQejdic6h5K2 zKYqTS08/NmtHKB94RKwrCxkicxmZ2LjTYUsfll1v+1v6iSfhmi+tiH/OHcFqXhUjaAo MJKQ== X-Gm-Message-State: APjAAAXfMNIu5d5J8xo39mLx0U1t9B2br4kIY+Lqv91aNJZbqGe9A2FK YzjlUTpo3aHzMNg+eRlvxb73hTue X-Google-Smtp-Source: APXvYqyPGpGydp9M4j/4yWMpwgRjHQu3tQZ4Ek0zSkPacDtWzm7oUgFFTAFG3ZfHh3JgWj/SKH9+Dw== X-Received: by 2002:a2e:7d04:: with SMTP id y4mr24709375ljc.193.1554031394946; Sun, 31 Mar 2019 04:23:14 -0700 (PDT) Received: from ?IPv6:2a00:1370:8125:1707:3e2f:a579:be49:2d8a? ([2a00:1370:8125:1707:3e2f:a579:be49:2d8a]) by smtp.googlemail.com with ESMTPSA id q17sm1253488lfb.13.2019.03.31.04.23.13 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 31 Mar 2019 04:23:14 -0700 (PDT) From: "Yuriy M. Kaminskiy" Subject: Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads To: libssh2-devel@cool.haxx.se References: Message-ID: <8cc68255-11c0-5800-dfcc-d5da595d8874@gmail.com> Date: Sun, 31 Mar 2019 14:23:12 +0300 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2VBNMbw007280 FTR, (some) problems that was addressed by this patch was (apparently independently) rediscovered 3 years later, assigned CVE-2019-38{55...63} and fixed (differently; I have not checked if fixed code covers all cases was covered by my patch). BTW, _libssh2_check_length() that is extensively used by current code is broken/incorrect; e.g. suppose buf->dataptr = buf->data, buf->len = 5, len = 0xfffffff7 then _libssh2_check_length(buf, len) will return 1; uh-doh. With obvious security implications. (No, I'm not going to compose patch to be ignored for another 3 years). On 2016-03-27 22:28 , Yuriy M. Kaminskiy wrote: > Ping? I'd like to stress out this issue has security imlications. At > very least, DoS (and this is not a standalone application, so it is not > a minor issue), and maybe host memory exposure too. (However, it is only > heap over-reads, without heap/stack over-writes, so no risk of > escalating to remote code execution). > > On 02/25/16 03:10 , Yuriy M. Kaminskiy wrote: >> "George Garner (online)" writes: >> [...] >>> 3. Where is the p_len/group_order parameter validated? In >>> kex_method_diffie_hellman_group_exchange_sha256_key_exchange it is >>> converted from network byte order and accepted at face value. What >>> happens if a malicious packet is received with a bogus value for >>> p_len? >> >> Maybe I miss something, but it looks like this defect (blindly trust >> various 32-bit length that was sent remote side and don't verify if it >> fits buffer) is *everywhere* in libssh2. I've sent some patches for >> kex.c via gh pull request, but quickly discovered it is much worse. Very >> WIP (and incomplete) patch for *other* files is attached; unfortunately, >> in most cases, I have no idea how such errors should be handled within libssh2, >> don't know libssh2 code base well enough, so I give up at this. >> >> Note that in early connection setup "malicious server" is not required, >> "malicious MITM" can insert broken packets as well. >> >> In general, please re-review all `grep ntoh -r src/`, in many cases >> surrounding code looks problematic in one way or other. >> >> >> --- >> Changelog: >> v2: fixed obvious errors >> Note: This is still NOT COMPLETE work, all XXX comment must be reviewed and acted upon. >> >> src/agent.c | 32 ++++++++-------- >> src/channel.c | 10 ++++- >> src/hostkey.c | 19 +++++++-- >> src/kex.c | 43 +++++++++++---------- >> src/packet.c | 45 +++++++++++++++++----- >> src/publickey.c | 117 +++++++++++++++++++++++++++++++++++++++++++------------- >> src/session.c | 2 + >> src/sftp.c | 42 ++++++++++++++++---- >> src/sftp.h | 1 + >> src/userauth.c | 32 ++++++++++++++++ >> 10 files changed, 260 insertions(+), 83 deletions(-) >> >> diff --git a/src/agent.c b/src/agent.c >> index c2ba422..255b63d 100644 >> --- a/src/agent.c >> +++ b/src/agent.c >> @@ -449,12 +449,12 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, >> goto error; >> } >> method_len = _libssh2_ntohu32(s); >> - s += 4; >> - len -= method_len; >> - if (len < 0) { >> + if (method_len < 0 || len < method_len) { >> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >> goto error; >> } >> + s += 4; >> + len -= method_len; >> s += method_len; >> >> /* Read the signature */ >> @@ -464,12 +464,12 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, >> goto error; >> } >> *sig_len = _libssh2_ntohu32(s); >> - s += 4; >> - len -= *sig_len; >> - if (len < 0) { >> + if ((size_t)len < *sig_len) { >> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >> goto error; >> } >> + len -= *sig_len; >> + s += 4; >> >> *sig = LIBSSH2_ALLOC(session, *sig_len); >> if (!*sig) { >> @@ -558,15 +558,15 @@ agent_list_identities(LIBSSH2_AGENT *agent) >> goto error; >> } >> identity->external.blob_len = _libssh2_ntohu32(s); >> - s += 4; >> - >> - /* Read the blob */ >> - len -= identity->external.blob_len; >> - if (len < 0) { >> + if ((size_t)len < identity->external.blob_len) { >> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >> LIBSSH2_FREE(agent->session, identity); >> goto error; >> } >> + s += 4; >> + >> + /* Read the blob */ >> + len -= identity->external.blob_len; >> >> identity->external.blob = LIBSSH2_ALLOC(agent->session, >> identity->external.blob_len); >> @@ -587,16 +587,16 @@ agent_list_identities(LIBSSH2_AGENT *agent) >> goto error; >> } >> comment_len = _libssh2_ntohu32(s); >> - s += 4; >> - >> - /* Read the comment */ >> - len -= comment_len; >> - if (len < 0) { >> + if (comment_len < 0 || len < comment_len) { >> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >> LIBSSH2_FREE(agent->session, identity->external.blob); >> LIBSSH2_FREE(agent->session, identity); >> goto error; >> } >> + s += 4; >> + >> + /* Read the comment */ >> + len -= comment_len; >> >> identity->external.comment = LIBSSH2_ALLOC(agent->session, >> comment_len + 1); >> diff --git a/src/channel.c b/src/channel.c >> index 32d914d..38572be 100644 >> --- a/src/channel.c >> +++ b/src/channel.c >> @@ -225,6 +225,7 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >> } >> >> if (session->open_state == libssh2_NB_state_sent) { >> + unsigned char *end; >> rc = _libssh2_packet_requirev(session, reply_codes, >> &session->open_data, >> &session->open_data_len, 1, >> @@ -238,7 +239,11 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >> goto channel_error; >> } >> >> + end = session->open_data + session->open_data_len; >> + >> if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_CONFIRMATION) { >> + if (13+4 > (end - session->open_data)) >> + goto channel_error; >> session->open_channel->remote.id = >> _libssh2_ntohu32(session->open_data + 5); >> session->open_channel->local.window_size = >> @@ -265,7 +270,8 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >> return session->open_channel; >> } >> >> - if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) { >> + if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE && >> + 4 <= (end - (session->open_data + 5))) { >> unsigned int reason_code = _libssh2_ntohu32(session->open_data + 5); >> switch (reason_code) { >> case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED: >> @@ -1399,6 +1405,7 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) >> >> if (((packet_type == SSH_MSG_CHANNEL_DATA) >> || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) >> + && packet->data_len >= 5 + (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA ? 4 : 0) >> && (_libssh2_ntohu32(packet->data + 1) == channel->local.id)) { >> /* It's our channel at least */ >> long packet_stream_id = >> @@ -1418,6 +1425,7 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) >> bytes_to_flush, packet_stream_id, >> channel->local.id, channel->remote.id); >> >> + /* XXX assert(packet->data_len >= 13); XXX */ >> /* It's one of the streams we wanted to flush */ >> channel->flush_refund_bytes += packet->data_len - 13; >> channel->flush_flush_bytes += bytes_to_flush; >> diff --git a/src/hostkey.c b/src/hostkey.c >> index 2a0a8f9..7b780e2 100644 >> --- a/src/hostkey.c >> +++ b/src/hostkey.c >> @@ -66,31 +66,42 @@ hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session, >> libssh2_rsa_ctx *rsactx; >> const unsigned char *s, *e, *n; >> unsigned long len, e_len, n_len; >> + const unsigned char *end = hostkey_data + hostkey_data_len; >> int ret; >> >> - (void) hostkey_data_len; >> - >> if (*abstract) { >> hostkey_method_ssh_rsa_dtor(session, abstract); >> *abstract = NULL; >> } >> >> s = hostkey_data; >> + if (4 > end - s) >> + return -1; >> len = _libssh2_ntohu32(s); >> s += 4; >> + if (len > (size_t)(end - s)) >> + return -1; >> >> if (len != 7 || strncmp((char *) s, "ssh-rsa", 7) != 0) { >> return -1; >> } >> - s += 7; >> + s += len; >> >> + if (4 > end - s) >> + return -1; >> e_len = _libssh2_ntohu32(s); >> s += 4; >> + if (e_len > (size_t)(end - s)) >> + return -1; >> >> e = s; >> s += e_len; >> + if (4 > end - s) >> + return -1; >> n_len = _libssh2_ntohu32(s); >> s += 4; >> + if (n_len > (size_t)(end - s)) >> + return -1; >> n = s; >> >> ret = _libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0, >> @@ -181,6 +192,8 @@ hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION * session, >> (void) session; >> >> /* Skip past keyname_len(4) + keyname(7){"ssh-rsa"} + signature_len(4) */ >> + if (15 > sig_len) >> + return -1; >> sig += 15; >> sig_len -= 15; >> return _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len); >> diff --git a/src/kex.c b/src/kex.c >> index 40dbeab..2381d52 100644 >> --- a/src/kex.c >> +++ b/src/kex.c >> @@ -2463,21 +2463,20 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, >> * within the given packet. >> */ >> static int kex_string_pair(unsigned char **sp, /* parsing position */ >> - unsigned char *data, /* start pointer to packet */ >> - size_t data_len, /* size of total packet */ >> + unsigned char *end, /* end of packet */ >> size_t *lenp, /* length of the string */ >> unsigned char **strp) /* pointer to string start */ >> { >> unsigned char *s = *sp; >> - *lenp = _libssh2_ntohu32(s); >> >> - /* the length of the string must fit within the current pointer and the >> - end of the packet */ >> - if (*lenp > (data_len - (s - data) -4)) >> + if (4 > end - s) >> return 1; >> - *strp = s + 4; >> - s += 4 + *lenp; >> - >> + *lenp = _libssh2_ntohu32(s); >> + s += 4; >> + if (*lenp > (size_t)(end - s)) >> + return 1; >> + *strp = s; >> + s += *lenp; >> *sp = s; >> return 0; >> } >> @@ -2493,6 +2492,10 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >> size_t kex_len, hostkey_len, crypt_cs_len, crypt_sc_len, comp_cs_len; >> size_t comp_sc_len, mac_cs_len, mac_sc_len; >> unsigned char *s = data; >> + unsigned char *end = data + data_len; >> + >> + if (1 + 16 > end - s) >> + return -1; >> >> /* Skip packet_type, we know it already */ >> s++; >> @@ -2501,21 +2504,24 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >> s += 16; >> >> /* Locate each string */ >> - if(kex_string_pair(&s, data, data_len, &kex_len, &kex)) >> + if(kex_string_pair(&s, end, &kex_len, &kex)) >> + return -1; >> + if(kex_string_pair(&s, end, &hostkey_len, &hostkey)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &hostkey_len, &hostkey)) >> + if(kex_string_pair(&s, end, &crypt_cs_len, &crypt_cs)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &crypt_cs_len, &crypt_cs)) >> + if(kex_string_pair(&s, end, &crypt_sc_len, &crypt_sc)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &crypt_sc_len, &crypt_sc)) >> + if(kex_string_pair(&s, end, &mac_cs_len, &mac_cs)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &mac_cs_len, &mac_cs)) >> + if(kex_string_pair(&s, end, &mac_sc_len, &mac_sc)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &mac_sc_len, &mac_sc)) >> + if(kex_string_pair(&s, end, &comp_cs_len, &comp_cs)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &comp_cs_len, &comp_cs)) >> + if(kex_string_pair(&s, end, &comp_sc_len, &comp_sc)) >> return -1; >> - if(kex_string_pair(&s, data, data_len, &comp_sc_len, &comp_sc)) >> + >> + if (1 > end - s) >> return -1; >> >> /* If the server sent an optimistic packet, assume that it guessed wrong. >> @@ -2524,9 +2530,6 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >> session->burn_optimistic_kexinit = *(s++); >> /* Next uint32 in packet is all zeros (reserved) */ >> >> - if (data_len < (unsigned) (s - data)) >> - return -1; /* short packet */ >> - >> if (kex_agree_kex_hostkey(session, kex, kex_len, hostkey, hostkey_len)) { >> return -1; >> } >> diff --git a/src/packet.c b/src/packet.c >> index 5f1feb8..3659daa 100644 >> --- a/src/packet.c >> +++ b/src/packet.c >> @@ -85,10 +85,12 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, >> char failure_code = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; >> int rc; >> >> - (void) datalen; >> - >> if (listen_state->state == libssh2_NB_state_idle) { >> unsigned char *s = data + (sizeof("forwarded-tcpip") - 1) + 5; >> + unsigned char *end = data + datalen; >> + if (4*4 > (end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> listen_state->sender_channel = _libssh2_ntohu32(s); >> s += 4; >> >> @@ -99,15 +101,27 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, >> >> listen_state->host_len = _libssh2_ntohu32(s); >> s += 4; >> + if (listen_state->host_len > (size_t)(end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> listen_state->host = s; >> s += listen_state->host_len; >> + if (4*2 > (end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> listen_state->port = _libssh2_ntohu32(s); >> s += 4; >> >> listen_state->shost_len = _libssh2_ntohu32(s); >> s += 4; >> + if (listen_state->shost_len > (size_t)(end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> listen_state->shost = s; >> s += listen_state->shost_len; >> + if (4 > (end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> listen_state->sport = _libssh2_ntohu32(s); >> >> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >> @@ -271,10 +285,12 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, >> LIBSSH2_CHANNEL *channel = x11open_state->channel; >> int rc; >> >> - (void) datalen; >> - >> if (x11open_state->state == libssh2_NB_state_idle) { >> unsigned char *s = data + (sizeof("x11") - 1) + 5; >> + unsigned char *end = data + datalen; >> + if (4*4 > (end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> x11open_state->sender_channel = _libssh2_ntohu32(s); >> s += 4; >> x11open_state->initial_window_size = _libssh2_ntohu32(s); >> @@ -283,8 +299,14 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, >> s += 4; >> x11open_state->shost_len = _libssh2_ntohu32(s); >> s += 4; >> + if (x11open_state->shost_len > (size_t)(end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> x11open_state->shost = s; >> s += x11open_state->shost_len; >> + if (4 > (end - s)) { >> + return 0; /* XXX ??? XXX */ >> + } >> x11open_state->sport = _libssh2_ntohu32(s); >> >> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >> @@ -807,22 +829,26 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, >> else if (len == sizeof("exit-signal") - 1 >> && !memcmp("exit-signal", data + 9, >> sizeof("exit-signal") - 1)) { >> + unsigned char *end = data + datalen; >> + unsigned char *s = data + 9 + sizeof("exit-signal"); >> /* command terminated due to signal */ >> if(datalen >= 20) >> channelp = _libssh2_channel_locate(session, channel); >> >> - if (channelp) { >> + if (channelp && end - s >= 4) { >> /* set signal name (without SIG prefix) */ >> - uint32_t namelen = >> - _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); >> + uint32_t namelen = _libssh2_ntohu32(s); >> + s += 4; >> + if (namelen > (size_t)(end - s)) >> + /* XXX ??? XXX */; >> + else { >> channelp->exit_signal = >> LIBSSH2_ALLOC(session, namelen + 1); >> if (!channelp->exit_signal) >> rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, >> "memory for signal name"); >> else { >> - memcpy(channelp->exit_signal, >> - data + 13 + sizeof("exit_signal"), namelen); >> + memcpy(channelp->exit_signal, s, namelen); >> channelp->exit_signal[namelen] = '\0'; >> /* TODO: save error message and language tag */ >> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >> @@ -832,6 +858,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, >> channelp->local.id, >> channelp->remote.id); >> } >> + } >> } >> } >> >> diff --git a/src/publickey.c b/src/publickey.c >> index bfee0a8..d19efb7 100644 >> --- a/src/publickey.c >> +++ b/src/publickey.c >> @@ -247,6 +247,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey) >> switch (response) { >> case LIBSSH2_PUBLICKEY_RESPONSE_STATUS: >> /* Error, or processing complete */ >> + if (data_len >= 4) >> { >> unsigned long status = _libssh2_ntohu32(s); >> >> @@ -258,6 +259,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey) >> publickey_status_error(pkey, session, status); >> return -1; >> } >> + /* fallthru */ >> default: >> LIBSSH2_FREE(session, data); >> if (response < 0) { >> @@ -403,6 +405,7 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >> if (session->pkeyInit_state == libssh2_NB_state_sent3) { >> while (1) { >> unsigned char *s; >> + unsigned char *end; >> rc = publickey_packet_receive(session->pkeyInit_pkey, >> &session->pkeyInit_data, >> &session->pkeyInit_data_len); >> @@ -419,6 +422,7 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >> } >> >> s = session->pkeyInit_data; >> + end = session->pkeyInit_data + session->pkeyInit_data_len; >> if ((response = >> publickey_response_id(&s, session->pkeyInit_data_len)) < 0) { >> _libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >> @@ -432,19 +436,33 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >> { >> unsigned long status, descr_len, lang_len; >> >> - status = _libssh2_ntohu32(s); >> - s += 4; >> - descr_len = _libssh2_ntohu32(s); >> - s += 4; >> - /* description starts here */ >> - s += descr_len; >> - lang_len = _libssh2_ntohu32(s); >> - s += 4; >> - /* lang starts here */ >> - s += lang_len; >> - >> - if (s > >> - session->pkeyInit_data + session->pkeyInit_data_len) { >> + if (4*2 > end - s) >> + s = NULL; >> + else { >> + status = _libssh2_ntohu32(s); >> + s += 4; >> + descr_len = _libssh2_ntohu32(s); >> + s += 4; >> + /* description starts here */ >> + if (descr_len > (size_t)(end - s)) >> + s = NULL; >> + else { >> + s += descr_len; >> + if (4 > end - s) >> + s = NULL; >> + else { >> + lang_len = _libssh2_ntohu32(s); >> + s += 4; >> + /* lang starts here */ >> + if (lang_len > (size_t)(end - s)) >> + s = NULL; >> + else >> + s += lang_len; >> + } >> + } >> + } >> + >> + if (s == NULL) { >> _libssh2_error(session, >> LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >> "Malformed publickey subsystem packet"); >> @@ -810,6 +828,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >> } >> >> while (1) { >> + unsigned char *end; >> rc = publickey_packet_receive(pkey, &pkey->listFetch_data, >> &pkey->listFetch_data_len); >> if (rc == LIBSSH2_ERROR_EAGAIN) { >> @@ -822,6 +841,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >> } >> >> pkey->listFetch_s = pkey->listFetch_data; >> + end = pkey->listFetch_data + pkey->listFetch_data_len; >> if ((response = >> publickey_response_id(&pkey->listFetch_s, >> pkey->listFetch_data_len)) < 0) { >> @@ -836,19 +856,34 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >> { >> unsigned long status, descr_len, lang_len; >> >> - status = _libssh2_ntohu32(pkey->listFetch_s); >> - pkey->listFetch_s += 4; >> - descr_len = _libssh2_ntohu32(pkey->listFetch_s); >> - pkey->listFetch_s += 4; >> - /* description starts at pkey->listFetch_s */ >> - pkey->listFetch_s += descr_len; >> - lang_len = _libssh2_ntohu32(pkey->listFetch_s); >> - pkey->listFetch_s += 4; >> - /* lang starts at pkey->listFetch_s */ >> - pkey->listFetch_s += lang_len; >> - >> - if (pkey->listFetch_s > >> - pkey->listFetch_data + pkey->listFetch_data_len) { >> + if (4*2 > end - pkey->listFetch_s) >> + pkey->listFetch_s = NULL; >> + else { >> + status = _libssh2_ntohu32(pkey->listFetch_s); >> + pkey->listFetch_s += 4; >> + descr_len = _libssh2_ntohu32(pkey->listFetch_s); >> + pkey->listFetch_s += 4; >> + if (descr_len > (size_t)(end - pkey->listFetch_s)) >> + pkey->listFetch_s = NULL; >> + else { >> + /* description starts at pkey->listFetch_s */ >> + pkey->listFetch_s += descr_len; >> + if (4 > end - pkey->listFetch_s) >> + pkey->listFetch_s = NULL; >> + else { >> + lang_len = _libssh2_ntohu32(pkey->listFetch_s); >> + pkey->listFetch_s += 4; >> + if (lang_len > (size_t)(end - pkey->listFetch_s)) >> + pkey->listFetch_s = NULL; >> + else { >> + /* lang starts at pkey->listFetch_s */ >> + pkey->listFetch_s += lang_len; >> + } >> + } >> + } >> + } >> + >> + if (pkey->listFetch_s == NULL) { >> _libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >> "Malformed publickey subsystem packet"); >> goto err_exit; >> @@ -887,8 +922,12 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >> if (pkey->version == 1) { >> unsigned long comment_len; >> >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> comment_len = _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (comment_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> if (comment_len) { >> list[keys].num_attrs = 1; >> list[keys].attrs = >> @@ -911,24 +950,42 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >> list[keys].num_attrs = 0; >> list[keys].attrs = NULL; >> } >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].name_len = _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (list[keys].name_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> list[keys].name = pkey->listFetch_s; >> pkey->listFetch_s += list[keys].name_len; >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].blob_len = _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (list[keys].blob_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> list[keys].blob = pkey->listFetch_s; >> pkey->listFetch_s += list[keys].blob_len; >> } else { >> /* Version == 2 */ >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].name_len = _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (list[keys].name_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> list[keys].name = pkey->listFetch_s; >> pkey->listFetch_s += list[keys].name_len; >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].blob_len = _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (list[keys].blob_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> list[keys].blob = pkey->listFetch_s; >> pkey->listFetch_s += list[keys].blob_len; >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].num_attrs = _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> if (list[keys].num_attrs) { >> @@ -943,14 +1000,22 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >> goto err_exit; >> } >> for(i = 0; i < list[keys].num_attrs; i++) { >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].attrs[i].name_len = >> _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (list[keys].attrs[i].name_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> list[keys].attrs[i].name = (char *) pkey->listFetch_s; >> pkey->listFetch_s += list[keys].attrs[i].name_len; >> + if (4 > end - pkey->listFetch_s) >> + goto err_exit; >> list[keys].attrs[i].value_len = >> _libssh2_ntohu32(pkey->listFetch_s); >> pkey->listFetch_s += 4; >> + if (list[keys].attrs[i].value_len > (size_t)(end - pkey->listFetch_s)) >> + goto err_exit; >> list[keys].attrs[i].value = (char *) pkey->listFetch_s; >> pkey->listFetch_s += list[keys].attrs[i].value_len; >> >> diff --git a/src/session.c b/src/session.c >> index 06e61dd..ba1bad5 100644 >> --- a/src/session.c >> +++ b/src/session.c >> @@ -763,6 +763,7 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) >> return rc; >> >> session->startup_service_length = >> + (5 > session->startup_data_len) ? 0 : >> _libssh2_ntohu32(session->startup_data + 1); >> >> if ((session->startup_service_length != (sizeof("ssh-userauth") - 1)) >> @@ -1410,6 +1411,7 @@ libssh2_poll_channel_read(LIBSSH2_CHANNEL *channel, int extended) >> packet = _libssh2_list_first(&session->packets); >> >> while (packet) { >> + /* XXX assert(packet->data_len >= 5) XXX */ >> if ( channel->local.id == _libssh2_ntohu32(packet->data + 1)) { >> if ( extended == 1 && >> (packet->data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA >> diff --git a/src/sftp.c b/src/sftp.c >> index c142713..ad38638 100644 >> --- a/src/sftp.c >> +++ b/src/sftp.c >> @@ -249,6 +249,7 @@ sftp_packet_add(LIBSSH2_SFTP *sftp, unsigned char *data, >> "Out of sync with the world"); >> } >> >> + /* XXX ??? assert(data_len >= 5); XXX */ >> request_id = _libssh2_ntohu32(&data[1]); >> >> _libssh2_debug(session, LIBSSH2_TRACE_SFTP, "Received packet id %d", >> @@ -635,21 +636,25 @@ sftp_attr2bin(unsigned char *p, const LIBSSH2_SFTP_ATTRIBUTES * attrs) >> >> /* sftp_bin2attr >> */ >> -static int >> -sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) >> +static const unsigned char * >> +sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *s, const unsigned char *end) >> { >> - const unsigned char *s = p; >> - >> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >> + if (4 < end - p) >> + return NULL; >> attrs->flags = _libssh2_ntohu32(s); >> s += 4; >> >> if (attrs->flags & LIBSSH2_SFTP_ATTR_SIZE) { >> + if (8 < end - p) >> + return NULL; >> attrs->filesize = _libssh2_ntohu64(s); >> s += 8; >> } >> >> if (attrs->flags & LIBSSH2_SFTP_ATTR_UIDGID) { >> + if (4*2 < end - p) >> + return NULL; >> attrs->uid = _libssh2_ntohu32(s); >> s += 4; >> attrs->gid = _libssh2_ntohu32(s); >> @@ -657,18 +662,22 @@ sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) >> } >> >> if (attrs->flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) { >> + if (4 < end - p) >> + return NULL; >> attrs->permissions = _libssh2_ntohu32(s); >> s += 4; >> } >> >> if (attrs->flags & LIBSSH2_SFTP_ATTR_ACMODTIME) { >> + if (4*2 < end - p) >> + return NULL; >> attrs->atime = _libssh2_ntohu32(s); >> s += 4; >> attrs->mtime = _libssh2_ntohu32(s); >> s += 4; >> } >> >> - return (s - p); >> + return s; >> } >> >> /* ************ >> @@ -1698,7 +1707,7 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer, >> if (attrs) >> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >> >> - s += sftp_bin2attr(attrs ? attrs : &attrs_dummy, s); >> + s = sftp_bin2attr(attrs ? attrs : &attrs_dummy, s, handle->u.dir.names_end); >> >> handle->u.dir.next_name = (char *) s; >> end: >> @@ -1789,6 +1798,7 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer, >> >> handle->u.dir.names_left = num_names; >> handle->u.dir.names_packet = data; >> + handle->u.dir.names_end = data + data_len; >> handle->u.dir.next_name = (char *) data + 9; >> >> /* use the name popping mechanism from the start of the function */ >> @@ -2252,7 +2262,7 @@ static int sftp_fstat(LIBSSH2_SFTP_HANDLE *handle, >> } >> } >> >> - sftp_bin2attr(attrs, data + 5); >> + sftp_bin2attr(attrs, data + 5, data + data_len); >> LIBSSH2_FREE(session, data); >> >> return 0; >> @@ -2559,6 +2569,7 @@ static int sftp_unlink(LIBSSH2_SFTP *sftp, const char *filename, >> >> sftp->unlink_state = libssh2_NB_state_idle; >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> retcode = _libssh2_ntohu32(data + 5); >> LIBSSH2_FREE(session, data); >> >> @@ -2669,6 +2680,7 @@ static int sftp_rename(LIBSSH2_SFTP *sftp, const char *source_filename, >> >> sftp->rename_state = libssh2_NB_state_idle; >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> retcode = _libssh2_ntohu32(data + 5); >> LIBSSH2_FREE(session, data); >> >> @@ -2793,6 +2805,7 @@ static int sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, LIBSSH2_SFTP_STATVFS *st) >> "Error waiting for FXP EXTENDED REPLY"); >> } >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> if (data[0] == SSH_FXP_STATUS) { >> int retcode = _libssh2_ntohu32(data + 5); >> sftp->fstatvfs_state = libssh2_NB_state_idle; >> @@ -2919,6 +2932,7 @@ static int sftp_statvfs(LIBSSH2_SFTP *sftp, const char *path, >> "Error waiting for FXP EXTENDED REPLY"); >> } >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> if (data[0] == SSH_FXP_STATUS) { >> int retcode = _libssh2_ntohu32(data + 5); >> sftp->statvfs_state = libssh2_NB_state_idle; >> @@ -3051,6 +3065,7 @@ static int sftp_mkdir(LIBSSH2_SFTP *sftp, const char *path, >> >> sftp->mkdir_state = libssh2_NB_state_idle; >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> retcode = _libssh2_ntohu32(data + 5); >> LIBSSH2_FREE(session, data); >> >> @@ -3145,6 +3160,7 @@ static int sftp_rmdir(LIBSSH2_SFTP *sftp, const char *path, >> >> sftp->rmdir_state = libssh2_NB_state_idle; >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> retcode = _libssh2_ntohu32(data + 5); >> LIBSSH2_FREE(session, data); >> >> @@ -3188,6 +3204,7 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >> ((stat_type == >> LIBSSH2_SFTP_SETSTAT) ? sftp_attrsize(attrs->flags) : 0); >> unsigned char *s, *data; >> + unsigned char *data_end; >> static const unsigned char stat_responses[2] = >> { SSH_FXP_ATTRS, SSH_FXP_STATUS }; >> int rc; >> @@ -3258,6 +3275,8 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >> >> sftp->stat_state = libssh2_NB_state_idle; >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> + >> if (data[0] == SSH_FXP_STATUS) { >> int retcode; >> >> @@ -3273,7 +3292,7 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >> } >> >> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >> - sftp_bin2attr(attrs, data + 5); >> + sftp_bin2attr(attrs, data + 5, data + data_len); >> LIBSSH2_FREE(session, data); >> >> return 0; >> @@ -3389,6 +3408,8 @@ static int sftp_symlink(LIBSSH2_SFTP *sftp, const char *path, >> >> sftp->symlink_state = libssh2_NB_state_idle; >> >> + /* XXX ??? assert(data_len >= 5+4); XXX */ >> + >> if (data[0] == SSH_FXP_STATUS) { >> int retcode; >> >> @@ -3410,8 +3431,13 @@ static int sftp_symlink(LIBSSH2_SFTP *sftp, const char *path, >> "no name entries"); >> } >> >> + /* XXX ??? assert(data_len >= 5+4*2); XXX */ >> + >> /* this reads a u32 and stores it into a signed 32bit value */ >> link_len = _libssh2_ntohu32(data + 9); >> + >> + /* XXX ??? assert(data_len-(5+4*2) >= link_len); XXX */ >> + >> if (link_len < target_len) { >> memcpy(target, data + 13, link_len); >> target[link_len] = 0; >> diff --git a/src/sftp.h b/src/sftp.h >> index 2ed32ce..91fc0a7 100644 >> --- a/src/sftp.h >> +++ b/src/sftp.h >> @@ -122,6 +122,7 @@ struct _LIBSSH2_SFTP_HANDLE >> uint32_t names_left; >> void *names_packet; >> char *next_name; >> + char *names_end; >> } dir; >> } u; >> >> diff --git a/src/userauth.c b/src/userauth.c >> index cdfa25e..c799a40 100644 >> --- a/src/userauth.c >> +++ b/src/userauth.c >> @@ -69,6 +69,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, >> service(14)"ssh-connection" + method_len(4) = 27 */ >> unsigned long methods_len; >> unsigned char *s; >> + unsigned char *end; >> int rc; >> >> if (session->userauth_list_state == libssh2_NB_state_idle) { >> @@ -143,7 +144,18 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, >> return NULL; >> } >> >> + if (5 > session->userauth_list_data_len) { >> + /* XXX ??? XXX */ >> +userauth_packet_overrun: >> + LIBSSH2_FREE(session, session->userauth_list_data); >> + session->userauth_list_data = NULL; >> + session->userauth_list_state = libssh2_NB_state_idle; >> + return NULL; >> + } >> methods_len = _libssh2_ntohu32(session->userauth_list_data + 1); >> + if (methods_len > session->userauth_list_data_len - 5) { >> + goto userauth_packet_overrun; >> + } >> >> /* Do note that the memory areas overlap! */ >> memmove(session->userauth_list_data, session->userauth_list_data + 5, >> @@ -1561,6 +1573,7 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >> LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback))) >> { >> unsigned char *s; >> + unsigned char *end; >> int rc; >> >> static const unsigned char reply_codes[4] = { >> @@ -1685,10 +1698,15 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >> >> /* server requested PAM-like conversation */ >> s = session->userauth_kybd_data + 1; >> + end = session->userauth_kybd_data + session->userauth_kybd_data_len; >> >> /* string name (ISO-10646 UTF-8) */ >> + if (4 > end - s) >> + goto cleanup; /* XXX ??? XXX */ >> session->userauth_kybd_auth_name_len = _libssh2_ntohu32(s); >> s += 4; >> + if (session->userauth_kybd_auth_name_len > (size_t)(end - s)) >> + goto cleanup; /* XXX ??? XXX */ >> if(session->userauth_kybd_auth_name_len) { >> session->userauth_kybd_auth_name = >> LIBSSH2_ALLOC(session, >> @@ -1706,8 +1724,12 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >> } >> >> /* string instruction (ISO-10646 UTF-8) */ >> + if (4 > end - s) >> + goto cleanup; /* XXX ??? XXX */ >> session->userauth_kybd_auth_instruction_len = _libssh2_ntohu32(s); >> s += 4; >> + if (session->userauth_kybd_auth_instruction_len > (size_t)(end - s)) >> + goto cleanup; /* XXX ??? XXX */ >> if(session->userauth_kybd_auth_instruction_len) { >> session->userauth_kybd_auth_instruction = >> LIBSSH2_ALLOC(session, >> @@ -1725,13 +1747,19 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >> } >> >> /* string language tag (as defined in [RFC-3066]) */ >> + if (4 > end - s) >> + goto cleanup; /* XXX ??? XXX */ >> language_tag_len = _libssh2_ntohu32(s); >> s += 4; >> + if (language_tag_len > (size_t)(end - s)) >> + goto cleanup; /* XXX ??? XXX */ >> >> /* ignoring this field as deprecated */ >> s += language_tag_len; >> >> /* int num-prompts */ >> + if (4 > end - s) >> + goto cleanup; /* XXX ??? XXX */ >> session->userauth_kybd_num_prompts = _libssh2_ntohu32(s); >> s += 4; >> >> @@ -1760,9 +1788,13 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >> >> for(i = 0; i < session->userauth_kybd_num_prompts; i++) { >> /* string prompt[1] (ISO-10646 UTF-8) */ >> + if (4 > end - s) >> + goto cleanup; /* XXX ??? XXX */ >> session->userauth_kybd_prompts[i].length = >> _libssh2_ntohu32(s); >> s += 4; >> + if (session->userauth_kybd_prompts[i].length > (size_t)(end - s)) >> + goto cleanup; /* XXX ??? XXX */ >> session->userauth_kybd_prompts[i].text = >> LIBSSH2_CALLOC(session, >> session->userauth_kybd_prompts[i].length); _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 31 20:23:54 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2VIMxuh020592; Sun, 31 Mar 2019 20:23:37 +0200 Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20:0:0:0:241]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2VIMvo5020532 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sun, 31 Mar 2019 20:22:57 +0200 Received: by mail-lj1-x241.google.com with SMTP id q66so6066642ljq.7 for ; Sun, 31 Mar 2019 11:22:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=Rchmq6vsdwG3Ypp1vyW0uFDbeFDRdQFns19H8oTO7JM=; b=j5rGGPiYPNUV2oWCEgqDMcg289WFPA38BIaXVTGlcuR2BjMS0stJToB+nEMopor0ya /6GMalZHNu3MeQ3tQqQcrWetxA9XyicGt/TtAjWm4Y/b13VqvqWPYMU9yozQQwHFVQ1d uKWG7QUnW8MERZkAVl7/NpFjpt+bsR1fThrRlTwsQeCGYB2jqd98eYYEOR7UDTePI+6L RRhchcmzI4Tc9xxZD3/WMcWkMy9ypSlLqqEIVFd/Zj8FIZ/ch7OCy9Zw7GYv0ZprJ2D/ TxrZKRrmQcInLr+06qOULfpCblqEFS/yl3sGIhKlp5lwziwboB6HzS2IIxpj2+L+c0K6 ObyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Rchmq6vsdwG3Ypp1vyW0uFDbeFDRdQFns19H8oTO7JM=; b=T1W0Ld0FUjHe39LmWJP2HXkCn82ROW8fdKLrrI82moeOYhjIpJHq+qhAmqhQkGYE/B Rs6xb8NhKHnC2zuqEdaEt+WuGym5hEtXkHZvKc6Rh7YVntRKJRtf7lBM4ef5eWOJJMvP meg9k9h9DXGVswh+Ia/Xfacth/NtH5GYOyDYIZ9DFaJC/QBnldO+iZSVNuocmudA+gH/ C/j+af9+UjjnITCLqgBPl1CNoyZz2CQwju+nkH+gwiWspHfAAPiMpPLfGxUp/fvpfbQm iwEoZ6ofCpr+h6T9mA9a+FkYaz6qDWqC3VV+Wj3jpz8+dbZzEaqLwUvC8+/RoHclA5r+ N+zA== X-Gm-Message-State: APjAAAU0A0YWb/yTaX4EBhhVUfDD81y6iYI8Uv7jHIxLwJfuX3uDkaTf GhUQa/picpBvg15zrob2hC4MuyjA X-Google-Smtp-Source: APXvYqyeQp900TuIbpI4opoKWHYSc7OYyozjnuAzbemecuNndk5biN+zjv8u2AQZf+PGWmeP0zD1AQ== X-Received: by 2002:a2e:128a:: with SMTP id 10mr35509493ljs.170.1554056572667; Sun, 31 Mar 2019 11:22:52 -0700 (PDT) Received: from ?IPv6:2a00:1370:8125:1707:3e2f:a579:be49:2d8a? ([2a00:1370:8125:1707:3e2f:a579:be49:2d8a]) by smtp.googlemail.com with ESMTPSA id j27sm1413768lfk.97.2019.03.31.11.22.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 31 Mar 2019 11:22:52 -0700 (PDT) Subject: Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads From: "Yuriy M. Kaminskiy" To: libssh2-devel@cool.haxx.se References: <8cc68255-11c0-5800-dfcc-d5da595d8874@gmail.com> Message-ID: Date: Sun, 31 Mar 2019 21:22:50 +0300 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <8cc68255-11c0-5800-dfcc-d5da595d8874@gmail.com> Content-Language: en-US X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2VIMxuh020592 On 31.03.2019 14:23, Yuriy M. Kaminskiy wrote: > FTR, (some) problems that was addressed by this patch was (apparently > independently) rediscovered 3 years later, assigned CVE-2019-38{55...63} > and fixed (differently; I have not checked if fixed code covers all > cases was covered by my patch). > > BTW, _libssh2_check_length() that is extensively used by current code is > broken/incorrect; e.g. suppose > > buf->dataptr = buf->data, buf->len = 5, len = 0xfffffff7 > > then _libssh2_check_length(buf, len) will return 1; uh-doh. > > With obvious security implications. > > (No, I'm not going to compose patch to be ignored for another 3 years). Ah, yeah, forgot to look at 1.8.x branch. No _check_length there, but other problematic code present instead: uint32_t len = _libssh2_ntohu32(data + 5); ... if((len + 9) < datalen) Broken when len > UINT32_MAX - 9. if(datalen >= 9) { message_len = _libssh2_ntohu32(data + 5); if(message_len < datalen-13) { Broken when datalen >= 9 && datalen < 13 (and there are more similar code). etc. > On 2016-03-27 22:28 , Yuriy M. Kaminskiy wrote: >> Ping? I'd like to stress out this issue has security imlications. At >> very least, DoS (and this is not a standalone application, so it is not >> a minor issue), and maybe host memory exposure too. (However, it is only >> heap over-reads, without heap/stack over-writes, so no risk of >> escalating to remote code execution). >> >> On 02/25/16 03:10 , Yuriy M. Kaminskiy wrote: >>> "George Garner (online)" writes: >>> [...] >>>> 3. Where is the p_len/group_order parameter validated? In >>>> kex_method_diffie_hellman_group_exchange_sha256_key_exchange it is >>>> converted from network byte order and accepted at face value. What >>>> happens if a malicious packet is received with a bogus value for >>>> p_len? >>> >>> Maybe I miss something, but it looks like this defect (blindly trust >>> various 32-bit length that was sent remote side and don't verify if it >>> fits buffer) is *everywhere* in libssh2. I've sent some patches for >>> kex.c via gh pull request, but quickly discovered it is much worse. Very >>> WIP (and incomplete) patch for *other* files is attached; unfortunately, >>> in most cases, I have no idea how such errors should be handled within libssh2, >>> don't know libssh2 code base well enough, so I give up at this. >>> >>> Note that in early connection setup "malicious server" is not required, >>> "malicious MITM" can insert broken packets as well. >>> >>> In general, please re-review all `grep ntoh -r src/`, in many cases >>> surrounding code looks problematic in one way or other. >>> >>> >>> --- >>> Changelog: >>> v2: fixed obvious errors >>> Note: This is still NOT COMPLETE work, all XXX comment must be reviewed and acted upon. >>> >>> src/agent.c | 32 ++++++++-------- >>> src/channel.c | 10 ++++- >>> src/hostkey.c | 19 +++++++-- >>> src/kex.c | 43 +++++++++++---------- >>> src/packet.c | 45 +++++++++++++++++----- >>> src/publickey.c | 117 +++++++++++++++++++++++++++++++++++++++++++------------- >>> src/session.c | 2 + >>> src/sftp.c | 42 ++++++++++++++++---- >>> src/sftp.h | 1 + >>> src/userauth.c | 32 ++++++++++++++++ >>> 10 files changed, 260 insertions(+), 83 deletions(-) >>> >>> diff --git a/src/agent.c b/src/agent.c >>> index c2ba422..255b63d 100644 >>> --- a/src/agent.c >>> +++ b/src/agent.c >>> @@ -449,12 +449,12 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, >>> goto error; >>> } >>> method_len = _libssh2_ntohu32(s); >>> - s += 4; >>> - len -= method_len; >>> - if (len < 0) { >>> + if (method_len < 0 || len < method_len) { >>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>> goto error; >>> } >>> + s += 4; >>> + len -= method_len; >>> s += method_len; >>> >>> /* Read the signature */ >>> @@ -464,12 +464,12 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, >>> goto error; >>> } >>> *sig_len = _libssh2_ntohu32(s); >>> - s += 4; >>> - len -= *sig_len; >>> - if (len < 0) { >>> + if ((size_t)len < *sig_len) { >>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>> goto error; >>> } >>> + len -= *sig_len; >>> + s += 4; >>> >>> *sig = LIBSSH2_ALLOC(session, *sig_len); >>> if (!*sig) { >>> @@ -558,15 +558,15 @@ agent_list_identities(LIBSSH2_AGENT *agent) >>> goto error; >>> } >>> identity->external.blob_len = _libssh2_ntohu32(s); >>> - s += 4; >>> - >>> - /* Read the blob */ >>> - len -= identity->external.blob_len; >>> - if (len < 0) { >>> + if ((size_t)len < identity->external.blob_len) { >>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>> LIBSSH2_FREE(agent->session, identity); >>> goto error; >>> } >>> + s += 4; >>> + >>> + /* Read the blob */ >>> + len -= identity->external.blob_len; >>> >>> identity->external.blob = LIBSSH2_ALLOC(agent->session, >>> identity->external.blob_len); >>> @@ -587,16 +587,16 @@ agent_list_identities(LIBSSH2_AGENT *agent) >>> goto error; >>> } >>> comment_len = _libssh2_ntohu32(s); >>> - s += 4; >>> - >>> - /* Read the comment */ >>> - len -= comment_len; >>> - if (len < 0) { >>> + if (comment_len < 0 || len < comment_len) { >>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>> LIBSSH2_FREE(agent->session, identity->external.blob); >>> LIBSSH2_FREE(agent->session, identity); >>> goto error; >>> } >>> + s += 4; >>> + >>> + /* Read the comment */ >>> + len -= comment_len; >>> >>> identity->external.comment = LIBSSH2_ALLOC(agent->session, >>> comment_len + 1); >>> diff --git a/src/channel.c b/src/channel.c >>> index 32d914d..38572be 100644 >>> --- a/src/channel.c >>> +++ b/src/channel.c >>> @@ -225,6 +225,7 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >>> } >>> >>> if (session->open_state == libssh2_NB_state_sent) { >>> + unsigned char *end; >>> rc = _libssh2_packet_requirev(session, reply_codes, >>> &session->open_data, >>> &session->open_data_len, 1, >>> @@ -238,7 +239,11 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >>> goto channel_error; >>> } >>> >>> + end = session->open_data + session->open_data_len; >>> + >>> if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_CONFIRMATION) { >>> + if (13+4 > (end - session->open_data)) >>> + goto channel_error; >>> session->open_channel->remote.id = >>> _libssh2_ntohu32(session->open_data + 5); >>> session->open_channel->local.window_size = >>> @@ -265,7 +270,8 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >>> return session->open_channel; >>> } >>> >>> - if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) { >>> + if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE && >>> + 4 <= (end - (session->open_data + 5))) { >>> unsigned int reason_code = _libssh2_ntohu32(session->open_data + 5); >>> switch (reason_code) { >>> case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED: >>> @@ -1399,6 +1405,7 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) >>> >>> if (((packet_type == SSH_MSG_CHANNEL_DATA) >>> || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) >>> + && packet->data_len >= 5 + (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA ? 4 : 0) >>> && (_libssh2_ntohu32(packet->data + 1) == channel->local.id)) { >>> /* It's our channel at least */ >>> long packet_stream_id = >>> @@ -1418,6 +1425,7 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) >>> bytes_to_flush, packet_stream_id, >>> channel->local.id, channel->remote.id); >>> >>> + /* XXX assert(packet->data_len >= 13); XXX */ >>> /* It's one of the streams we wanted to flush */ >>> channel->flush_refund_bytes += packet->data_len - 13; >>> channel->flush_flush_bytes += bytes_to_flush; >>> diff --git a/src/hostkey.c b/src/hostkey.c >>> index 2a0a8f9..7b780e2 100644 >>> --- a/src/hostkey.c >>> +++ b/src/hostkey.c >>> @@ -66,31 +66,42 @@ hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session, >>> libssh2_rsa_ctx *rsactx; >>> const unsigned char *s, *e, *n; >>> unsigned long len, e_len, n_len; >>> + const unsigned char *end = hostkey_data + hostkey_data_len; >>> int ret; >>> >>> - (void) hostkey_data_len; >>> - >>> if (*abstract) { >>> hostkey_method_ssh_rsa_dtor(session, abstract); >>> *abstract = NULL; >>> } >>> >>> s = hostkey_data; >>> + if (4 > end - s) >>> + return -1; >>> len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (len > (size_t)(end - s)) >>> + return -1; >>> >>> if (len != 7 || strncmp((char *) s, "ssh-rsa", 7) != 0) { >>> return -1; >>> } >>> - s += 7; >>> + s += len; >>> >>> + if (4 > end - s) >>> + return -1; >>> e_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (e_len > (size_t)(end - s)) >>> + return -1; >>> >>> e = s; >>> s += e_len; >>> + if (4 > end - s) >>> + return -1; >>> n_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (n_len > (size_t)(end - s)) >>> + return -1; >>> n = s; >>> >>> ret = _libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0, >>> @@ -181,6 +192,8 @@ hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION * session, >>> (void) session; >>> >>> /* Skip past keyname_len(4) + keyname(7){"ssh-rsa"} + signature_len(4) */ >>> + if (15 > sig_len) >>> + return -1; >>> sig += 15; >>> sig_len -= 15; >>> return _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len); >>> diff --git a/src/kex.c b/src/kex.c >>> index 40dbeab..2381d52 100644 >>> --- a/src/kex.c >>> +++ b/src/kex.c >>> @@ -2463,21 +2463,20 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, >>> * within the given packet. >>> */ >>> static int kex_string_pair(unsigned char **sp, /* parsing position */ >>> - unsigned char *data, /* start pointer to packet */ >>> - size_t data_len, /* size of total packet */ >>> + unsigned char *end, /* end of packet */ >>> size_t *lenp, /* length of the string */ >>> unsigned char **strp) /* pointer to string start */ >>> { >>> unsigned char *s = *sp; >>> - *lenp = _libssh2_ntohu32(s); >>> >>> - /* the length of the string must fit within the current pointer and the >>> - end of the packet */ >>> - if (*lenp > (data_len - (s - data) -4)) >>> + if (4 > end - s) >>> return 1; >>> - *strp = s + 4; >>> - s += 4 + *lenp; >>> - >>> + *lenp = _libssh2_ntohu32(s); >>> + s += 4; >>> + if (*lenp > (size_t)(end - s)) >>> + return 1; >>> + *strp = s; >>> + s += *lenp; >>> *sp = s; >>> return 0; >>> } >>> @@ -2493,6 +2492,10 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >>> size_t kex_len, hostkey_len, crypt_cs_len, crypt_sc_len, comp_cs_len; >>> size_t comp_sc_len, mac_cs_len, mac_sc_len; >>> unsigned char *s = data; >>> + unsigned char *end = data + data_len; >>> + >>> + if (1 + 16 > end - s) >>> + return -1; >>> >>> /* Skip packet_type, we know it already */ >>> s++; >>> @@ -2501,21 +2504,24 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >>> s += 16; >>> >>> /* Locate each string */ >>> - if(kex_string_pair(&s, data, data_len, &kex_len, &kex)) >>> + if(kex_string_pair(&s, end, &kex_len, &kex)) >>> + return -1; >>> + if(kex_string_pair(&s, end, &hostkey_len, &hostkey)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &hostkey_len, &hostkey)) >>> + if(kex_string_pair(&s, end, &crypt_cs_len, &crypt_cs)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &crypt_cs_len, &crypt_cs)) >>> + if(kex_string_pair(&s, end, &crypt_sc_len, &crypt_sc)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &crypt_sc_len, &crypt_sc)) >>> + if(kex_string_pair(&s, end, &mac_cs_len, &mac_cs)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &mac_cs_len, &mac_cs)) >>> + if(kex_string_pair(&s, end, &mac_sc_len, &mac_sc)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &mac_sc_len, &mac_sc)) >>> + if(kex_string_pair(&s, end, &comp_cs_len, &comp_cs)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &comp_cs_len, &comp_cs)) >>> + if(kex_string_pair(&s, end, &comp_sc_len, &comp_sc)) >>> return -1; >>> - if(kex_string_pair(&s, data, data_len, &comp_sc_len, &comp_sc)) >>> + >>> + if (1 > end - s) >>> return -1; >>> >>> /* If the server sent an optimistic packet, assume that it guessed wrong. >>> @@ -2524,9 +2530,6 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >>> session->burn_optimistic_kexinit = *(s++); >>> /* Next uint32 in packet is all zeros (reserved) */ >>> >>> - if (data_len < (unsigned) (s - data)) >>> - return -1; /* short packet */ >>> - >>> if (kex_agree_kex_hostkey(session, kex, kex_len, hostkey, hostkey_len)) { >>> return -1; >>> } >>> diff --git a/src/packet.c b/src/packet.c >>> index 5f1feb8..3659daa 100644 >>> --- a/src/packet.c >>> +++ b/src/packet.c >>> @@ -85,10 +85,12 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, >>> char failure_code = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; >>> int rc; >>> >>> - (void) datalen; >>> - >>> if (listen_state->state == libssh2_NB_state_idle) { >>> unsigned char *s = data + (sizeof("forwarded-tcpip") - 1) + 5; >>> + unsigned char *end = data + datalen; >>> + if (4*4 > (end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> listen_state->sender_channel = _libssh2_ntohu32(s); >>> s += 4; >>> >>> @@ -99,15 +101,27 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, >>> >>> listen_state->host_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (listen_state->host_len > (size_t)(end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> listen_state->host = s; >>> s += listen_state->host_len; >>> + if (4*2 > (end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> listen_state->port = _libssh2_ntohu32(s); >>> s += 4; >>> >>> listen_state->shost_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (listen_state->shost_len > (size_t)(end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> listen_state->shost = s; >>> s += listen_state->shost_len; >>> + if (4 > (end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> listen_state->sport = _libssh2_ntohu32(s); >>> >>> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >>> @@ -271,10 +285,12 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, >>> LIBSSH2_CHANNEL *channel = x11open_state->channel; >>> int rc; >>> >>> - (void) datalen; >>> - >>> if (x11open_state->state == libssh2_NB_state_idle) { >>> unsigned char *s = data + (sizeof("x11") - 1) + 5; >>> + unsigned char *end = data + datalen; >>> + if (4*4 > (end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> x11open_state->sender_channel = _libssh2_ntohu32(s); >>> s += 4; >>> x11open_state->initial_window_size = _libssh2_ntohu32(s); >>> @@ -283,8 +299,14 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, >>> s += 4; >>> x11open_state->shost_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (x11open_state->shost_len > (size_t)(end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> x11open_state->shost = s; >>> s += x11open_state->shost_len; >>> + if (4 > (end - s)) { >>> + return 0; /* XXX ??? XXX */ >>> + } >>> x11open_state->sport = _libssh2_ntohu32(s); >>> >>> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >>> @@ -807,22 +829,26 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, >>> else if (len == sizeof("exit-signal") - 1 >>> && !memcmp("exit-signal", data + 9, >>> sizeof("exit-signal") - 1)) { >>> + unsigned char *end = data + datalen; >>> + unsigned char *s = data + 9 + sizeof("exit-signal"); >>> /* command terminated due to signal */ >>> if(datalen >= 20) >>> channelp = _libssh2_channel_locate(session, channel); >>> >>> - if (channelp) { >>> + if (channelp && end - s >= 4) { >>> /* set signal name (without SIG prefix) */ >>> - uint32_t namelen = >>> - _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); >>> + uint32_t namelen = _libssh2_ntohu32(s); >>> + s += 4; >>> + if (namelen > (size_t)(end - s)) >>> + /* XXX ??? XXX */; >>> + else { >>> channelp->exit_signal = >>> LIBSSH2_ALLOC(session, namelen + 1); >>> if (!channelp->exit_signal) >>> rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, >>> "memory for signal name"); >>> else { >>> - memcpy(channelp->exit_signal, >>> - data + 13 + sizeof("exit_signal"), namelen); >>> + memcpy(channelp->exit_signal, s, namelen); >>> channelp->exit_signal[namelen] = '\0'; >>> /* TODO: save error message and language tag */ >>> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >>> @@ -832,6 +858,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, >>> channelp->local.id, >>> channelp->remote.id); >>> } >>> + } >>> } >>> } >>> >>> diff --git a/src/publickey.c b/src/publickey.c >>> index bfee0a8..d19efb7 100644 >>> --- a/src/publickey.c >>> +++ b/src/publickey.c >>> @@ -247,6 +247,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey) >>> switch (response) { >>> case LIBSSH2_PUBLICKEY_RESPONSE_STATUS: >>> /* Error, or processing complete */ >>> + if (data_len >= 4) >>> { >>> unsigned long status = _libssh2_ntohu32(s); >>> >>> @@ -258,6 +259,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey) >>> publickey_status_error(pkey, session, status); >>> return -1; >>> } >>> + /* fallthru */ >>> default: >>> LIBSSH2_FREE(session, data); >>> if (response < 0) { >>> @@ -403,6 +405,7 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >>> if (session->pkeyInit_state == libssh2_NB_state_sent3) { >>> while (1) { >>> unsigned char *s; >>> + unsigned char *end; >>> rc = publickey_packet_receive(session->pkeyInit_pkey, >>> &session->pkeyInit_data, >>> &session->pkeyInit_data_len); >>> @@ -419,6 +422,7 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >>> } >>> >>> s = session->pkeyInit_data; >>> + end = session->pkeyInit_data + session->pkeyInit_data_len; >>> if ((response = >>> publickey_response_id(&s, session->pkeyInit_data_len)) < 0) { >>> _libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >>> @@ -432,19 +436,33 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >>> { >>> unsigned long status, descr_len, lang_len; >>> >>> - status = _libssh2_ntohu32(s); >>> - s += 4; >>> - descr_len = _libssh2_ntohu32(s); >>> - s += 4; >>> - /* description starts here */ >>> - s += descr_len; >>> - lang_len = _libssh2_ntohu32(s); >>> - s += 4; >>> - /* lang starts here */ >>> - s += lang_len; >>> - >>> - if (s > >>> - session->pkeyInit_data + session->pkeyInit_data_len) { >>> + if (4*2 > end - s) >>> + s = NULL; >>> + else { >>> + status = _libssh2_ntohu32(s); >>> + s += 4; >>> + descr_len = _libssh2_ntohu32(s); >>> + s += 4; >>> + /* description starts here */ >>> + if (descr_len > (size_t)(end - s)) >>> + s = NULL; >>> + else { >>> + s += descr_len; >>> + if (4 > end - s) >>> + s = NULL; >>> + else { >>> + lang_len = _libssh2_ntohu32(s); >>> + s += 4; >>> + /* lang starts here */ >>> + if (lang_len > (size_t)(end - s)) >>> + s = NULL; >>> + else >>> + s += lang_len; >>> + } >>> + } >>> + } >>> + >>> + if (s == NULL) { >>> _libssh2_error(session, >>> LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >>> "Malformed publickey subsystem packet"); >>> @@ -810,6 +828,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>> } >>> >>> while (1) { >>> + unsigned char *end; >>> rc = publickey_packet_receive(pkey, &pkey->listFetch_data, >>> &pkey->listFetch_data_len); >>> if (rc == LIBSSH2_ERROR_EAGAIN) { >>> @@ -822,6 +841,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>> } >>> >>> pkey->listFetch_s = pkey->listFetch_data; >>> + end = pkey->listFetch_data + pkey->listFetch_data_len; >>> if ((response = >>> publickey_response_id(&pkey->listFetch_s, >>> pkey->listFetch_data_len)) < 0) { >>> @@ -836,19 +856,34 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>> { >>> unsigned long status, descr_len, lang_len; >>> >>> - status = _libssh2_ntohu32(pkey->listFetch_s); >>> - pkey->listFetch_s += 4; >>> - descr_len = _libssh2_ntohu32(pkey->listFetch_s); >>> - pkey->listFetch_s += 4; >>> - /* description starts at pkey->listFetch_s */ >>> - pkey->listFetch_s += descr_len; >>> - lang_len = _libssh2_ntohu32(pkey->listFetch_s); >>> - pkey->listFetch_s += 4; >>> - /* lang starts at pkey->listFetch_s */ >>> - pkey->listFetch_s += lang_len; >>> - >>> - if (pkey->listFetch_s > >>> - pkey->listFetch_data + pkey->listFetch_data_len) { >>> + if (4*2 > end - pkey->listFetch_s) >>> + pkey->listFetch_s = NULL; >>> + else { >>> + status = _libssh2_ntohu32(pkey->listFetch_s); >>> + pkey->listFetch_s += 4; >>> + descr_len = _libssh2_ntohu32(pkey->listFetch_s); >>> + pkey->listFetch_s += 4; >>> + if (descr_len > (size_t)(end - pkey->listFetch_s)) >>> + pkey->listFetch_s = NULL; >>> + else { >>> + /* description starts at pkey->listFetch_s */ >>> + pkey->listFetch_s += descr_len; >>> + if (4 > end - pkey->listFetch_s) >>> + pkey->listFetch_s = NULL; >>> + else { >>> + lang_len = _libssh2_ntohu32(pkey->listFetch_s); >>> + pkey->listFetch_s += 4; >>> + if (lang_len > (size_t)(end - pkey->listFetch_s)) >>> + pkey->listFetch_s = NULL; >>> + else { >>> + /* lang starts at pkey->listFetch_s */ >>> + pkey->listFetch_s += lang_len; >>> + } >>> + } >>> + } >>> + } >>> + >>> + if (pkey->listFetch_s == NULL) { >>> _libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >>> "Malformed publickey subsystem packet"); >>> goto err_exit; >>> @@ -887,8 +922,12 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>> if (pkey->version == 1) { >>> unsigned long comment_len; >>> >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> comment_len = _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (comment_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> if (comment_len) { >>> list[keys].num_attrs = 1; >>> list[keys].attrs = >>> @@ -911,24 +950,42 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>> list[keys].num_attrs = 0; >>> list[keys].attrs = NULL; >>> } >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].name_len = _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (list[keys].name_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> list[keys].name = pkey->listFetch_s; >>> pkey->listFetch_s += list[keys].name_len; >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].blob_len = _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (list[keys].blob_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> list[keys].blob = pkey->listFetch_s; >>> pkey->listFetch_s += list[keys].blob_len; >>> } else { >>> /* Version == 2 */ >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].name_len = _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (list[keys].name_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> list[keys].name = pkey->listFetch_s; >>> pkey->listFetch_s += list[keys].name_len; >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].blob_len = _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (list[keys].blob_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> list[keys].blob = pkey->listFetch_s; >>> pkey->listFetch_s += list[keys].blob_len; >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].num_attrs = _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> if (list[keys].num_attrs) { >>> @@ -943,14 +1000,22 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>> goto err_exit; >>> } >>> for(i = 0; i < list[keys].num_attrs; i++) { >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].attrs[i].name_len = >>> _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (list[keys].attrs[i].name_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> list[keys].attrs[i].name = (char *) pkey->listFetch_s; >>> pkey->listFetch_s += list[keys].attrs[i].name_len; >>> + if (4 > end - pkey->listFetch_s) >>> + goto err_exit; >>> list[keys].attrs[i].value_len = >>> _libssh2_ntohu32(pkey->listFetch_s); >>> pkey->listFetch_s += 4; >>> + if (list[keys].attrs[i].value_len > (size_t)(end - pkey->listFetch_s)) >>> + goto err_exit; >>> list[keys].attrs[i].value = (char *) pkey->listFetch_s; >>> pkey->listFetch_s += list[keys].attrs[i].value_len; >>> >>> diff --git a/src/session.c b/src/session.c >>> index 06e61dd..ba1bad5 100644 >>> --- a/src/session.c >>> +++ b/src/session.c >>> @@ -763,6 +763,7 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) >>> return rc; >>> >>> session->startup_service_length = >>> + (5 > session->startup_data_len) ? 0 : >>> _libssh2_ntohu32(session->startup_data + 1); >>> >>> if ((session->startup_service_length != (sizeof("ssh-userauth") - 1)) >>> @@ -1410,6 +1411,7 @@ libssh2_poll_channel_read(LIBSSH2_CHANNEL *channel, int extended) >>> packet = _libssh2_list_first(&session->packets); >>> >>> while (packet) { >>> + /* XXX assert(packet->data_len >= 5) XXX */ >>> if ( channel->local.id == _libssh2_ntohu32(packet->data + 1)) { >>> if ( extended == 1 && >>> (packet->data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA >>> diff --git a/src/sftp.c b/src/sftp.c >>> index c142713..ad38638 100644 >>> --- a/src/sftp.c >>> +++ b/src/sftp.c >>> @@ -249,6 +249,7 @@ sftp_packet_add(LIBSSH2_SFTP *sftp, unsigned char *data, >>> "Out of sync with the world"); >>> } >>> >>> + /* XXX ??? assert(data_len >= 5); XXX */ >>> request_id = _libssh2_ntohu32(&data[1]); >>> >>> _libssh2_debug(session, LIBSSH2_TRACE_SFTP, "Received packet id %d", >>> @@ -635,21 +636,25 @@ sftp_attr2bin(unsigned char *p, const LIBSSH2_SFTP_ATTRIBUTES * attrs) >>> >>> /* sftp_bin2attr >>> */ >>> -static int >>> -sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) >>> +static const unsigned char * >>> +sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *s, const unsigned char *end) >>> { >>> - const unsigned char *s = p; >>> - >>> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >>> + if (4 < end - p) >>> + return NULL; >>> attrs->flags = _libssh2_ntohu32(s); >>> s += 4; >>> >>> if (attrs->flags & LIBSSH2_SFTP_ATTR_SIZE) { >>> + if (8 < end - p) >>> + return NULL; >>> attrs->filesize = _libssh2_ntohu64(s); >>> s += 8; >>> } >>> >>> if (attrs->flags & LIBSSH2_SFTP_ATTR_UIDGID) { >>> + if (4*2 < end - p) >>> + return NULL; >>> attrs->uid = _libssh2_ntohu32(s); >>> s += 4; >>> attrs->gid = _libssh2_ntohu32(s); >>> @@ -657,18 +662,22 @@ sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) >>> } >>> >>> if (attrs->flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) { >>> + if (4 < end - p) >>> + return NULL; >>> attrs->permissions = _libssh2_ntohu32(s); >>> s += 4; >>> } >>> >>> if (attrs->flags & LIBSSH2_SFTP_ATTR_ACMODTIME) { >>> + if (4*2 < end - p) >>> + return NULL; >>> attrs->atime = _libssh2_ntohu32(s); >>> s += 4; >>> attrs->mtime = _libssh2_ntohu32(s); >>> s += 4; >>> } >>> >>> - return (s - p); >>> + return s; >>> } >>> >>> /* ************ >>> @@ -1698,7 +1707,7 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer, >>> if (attrs) >>> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >>> >>> - s += sftp_bin2attr(attrs ? attrs : &attrs_dummy, s); >>> + s = sftp_bin2attr(attrs ? attrs : &attrs_dummy, s, handle->u.dir.names_end); >>> >>> handle->u.dir.next_name = (char *) s; >>> end: >>> @@ -1789,6 +1798,7 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer, >>> >>> handle->u.dir.names_left = num_names; >>> handle->u.dir.names_packet = data; >>> + handle->u.dir.names_end = data + data_len; >>> handle->u.dir.next_name = (char *) data + 9; >>> >>> /* use the name popping mechanism from the start of the function */ >>> @@ -2252,7 +2262,7 @@ static int sftp_fstat(LIBSSH2_SFTP_HANDLE *handle, >>> } >>> } >>> >>> - sftp_bin2attr(attrs, data + 5); >>> + sftp_bin2attr(attrs, data + 5, data + data_len); >>> LIBSSH2_FREE(session, data); >>> >>> return 0; >>> @@ -2559,6 +2569,7 @@ static int sftp_unlink(LIBSSH2_SFTP *sftp, const char *filename, >>> >>> sftp->unlink_state = libssh2_NB_state_idle; >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> retcode = _libssh2_ntohu32(data + 5); >>> LIBSSH2_FREE(session, data); >>> >>> @@ -2669,6 +2680,7 @@ static int sftp_rename(LIBSSH2_SFTP *sftp, const char *source_filename, >>> >>> sftp->rename_state = libssh2_NB_state_idle; >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> retcode = _libssh2_ntohu32(data + 5); >>> LIBSSH2_FREE(session, data); >>> >>> @@ -2793,6 +2805,7 @@ static int sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, LIBSSH2_SFTP_STATVFS *st) >>> "Error waiting for FXP EXTENDED REPLY"); >>> } >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> if (data[0] == SSH_FXP_STATUS) { >>> int retcode = _libssh2_ntohu32(data + 5); >>> sftp->fstatvfs_state = libssh2_NB_state_idle; >>> @@ -2919,6 +2932,7 @@ static int sftp_statvfs(LIBSSH2_SFTP *sftp, const char *path, >>> "Error waiting for FXP EXTENDED REPLY"); >>> } >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> if (data[0] == SSH_FXP_STATUS) { >>> int retcode = _libssh2_ntohu32(data + 5); >>> sftp->statvfs_state = libssh2_NB_state_idle; >>> @@ -3051,6 +3065,7 @@ static int sftp_mkdir(LIBSSH2_SFTP *sftp, const char *path, >>> >>> sftp->mkdir_state = libssh2_NB_state_idle; >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> retcode = _libssh2_ntohu32(data + 5); >>> LIBSSH2_FREE(session, data); >>> >>> @@ -3145,6 +3160,7 @@ static int sftp_rmdir(LIBSSH2_SFTP *sftp, const char *path, >>> >>> sftp->rmdir_state = libssh2_NB_state_idle; >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> retcode = _libssh2_ntohu32(data + 5); >>> LIBSSH2_FREE(session, data); >>> >>> @@ -3188,6 +3204,7 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >>> ((stat_type == >>> LIBSSH2_SFTP_SETSTAT) ? sftp_attrsize(attrs->flags) : 0); >>> unsigned char *s, *data; >>> + unsigned char *data_end; >>> static const unsigned char stat_responses[2] = >>> { SSH_FXP_ATTRS, SSH_FXP_STATUS }; >>> int rc; >>> @@ -3258,6 +3275,8 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >>> >>> sftp->stat_state = libssh2_NB_state_idle; >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> + >>> if (data[0] == SSH_FXP_STATUS) { >>> int retcode; >>> >>> @@ -3273,7 +3292,7 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >>> } >>> >>> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >>> - sftp_bin2attr(attrs, data + 5); >>> + sftp_bin2attr(attrs, data + 5, data + data_len); >>> LIBSSH2_FREE(session, data); >>> >>> return 0; >>> @@ -3389,6 +3408,8 @@ static int sftp_symlink(LIBSSH2_SFTP *sftp, const char *path, >>> >>> sftp->symlink_state = libssh2_NB_state_idle; >>> >>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>> + >>> if (data[0] == SSH_FXP_STATUS) { >>> int retcode; >>> >>> @@ -3410,8 +3431,13 @@ static int sftp_symlink(LIBSSH2_SFTP *sftp, const char *path, >>> "no name entries"); >>> } >>> >>> + /* XXX ??? assert(data_len >= 5+4*2); XXX */ >>> + >>> /* this reads a u32 and stores it into a signed 32bit value */ >>> link_len = _libssh2_ntohu32(data + 9); >>> + >>> + /* XXX ??? assert(data_len-(5+4*2) >= link_len); XXX */ >>> + >>> if (link_len < target_len) { >>> memcpy(target, data + 13, link_len); >>> target[link_len] = 0; >>> diff --git a/src/sftp.h b/src/sftp.h >>> index 2ed32ce..91fc0a7 100644 >>> --- a/src/sftp.h >>> +++ b/src/sftp.h >>> @@ -122,6 +122,7 @@ struct _LIBSSH2_SFTP_HANDLE >>> uint32_t names_left; >>> void *names_packet; >>> char *next_name; >>> + char *names_end; >>> } dir; >>> } u; >>> >>> diff --git a/src/userauth.c b/src/userauth.c >>> index cdfa25e..c799a40 100644 >>> --- a/src/userauth.c >>> +++ b/src/userauth.c >>> @@ -69,6 +69,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, >>> service(14)"ssh-connection" + method_len(4) = 27 */ >>> unsigned long methods_len; >>> unsigned char *s; >>> + unsigned char *end; >>> int rc; >>> >>> if (session->userauth_list_state == libssh2_NB_state_idle) { >>> @@ -143,7 +144,18 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, >>> return NULL; >>> } >>> >>> + if (5 > session->userauth_list_data_len) { >>> + /* XXX ??? XXX */ >>> +userauth_packet_overrun: >>> + LIBSSH2_FREE(session, session->userauth_list_data); >>> + session->userauth_list_data = NULL; >>> + session->userauth_list_state = libssh2_NB_state_idle; >>> + return NULL; >>> + } >>> methods_len = _libssh2_ntohu32(session->userauth_list_data + 1); >>> + if (methods_len > session->userauth_list_data_len - 5) { >>> + goto userauth_packet_overrun; >>> + } >>> >>> /* Do note that the memory areas overlap! */ >>> memmove(session->userauth_list_data, session->userauth_list_data + 5, >>> @@ -1561,6 +1573,7 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>> LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback))) >>> { >>> unsigned char *s; >>> + unsigned char *end; >>> int rc; >>> >>> static const unsigned char reply_codes[4] = { >>> @@ -1685,10 +1698,15 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>> >>> /* server requested PAM-like conversation */ >>> s = session->userauth_kybd_data + 1; >>> + end = session->userauth_kybd_data + session->userauth_kybd_data_len; >>> >>> /* string name (ISO-10646 UTF-8) */ >>> + if (4 > end - s) >>> + goto cleanup; /* XXX ??? XXX */ >>> session->userauth_kybd_auth_name_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (session->userauth_kybd_auth_name_len > (size_t)(end - s)) >>> + goto cleanup; /* XXX ??? XXX */ >>> if(session->userauth_kybd_auth_name_len) { >>> session->userauth_kybd_auth_name = >>> LIBSSH2_ALLOC(session, >>> @@ -1706,8 +1724,12 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>> } >>> >>> /* string instruction (ISO-10646 UTF-8) */ >>> + if (4 > end - s) >>> + goto cleanup; /* XXX ??? XXX */ >>> session->userauth_kybd_auth_instruction_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (session->userauth_kybd_auth_instruction_len > (size_t)(end - s)) >>> + goto cleanup; /* XXX ??? XXX */ >>> if(session->userauth_kybd_auth_instruction_len) { >>> session->userauth_kybd_auth_instruction = >>> LIBSSH2_ALLOC(session, >>> @@ -1725,13 +1747,19 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>> } >>> >>> /* string language tag (as defined in [RFC-3066]) */ >>> + if (4 > end - s) >>> + goto cleanup; /* XXX ??? XXX */ >>> language_tag_len = _libssh2_ntohu32(s); >>> s += 4; >>> + if (language_tag_len > (size_t)(end - s)) >>> + goto cleanup; /* XXX ??? XXX */ >>> >>> /* ignoring this field as deprecated */ >>> s += language_tag_len; >>> >>> /* int num-prompts */ >>> + if (4 > end - s) >>> + goto cleanup; /* XXX ??? XXX */ >>> session->userauth_kybd_num_prompts = _libssh2_ntohu32(s); >>> s += 4; >>> >>> @@ -1760,9 +1788,13 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>> >>> for(i = 0; i < session->userauth_kybd_num_prompts; i++) { >>> /* string prompt[1] (ISO-10646 UTF-8) */ >>> + if (4 > end - s) >>> + goto cleanup; /* XXX ??? XXX */ >>> session->userauth_kybd_prompts[i].length = >>> _libssh2_ntohu32(s); >>> s += 4; >>> + if (session->userauth_kybd_prompts[i].length > (size_t)(end - s)) >>> + goto cleanup; /* XXX ??? XXX */ >>> session->userauth_kybd_prompts[i].text = >>> LIBSSH2_CALLOC(session, >>> session->userauth_kybd_prompts[i].length); _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel From libssh2-devel-bounces@cool.haxx.se Sun Mar 31 20:38:31 2019 Return-Path: Received: from www.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id x2VIcECW001499; Sun, 31 Mar 2019 20:38:29 +0200 Received: from mail.panic.com (mail.panic.com [38.103.165.36]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x2VIcBCg001464 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 31 Mar 2019 20:38:12 +0200 Received: from [192.168.1.121] (c-24-22-78-147.hsd1.or.comcast.net [24.22.78.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.panic.com (Postfix) with ESMTPSA id 33F4228B for ; Sun, 31 Mar 2019 11:38:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=panic.com; s=dkim; t=1554057486; bh=CM03b08ozNXWyl+WGSGhRT3Lgczp2Y9AeJJv8UHAmbc=; h=From:Date:Subject:References:In-Reply-To:To; b=RahL9dNXmDcVhiNgRBjWLzrM4BKidXseVUIzu/04Vy10BsvYfflf82U4AH2nV00Zv 7N0Av3YakCAwh/AxuAj7y60fab4NKBijesgnAxApH6xszX0MUWgyuUqErNv8gejzFo SRdwfHpXssMk90OrhsaOiNTjpPx1mq1AIvK1o+Uo= From: Will Cosgrove Mime-Version: 1.0 (1.0) Date: Sun, 31 Mar 2019 11:38:05 -0700 Subject: Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads Message-Id: <7DF9FA2F-FAF8-478E-B56B-4D8C04688FBF@panic.com> References: <8cc68255-11c0-5800-dfcc-d5da595d8874@gmail.com> In-Reply-To: To: libssh2 development X-Mailer: iPhone Mail (16E227) X-MIME-Autoconverted: from quoted-printable to 8bit by giant.haxx.se id x2VIcBCg001464 X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: text/plain; charset="utf-8" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by giant.haxx.se id x2VIcECW001499 The 1.8.x branch fixes only resolves the issues brought up by the Conicanal review while master contains a more exhaustive review and is highly recommended to use. I will submit a patch on Monday for the check length function, thanks for bringing that to our attention. That said, the project is in need of people who contribute and it would be very helpful if you would submit a PR regardless of past PRs not being taken for whatever reason. Thanks, Will > On Mar 31, 2019, at 11:22 AM, Yuriy M. Kaminskiy wrote: > >> On 31.03.2019 14:23, Yuriy M. Kaminskiy wrote: >> FTR, (some) problems that was addressed by this patch was (apparently >> independently) rediscovered 3 years later, assigned CVE-2019-38{55...63} >> and fixed (differently; I have not checked if fixed code covers all >> cases was covered by my patch). >> >> BTW, _libssh2_check_length() that is extensively used by current code is >> broken/incorrect; e.g. suppose >> >> buf->dataptr = buf->data, buf->len = 5, len = 0xfffffff7 >> >> then _libssh2_check_length(buf, len) will return 1; uh-doh. >> >> With obvious security implications. >> >> (No, I'm not going to compose patch to be ignored for another 3 years). > > Ah, yeah, forgot to look at 1.8.x branch. No _check_length there, but > other problematic code present instead: > > uint32_t len = _libssh2_ntohu32(data + 5); > ... > if((len + 9) < datalen) > > Broken when len > UINT32_MAX - 9. > > if(datalen >= 9) { > message_len = _libssh2_ntohu32(data + 5); > if(message_len < datalen-13) { > > Broken when datalen >= 9 && datalen < 13 (and there are more similar code). > > etc. > >>> On 2016-03-27 22:28 , Yuriy M. Kaminskiy wrote: >>> Ping? I'd like to stress out this issue has security imlications. At >>> very least, DoS (and this is not a standalone application, so it is not >>> a minor issue), and maybe host memory exposure too. (However, it is only >>> heap over-reads, without heap/stack over-writes, so no risk of >>> escalating to remote code execution). >>> >>>> On 02/25/16 03:10 , Yuriy M. Kaminskiy wrote: >>>> "George Garner (online)" writes: >>>> [...] >>>>> 3. Where is the p_len/group_order parameter validated? In >>>>> kex_method_diffie_hellman_group_exchange_sha256_key_exchange it is >>>>> converted from network byte order and accepted at face value. What >>>>> happens if a malicious packet is received with a bogus value for >>>>> p_len? >>>> >>>> Maybe I miss something, but it looks like this defect (blindly trust >>>> various 32-bit length that was sent remote side and don't verify if it >>>> fits buffer) is *everywhere* in libssh2. I've sent some patches for >>>> kex.c via gh pull request, but quickly discovered it is much worse. Very >>>> WIP (and incomplete) patch for *other* files is attached; unfortunately, >>>> in most cases, I have no idea how such errors should be handled within libssh2, >>>> don't know libssh2 code base well enough, so I give up at this. >>>> >>>> Note that in early connection setup "malicious server" is not required, >>>> "malicious MITM" can insert broken packets as well. >>>> >>>> In general, please re-review all `grep ntoh -r src/`, in many cases >>>> surrounding code looks problematic in one way or other. >>>> >>>> >>>> --- >>>> Changelog: >>>> v2: fixed obvious errors >>>> Note: This is still NOT COMPLETE work, all XXX comment must be reviewed and acted upon. >>>> >>>> src/agent.c | 32 ++++++++-------- >>>> src/channel.c | 10 ++++- >>>> src/hostkey.c | 19 +++++++-- >>>> src/kex.c | 43 +++++++++++---------- >>>> src/packet.c | 45 +++++++++++++++++----- >>>> src/publickey.c | 117 +++++++++++++++++++++++++++++++++++++++++++------------- >>>> src/session.c | 2 + >>>> src/sftp.c | 42 ++++++++++++++++---- >>>> src/sftp.h | 1 + >>>> src/userauth.c | 32 ++++++++++++++++ >>>> 10 files changed, 260 insertions(+), 83 deletions(-) >>>> >>>> diff --git a/src/agent.c b/src/agent.c >>>> index c2ba422..255b63d 100644 >>>> --- a/src/agent.c >>>> +++ b/src/agent.c >>>> @@ -449,12 +449,12 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, >>>> goto error; >>>> } >>>> method_len = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - len -= method_len; >>>> - if (len < 0) { >>>> + if (method_len < 0 || len < method_len) { >>>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>>> goto error; >>>> } >>>> + s += 4; >>>> + len -= method_len; >>>> s += method_len; >>>> >>>> /* Read the signature */ >>>> @@ -464,12 +464,12 @@ agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, >>>> goto error; >>>> } >>>> *sig_len = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - len -= *sig_len; >>>> - if (len < 0) { >>>> + if ((size_t)len < *sig_len) { >>>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>>> goto error; >>>> } >>>> + len -= *sig_len; >>>> + s += 4; >>>> >>>> *sig = LIBSSH2_ALLOC(session, *sig_len); >>>> if (!*sig) { >>>> @@ -558,15 +558,15 @@ agent_list_identities(LIBSSH2_AGENT *agent) >>>> goto error; >>>> } >>>> identity->external.blob_len = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - >>>> - /* Read the blob */ >>>> - len -= identity->external.blob_len; >>>> - if (len < 0) { >>>> + if ((size_t)len < identity->external.blob_len) { >>>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>>> LIBSSH2_FREE(agent->session, identity); >>>> goto error; >>>> } >>>> + s += 4; >>>> + >>>> + /* Read the blob */ >>>> + len -= identity->external.blob_len; >>>> >>>> identity->external.blob = LIBSSH2_ALLOC(agent->session, >>>> identity->external.blob_len); >>>> @@ -587,16 +587,16 @@ agent_list_identities(LIBSSH2_AGENT *agent) >>>> goto error; >>>> } >>>> comment_len = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - >>>> - /* Read the comment */ >>>> - len -= comment_len; >>>> - if (len < 0) { >>>> + if (comment_len < 0 || len < comment_len) { >>>> rc = LIBSSH2_ERROR_AGENT_PROTOCOL; >>>> LIBSSH2_FREE(agent->session, identity->external.blob); >>>> LIBSSH2_FREE(agent->session, identity); >>>> goto error; >>>> } >>>> + s += 4; >>>> + >>>> + /* Read the comment */ >>>> + len -= comment_len; >>>> >>>> identity->external.comment = LIBSSH2_ALLOC(agent->session, >>>> comment_len + 1); >>>> diff --git a/src/channel.c b/src/channel.c >>>> index 32d914d..38572be 100644 >>>> --- a/src/channel.c >>>> +++ b/src/channel.c >>>> @@ -225,6 +225,7 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >>>> } >>>> >>>> if (session->open_state == libssh2_NB_state_sent) { >>>> + unsigned char *end; >>>> rc = _libssh2_packet_requirev(session, reply_codes, >>>> &session->open_data, >>>> &session->open_data_len, 1, >>>> @@ -238,7 +239,11 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >>>> goto channel_error; >>>> } >>>> >>>> + end = session->open_data + session->open_data_len; >>>> + >>>> if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_CONFIRMATION) { >>>> + if (13+4 > (end - session->open_data)) >>>> + goto channel_error; >>>> session->open_channel->remote.id = >>>> _libssh2_ntohu32(session->open_data + 5); >>>> session->open_channel->local.window_size = >>>> @@ -265,7 +270,8 @@ _libssh2_channel_open(LIBSSH2_SESSION * session, const char *channel_type, >>>> return session->open_channel; >>>> } >>>> >>>> - if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) { >>>> + if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE && >>>> + 4 <= (end - (session->open_data + 5))) { >>>> unsigned int reason_code = _libssh2_ntohu32(session->open_data + 5); >>>> switch (reason_code) { >>>> case SSH_OPEN_ADMINISTRATIVELY_PROHIBITED: >>>> @@ -1399,6 +1405,7 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) >>>> >>>> if (((packet_type == SSH_MSG_CHANNEL_DATA) >>>> || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) >>>> + && packet->data_len >= 5 + (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA ? 4 : 0) >>>> && (_libssh2_ntohu32(packet->data + 1) == channel->local.id)) { >>>> /* It's our channel at least */ >>>> long packet_stream_id = >>>> @@ -1418,6 +1425,7 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) >>>> bytes_to_flush, packet_stream_id, >>>> channel->local.id, channel->remote.id); >>>> >>>> + /* XXX assert(packet->data_len >= 13); XXX */ >>>> /* It's one of the streams we wanted to flush */ >>>> channel->flush_refund_bytes += packet->data_len - 13; >>>> channel->flush_flush_bytes += bytes_to_flush; >>>> diff --git a/src/hostkey.c b/src/hostkey.c >>>> index 2a0a8f9..7b780e2 100644 >>>> --- a/src/hostkey.c >>>> +++ b/src/hostkey.c >>>> @@ -66,31 +66,42 @@ hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session, >>>> libssh2_rsa_ctx *rsactx; >>>> const unsigned char *s, *e, *n; >>>> unsigned long len, e_len, n_len; >>>> + const unsigned char *end = hostkey_data + hostkey_data_len; >>>> int ret; >>>> >>>> - (void) hostkey_data_len; >>>> - >>>> if (*abstract) { >>>> hostkey_method_ssh_rsa_dtor(session, abstract); >>>> *abstract = NULL; >>>> } >>>> >>>> s = hostkey_data; >>>> + if (4 > end - s) >>>> + return -1; >>>> len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (len > (size_t)(end - s)) >>>> + return -1; >>>> >>>> if (len != 7 || strncmp((char *) s, "ssh-rsa", 7) != 0) { >>>> return -1; >>>> } >>>> - s += 7; >>>> + s += len; >>>> >>>> + if (4 > end - s) >>>> + return -1; >>>> e_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (e_len > (size_t)(end - s)) >>>> + return -1; >>>> >>>> e = s; >>>> s += e_len; >>>> + if (4 > end - s) >>>> + return -1; >>>> n_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (n_len > (size_t)(end - s)) >>>> + return -1; >>>> n = s; >>>> >>>> ret = _libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0, >>>> @@ -181,6 +192,8 @@ hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION * session, >>>> (void) session; >>>> >>>> /* Skip past keyname_len(4) + keyname(7){"ssh-rsa"} + signature_len(4) */ >>>> + if (15 > sig_len) >>>> + return -1; >>>> sig += 15; >>>> sig_len -= 15; >>>> return _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len); >>>> diff --git a/src/kex.c b/src/kex.c >>>> index 40dbeab..2381d52 100644 >>>> --- a/src/kex.c >>>> +++ b/src/kex.c >>>> @@ -2463,21 +2463,20 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, >>>> * within the given packet. >>>> */ >>>> static int kex_string_pair(unsigned char **sp, /* parsing position */ >>>> - unsigned char *data, /* start pointer to packet */ >>>> - size_t data_len, /* size of total packet */ >>>> + unsigned char *end, /* end of packet */ >>>> size_t *lenp, /* length of the string */ >>>> unsigned char **strp) /* pointer to string start */ >>>> { >>>> unsigned char *s = *sp; >>>> - *lenp = _libssh2_ntohu32(s); >>>> >>>> - /* the length of the string must fit within the current pointer and the >>>> - end of the packet */ >>>> - if (*lenp > (data_len - (s - data) -4)) >>>> + if (4 > end - s) >>>> return 1; >>>> - *strp = s + 4; >>>> - s += 4 + *lenp; >>>> - >>>> + *lenp = _libssh2_ntohu32(s); >>>> + s += 4; >>>> + if (*lenp > (size_t)(end - s)) >>>> + return 1; >>>> + *strp = s; >>>> + s += *lenp; >>>> *sp = s; >>>> return 0; >>>> } >>>> @@ -2493,6 +2492,10 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >>>> size_t kex_len, hostkey_len, crypt_cs_len, crypt_sc_len, comp_cs_len; >>>> size_t comp_sc_len, mac_cs_len, mac_sc_len; >>>> unsigned char *s = data; >>>> + unsigned char *end = data + data_len; >>>> + >>>> + if (1 + 16 > end - s) >>>> + return -1; >>>> >>>> /* Skip packet_type, we know it already */ >>>> s++; >>>> @@ -2501,21 +2504,24 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >>>> s += 16; >>>> >>>> /* Locate each string */ >>>> - if(kex_string_pair(&s, data, data_len, &kex_len, &kex)) >>>> + if(kex_string_pair(&s, end, &kex_len, &kex)) >>>> + return -1; >>>> + if(kex_string_pair(&s, end, &hostkey_len, &hostkey)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &hostkey_len, &hostkey)) >>>> + if(kex_string_pair(&s, end, &crypt_cs_len, &crypt_cs)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &crypt_cs_len, &crypt_cs)) >>>> + if(kex_string_pair(&s, end, &crypt_sc_len, &crypt_sc)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &crypt_sc_len, &crypt_sc)) >>>> + if(kex_string_pair(&s, end, &mac_cs_len, &mac_cs)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &mac_cs_len, &mac_cs)) >>>> + if(kex_string_pair(&s, end, &mac_sc_len, &mac_sc)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &mac_sc_len, &mac_sc)) >>>> + if(kex_string_pair(&s, end, &comp_cs_len, &comp_cs)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &comp_cs_len, &comp_cs)) >>>> + if(kex_string_pair(&s, end, &comp_sc_len, &comp_sc)) >>>> return -1; >>>> - if(kex_string_pair(&s, data, data_len, &comp_sc_len, &comp_sc)) >>>> + >>>> + if (1 > end - s) >>>> return -1; >>>> >>>> /* If the server sent an optimistic packet, assume that it guessed wrong. >>>> @@ -2524,9 +2530,6 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, >>>> session->burn_optimistic_kexinit = *(s++); >>>> /* Next uint32 in packet is all zeros (reserved) */ >>>> >>>> - if (data_len < (unsigned) (s - data)) >>>> - return -1; /* short packet */ >>>> - >>>> if (kex_agree_kex_hostkey(session, kex, kex_len, hostkey, hostkey_len)) { >>>> return -1; >>>> } >>>> diff --git a/src/packet.c b/src/packet.c >>>> index 5f1feb8..3659daa 100644 >>>> --- a/src/packet.c >>>> +++ b/src/packet.c >>>> @@ -85,10 +85,12 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, >>>> char failure_code = SSH_OPEN_ADMINISTRATIVELY_PROHIBITED; >>>> int rc; >>>> >>>> - (void) datalen; >>>> - >>>> if (listen_state->state == libssh2_NB_state_idle) { >>>> unsigned char *s = data + (sizeof("forwarded-tcpip") - 1) + 5; >>>> + unsigned char *end = data + datalen; >>>> + if (4*4 > (end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> listen_state->sender_channel = _libssh2_ntohu32(s); >>>> s += 4; >>>> >>>> @@ -99,15 +101,27 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, >>>> >>>> listen_state->host_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (listen_state->host_len > (size_t)(end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> listen_state->host = s; >>>> s += listen_state->host_len; >>>> + if (4*2 > (end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> listen_state->port = _libssh2_ntohu32(s); >>>> s += 4; >>>> >>>> listen_state->shost_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (listen_state->shost_len > (size_t)(end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> listen_state->shost = s; >>>> s += listen_state->shost_len; >>>> + if (4 > (end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> listen_state->sport = _libssh2_ntohu32(s); >>>> >>>> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >>>> @@ -271,10 +285,12 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, >>>> LIBSSH2_CHANNEL *channel = x11open_state->channel; >>>> int rc; >>>> >>>> - (void) datalen; >>>> - >>>> if (x11open_state->state == libssh2_NB_state_idle) { >>>> unsigned char *s = data + (sizeof("x11") - 1) + 5; >>>> + unsigned char *end = data + datalen; >>>> + if (4*4 > (end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> x11open_state->sender_channel = _libssh2_ntohu32(s); >>>> s += 4; >>>> x11open_state->initial_window_size = _libssh2_ntohu32(s); >>>> @@ -283,8 +299,14 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, >>>> s += 4; >>>> x11open_state->shost_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (x11open_state->shost_len > (size_t)(end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> x11open_state->shost = s; >>>> s += x11open_state->shost_len; >>>> + if (4 > (end - s)) { >>>> + return 0; /* XXX ??? XXX */ >>>> + } >>>> x11open_state->sport = _libssh2_ntohu32(s); >>>> >>>> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >>>> @@ -807,22 +829,26 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, >>>> else if (len == sizeof("exit-signal") - 1 >>>> && !memcmp("exit-signal", data + 9, >>>> sizeof("exit-signal") - 1)) { >>>> + unsigned char *end = data + datalen; >>>> + unsigned char *s = data + 9 + sizeof("exit-signal"); >>>> /* command terminated due to signal */ >>>> if(datalen >= 20) >>>> channelp = _libssh2_channel_locate(session, channel); >>>> >>>> - if (channelp) { >>>> + if (channelp && end - s >= 4) { >>>> /* set signal name (without SIG prefix) */ >>>> - uint32_t namelen = >>>> - _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); >>>> + uint32_t namelen = _libssh2_ntohu32(s); >>>> + s += 4; >>>> + if (namelen > (size_t)(end - s)) >>>> + /* XXX ??? XXX */; >>>> + else { >>>> channelp->exit_signal = >>>> LIBSSH2_ALLOC(session, namelen + 1); >>>> if (!channelp->exit_signal) >>>> rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, >>>> "memory for signal name"); >>>> else { >>>> - memcpy(channelp->exit_signal, >>>> - data + 13 + sizeof("exit_signal"), namelen); >>>> + memcpy(channelp->exit_signal, s, namelen); >>>> channelp->exit_signal[namelen] = '\0'; >>>> /* TODO: save error message and language tag */ >>>> _libssh2_debug(session, LIBSSH2_TRACE_CONN, >>>> @@ -832,6 +858,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, >>>> channelp->local.id, >>>> channelp->remote.id); >>>> } >>>> + } >>>> } >>>> } >>>> >>>> diff --git a/src/publickey.c b/src/publickey.c >>>> index bfee0a8..d19efb7 100644 >>>> --- a/src/publickey.c >>>> +++ b/src/publickey.c >>>> @@ -247,6 +247,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey) >>>> switch (response) { >>>> case LIBSSH2_PUBLICKEY_RESPONSE_STATUS: >>>> /* Error, or processing complete */ >>>> + if (data_len >= 4) >>>> { >>>> unsigned long status = _libssh2_ntohu32(s); >>>> >>>> @@ -258,6 +259,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey) >>>> publickey_status_error(pkey, session, status); >>>> return -1; >>>> } >>>> + /* fallthru */ >>>> default: >>>> LIBSSH2_FREE(session, data); >>>> if (response < 0) { >>>> @@ -403,6 +405,7 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >>>> if (session->pkeyInit_state == libssh2_NB_state_sent3) { >>>> while (1) { >>>> unsigned char *s; >>>> + unsigned char *end; >>>> rc = publickey_packet_receive(session->pkeyInit_pkey, >>>> &session->pkeyInit_data, >>>> &session->pkeyInit_data_len); >>>> @@ -419,6 +422,7 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >>>> } >>>> >>>> s = session->pkeyInit_data; >>>> + end = session->pkeyInit_data + session->pkeyInit_data_len; >>>> if ((response = >>>> publickey_response_id(&s, session->pkeyInit_data_len)) < 0) { >>>> _libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >>>> @@ -432,19 +436,33 @@ static LIBSSH2_PUBLICKEY *publickey_init(LIBSSH2_SESSION *session) >>>> { >>>> unsigned long status, descr_len, lang_len; >>>> >>>> - status = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - descr_len = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - /* description starts here */ >>>> - s += descr_len; >>>> - lang_len = _libssh2_ntohu32(s); >>>> - s += 4; >>>> - /* lang starts here */ >>>> - s += lang_len; >>>> - >>>> - if (s > >>>> - session->pkeyInit_data + session->pkeyInit_data_len) { >>>> + if (4*2 > end - s) >>>> + s = NULL; >>>> + else { >>>> + status = _libssh2_ntohu32(s); >>>> + s += 4; >>>> + descr_len = _libssh2_ntohu32(s); >>>> + s += 4; >>>> + /* description starts here */ >>>> + if (descr_len > (size_t)(end - s)) >>>> + s = NULL; >>>> + else { >>>> + s += descr_len; >>>> + if (4 > end - s) >>>> + s = NULL; >>>> + else { >>>> + lang_len = _libssh2_ntohu32(s); >>>> + s += 4; >>>> + /* lang starts here */ >>>> + if (lang_len > (size_t)(end - s)) >>>> + s = NULL; >>>> + else >>>> + s += lang_len; >>>> + } >>>> + } >>>> + } >>>> + >>>> + if (s == NULL) { >>>> _libssh2_error(session, >>>> LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >>>> "Malformed publickey subsystem packet"); >>>> @@ -810,6 +828,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>>> } >>>> >>>> while (1) { >>>> + unsigned char *end; >>>> rc = publickey_packet_receive(pkey, &pkey->listFetch_data, >>>> &pkey->listFetch_data_len); >>>> if (rc == LIBSSH2_ERROR_EAGAIN) { >>>> @@ -822,6 +841,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>>> } >>>> >>>> pkey->listFetch_s = pkey->listFetch_data; >>>> + end = pkey->listFetch_data + pkey->listFetch_data_len; >>>> if ((response = >>>> publickey_response_id(&pkey->listFetch_s, >>>> pkey->listFetch_data_len)) < 0) { >>>> @@ -836,19 +856,34 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>>> { >>>> unsigned long status, descr_len, lang_len; >>>> >>>> - status = _libssh2_ntohu32(pkey->listFetch_s); >>>> - pkey->listFetch_s += 4; >>>> - descr_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> - pkey->listFetch_s += 4; >>>> - /* description starts at pkey->listFetch_s */ >>>> - pkey->listFetch_s += descr_len; >>>> - lang_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> - pkey->listFetch_s += 4; >>>> - /* lang starts at pkey->listFetch_s */ >>>> - pkey->listFetch_s += lang_len; >>>> - >>>> - if (pkey->listFetch_s > >>>> - pkey->listFetch_data + pkey->listFetch_data_len) { >>>> + if (4*2 > end - pkey->listFetch_s) >>>> + pkey->listFetch_s = NULL; >>>> + else { >>>> + status = _libssh2_ntohu32(pkey->listFetch_s); >>>> + pkey->listFetch_s += 4; >>>> + descr_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> + pkey->listFetch_s += 4; >>>> + if (descr_len > (size_t)(end - pkey->listFetch_s)) >>>> + pkey->listFetch_s = NULL; >>>> + else { >>>> + /* description starts at pkey->listFetch_s */ >>>> + pkey->listFetch_s += descr_len; >>>> + if (4 > end - pkey->listFetch_s) >>>> + pkey->listFetch_s = NULL; >>>> + else { >>>> + lang_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> + pkey->listFetch_s += 4; >>>> + if (lang_len > (size_t)(end - pkey->listFetch_s)) >>>> + pkey->listFetch_s = NULL; >>>> + else { >>>> + /* lang starts at pkey->listFetch_s */ >>>> + pkey->listFetch_s += lang_len; >>>> + } >>>> + } >>>> + } >>>> + } >>>> + >>>> + if (pkey->listFetch_s == NULL) { >>>> _libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, >>>> "Malformed publickey subsystem packet"); >>>> goto err_exit; >>>> @@ -887,8 +922,12 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>>> if (pkey->version == 1) { >>>> unsigned long comment_len; >>>> >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> comment_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (comment_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> if (comment_len) { >>>> list[keys].num_attrs = 1; >>>> list[keys].attrs = >>>> @@ -911,24 +950,42 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>>> list[keys].num_attrs = 0; >>>> list[keys].attrs = NULL; >>>> } >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].name_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (list[keys].name_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> list[keys].name = pkey->listFetch_s; >>>> pkey->listFetch_s += list[keys].name_len; >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].blob_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (list[keys].blob_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> list[keys].blob = pkey->listFetch_s; >>>> pkey->listFetch_s += list[keys].blob_len; >>>> } else { >>>> /* Version == 2 */ >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].name_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (list[keys].name_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> list[keys].name = pkey->listFetch_s; >>>> pkey->listFetch_s += list[keys].name_len; >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].blob_len = _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (list[keys].blob_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> list[keys].blob = pkey->listFetch_s; >>>> pkey->listFetch_s += list[keys].blob_len; >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].num_attrs = _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> if (list[keys].num_attrs) { >>>> @@ -943,14 +1000,22 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, >>>> goto err_exit; >>>> } >>>> for(i = 0; i < list[keys].num_attrs; i++) { >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].attrs[i].name_len = >>>> _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (list[keys].attrs[i].name_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> list[keys].attrs[i].name = (char *) pkey->listFetch_s; >>>> pkey->listFetch_s += list[keys].attrs[i].name_len; >>>> + if (4 > end - pkey->listFetch_s) >>>> + goto err_exit; >>>> list[keys].attrs[i].value_len = >>>> _libssh2_ntohu32(pkey->listFetch_s); >>>> pkey->listFetch_s += 4; >>>> + if (list[keys].attrs[i].value_len > (size_t)(end - pkey->listFetch_s)) >>>> + goto err_exit; >>>> list[keys].attrs[i].value = (char *) pkey->listFetch_s; >>>> pkey->listFetch_s += list[keys].attrs[i].value_len; >>>> >>>> diff --git a/src/session.c b/src/session.c >>>> index 06e61dd..ba1bad5 100644 >>>> --- a/src/session.c >>>> +++ b/src/session.c >>>> @@ -763,6 +763,7 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) >>>> return rc; >>>> >>>> session->startup_service_length = >>>> + (5 > session->startup_data_len) ? 0 : >>>> _libssh2_ntohu32(session->startup_data + 1); >>>> >>>> if ((session->startup_service_length != (sizeof("ssh-userauth") - 1)) >>>> @@ -1410,6 +1411,7 @@ libssh2_poll_channel_read(LIBSSH2_CHANNEL *channel, int extended) >>>> packet = _libssh2_list_first(&session->packets); >>>> >>>> while (packet) { >>>> + /* XXX assert(packet->data_len >= 5) XXX */ >>>> if ( channel->local.id == _libssh2_ntohu32(packet->data + 1)) { >>>> if ( extended == 1 && >>>> (packet->data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA >>>> diff --git a/src/sftp.c b/src/sftp.c >>>> index c142713..ad38638 100644 >>>> --- a/src/sftp.c >>>> +++ b/src/sftp.c >>>> @@ -249,6 +249,7 @@ sftp_packet_add(LIBSSH2_SFTP *sftp, unsigned char *data, >>>> "Out of sync with the world"); >>>> } >>>> >>>> + /* XXX ??? assert(data_len >= 5); XXX */ >>>> request_id = _libssh2_ntohu32(&data[1]); >>>> >>>> _libssh2_debug(session, LIBSSH2_TRACE_SFTP, "Received packet id %d", >>>> @@ -635,21 +636,25 @@ sftp_attr2bin(unsigned char *p, const LIBSSH2_SFTP_ATTRIBUTES * attrs) >>>> >>>> /* sftp_bin2attr >>>> */ >>>> -static int >>>> -sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) >>>> +static const unsigned char * >>>> +sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *s, const unsigned char *end) >>>> { >>>> - const unsigned char *s = p; >>>> - >>>> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >>>> + if (4 < end - p) >>>> + return NULL; >>>> attrs->flags = _libssh2_ntohu32(s); >>>> s += 4; >>>> >>>> if (attrs->flags & LIBSSH2_SFTP_ATTR_SIZE) { >>>> + if (8 < end - p) >>>> + return NULL; >>>> attrs->filesize = _libssh2_ntohu64(s); >>>> s += 8; >>>> } >>>> >>>> if (attrs->flags & LIBSSH2_SFTP_ATTR_UIDGID) { >>>> + if (4*2 < end - p) >>>> + return NULL; >>>> attrs->uid = _libssh2_ntohu32(s); >>>> s += 4; >>>> attrs->gid = _libssh2_ntohu32(s); >>>> @@ -657,18 +662,22 @@ sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) >>>> } >>>> >>>> if (attrs->flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) { >>>> + if (4 < end - p) >>>> + return NULL; >>>> attrs->permissions = _libssh2_ntohu32(s); >>>> s += 4; >>>> } >>>> >>>> if (attrs->flags & LIBSSH2_SFTP_ATTR_ACMODTIME) { >>>> + if (4*2 < end - p) >>>> + return NULL; >>>> attrs->atime = _libssh2_ntohu32(s); >>>> s += 4; >>>> attrs->mtime = _libssh2_ntohu32(s); >>>> s += 4; >>>> } >>>> >>>> - return (s - p); >>>> + return s; >>>> } >>>> >>>> /* ************ >>>> @@ -1698,7 +1707,7 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer, >>>> if (attrs) >>>> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >>>> >>>> - s += sftp_bin2attr(attrs ? attrs : &attrs_dummy, s); >>>> + s = sftp_bin2attr(attrs ? attrs : &attrs_dummy, s, handle->u.dir.names_end); >>>> >>>> handle->u.dir.next_name = (char *) s; >>>> end: >>>> @@ -1789,6 +1798,7 @@ static ssize_t sftp_readdir(LIBSSH2_SFTP_HANDLE *handle, char *buffer, >>>> >>>> handle->u.dir.names_left = num_names; >>>> handle->u.dir.names_packet = data; >>>> + handle->u.dir.names_end = data + data_len; >>>> handle->u.dir.next_name = (char *) data + 9; >>>> >>>> /* use the name popping mechanism from the start of the function */ >>>> @@ -2252,7 +2262,7 @@ static int sftp_fstat(LIBSSH2_SFTP_HANDLE *handle, >>>> } >>>> } >>>> >>>> - sftp_bin2attr(attrs, data + 5); >>>> + sftp_bin2attr(attrs, data + 5, data + data_len); >>>> LIBSSH2_FREE(session, data); >>>> >>>> return 0; >>>> @@ -2559,6 +2569,7 @@ static int sftp_unlink(LIBSSH2_SFTP *sftp, const char *filename, >>>> >>>> sftp->unlink_state = libssh2_NB_state_idle; >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> retcode = _libssh2_ntohu32(data + 5); >>>> LIBSSH2_FREE(session, data); >>>> >>>> @@ -2669,6 +2680,7 @@ static int sftp_rename(LIBSSH2_SFTP *sftp, const char *source_filename, >>>> >>>> sftp->rename_state = libssh2_NB_state_idle; >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> retcode = _libssh2_ntohu32(data + 5); >>>> LIBSSH2_FREE(session, data); >>>> >>>> @@ -2793,6 +2805,7 @@ static int sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, LIBSSH2_SFTP_STATVFS *st) >>>> "Error waiting for FXP EXTENDED REPLY"); >>>> } >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> if (data[0] == SSH_FXP_STATUS) { >>>> int retcode = _libssh2_ntohu32(data + 5); >>>> sftp->fstatvfs_state = libssh2_NB_state_idle; >>>> @@ -2919,6 +2932,7 @@ static int sftp_statvfs(LIBSSH2_SFTP *sftp, const char *path, >>>> "Error waiting for FXP EXTENDED REPLY"); >>>> } >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> if (data[0] == SSH_FXP_STATUS) { >>>> int retcode = _libssh2_ntohu32(data + 5); >>>> sftp->statvfs_state = libssh2_NB_state_idle; >>>> @@ -3051,6 +3065,7 @@ static int sftp_mkdir(LIBSSH2_SFTP *sftp, const char *path, >>>> >>>> sftp->mkdir_state = libssh2_NB_state_idle; >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> retcode = _libssh2_ntohu32(data + 5); >>>> LIBSSH2_FREE(session, data); >>>> >>>> @@ -3145,6 +3160,7 @@ static int sftp_rmdir(LIBSSH2_SFTP *sftp, const char *path, >>>> >>>> sftp->rmdir_state = libssh2_NB_state_idle; >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> retcode = _libssh2_ntohu32(data + 5); >>>> LIBSSH2_FREE(session, data); >>>> >>>> @@ -3188,6 +3204,7 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >>>> ((stat_type == >>>> LIBSSH2_SFTP_SETSTAT) ? sftp_attrsize(attrs->flags) : 0); >>>> unsigned char *s, *data; >>>> + unsigned char *data_end; >>>> static const unsigned char stat_responses[2] = >>>> { SSH_FXP_ATTRS, SSH_FXP_STATUS }; >>>> int rc; >>>> @@ -3258,6 +3275,8 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >>>> >>>> sftp->stat_state = libssh2_NB_state_idle; >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> + >>>> if (data[0] == SSH_FXP_STATUS) { >>>> int retcode; >>>> >>>> @@ -3273,7 +3292,7 @@ static int sftp_stat(LIBSSH2_SFTP *sftp, const char *path, >>>> } >>>> >>>> memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); >>>> - sftp_bin2attr(attrs, data + 5); >>>> + sftp_bin2attr(attrs, data + 5, data + data_len); >>>> LIBSSH2_FREE(session, data); >>>> >>>> return 0; >>>> @@ -3389,6 +3408,8 @@ static int sftp_symlink(LIBSSH2_SFTP *sftp, const char *path, >>>> >>>> sftp->symlink_state = libssh2_NB_state_idle; >>>> >>>> + /* XXX ??? assert(data_len >= 5+4); XXX */ >>>> + >>>> if (data[0] == SSH_FXP_STATUS) { >>>> int retcode; >>>> >>>> @@ -3410,8 +3431,13 @@ static int sftp_symlink(LIBSSH2_SFTP *sftp, const char *path, >>>> "no name entries"); >>>> } >>>> >>>> + /* XXX ??? assert(data_len >= 5+4*2); XXX */ >>>> + >>>> /* this reads a u32 and stores it into a signed 32bit value */ >>>> link_len = _libssh2_ntohu32(data + 9); >>>> + >>>> + /* XXX ??? assert(data_len-(5+4*2) >= link_len); XXX */ >>>> + >>>> if (link_len < target_len) { >>>> memcpy(target, data + 13, link_len); >>>> target[link_len] = 0; >>>> diff --git a/src/sftp.h b/src/sftp.h >>>> index 2ed32ce..91fc0a7 100644 >>>> --- a/src/sftp.h >>>> +++ b/src/sftp.h >>>> @@ -122,6 +122,7 @@ struct _LIBSSH2_SFTP_HANDLE >>>> uint32_t names_left; >>>> void *names_packet; >>>> char *next_name; >>>> + char *names_end; >>>> } dir; >>>> } u; >>>> >>>> diff --git a/src/userauth.c b/src/userauth.c >>>> index cdfa25e..c799a40 100644 >>>> --- a/src/userauth.c >>>> +++ b/src/userauth.c >>>> @@ -69,6 +69,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, >>>> service(14)"ssh-connection" + method_len(4) = 27 */ >>>> unsigned long methods_len; >>>> unsigned char *s; >>>> + unsigned char *end; >>>> int rc; >>>> >>>> if (session->userauth_list_state == libssh2_NB_state_idle) { >>>> @@ -143,7 +144,18 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, >>>> return NULL; >>>> } >>>> >>>> + if (5 > session->userauth_list_data_len) { >>>> + /* XXX ??? XXX */ >>>> +userauth_packet_overrun: >>>> + LIBSSH2_FREE(session, session->userauth_list_data); >>>> + session->userauth_list_data = NULL; >>>> + session->userauth_list_state = libssh2_NB_state_idle; >>>> + return NULL; >>>> + } >>>> methods_len = _libssh2_ntohu32(session->userauth_list_data + 1); >>>> + if (methods_len > session->userauth_list_data_len - 5) { >>>> + goto userauth_packet_overrun; >>>> + } >>>> >>>> /* Do note that the memory areas overlap! */ >>>> memmove(session->userauth_list_data, session->userauth_list_data + 5, >>>> @@ -1561,6 +1573,7 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>>> LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback))) >>>> { >>>> unsigned char *s; >>>> + unsigned char *end; >>>> int rc; >>>> >>>> static const unsigned char reply_codes[4] = { >>>> @@ -1685,10 +1698,15 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>>> >>>> /* server requested PAM-like conversation */ >>>> s = session->userauth_kybd_data + 1; >>>> + end = session->userauth_kybd_data + session->userauth_kybd_data_len; >>>> >>>> /* string name (ISO-10646 UTF-8) */ >>>> + if (4 > end - s) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> session->userauth_kybd_auth_name_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (session->userauth_kybd_auth_name_len > (size_t)(end - s)) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> if(session->userauth_kybd_auth_name_len) { >>>> session->userauth_kybd_auth_name = >>>> LIBSSH2_ALLOC(session, >>>> @@ -1706,8 +1724,12 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>>> } >>>> >>>> /* string instruction (ISO-10646 UTF-8) */ >>>> + if (4 > end - s) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> session->userauth_kybd_auth_instruction_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (session->userauth_kybd_auth_instruction_len > (size_t)(end - s)) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> if(session->userauth_kybd_auth_instruction_len) { >>>> session->userauth_kybd_auth_instruction = >>>> LIBSSH2_ALLOC(session, >>>> @@ -1725,13 +1747,19 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>>> } >>>> >>>> /* string language tag (as defined in [RFC-3066]) */ >>>> + if (4 > end - s) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> language_tag_len = _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (language_tag_len > (size_t)(end - s)) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> >>>> /* ignoring this field as deprecated */ >>>> s += language_tag_len; >>>> >>>> /* int num-prompts */ >>>> + if (4 > end - s) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> session->userauth_kybd_num_prompts = _libssh2_ntohu32(s); >>>> s += 4; >>>> >>>> @@ -1760,9 +1788,13 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, >>>> >>>> for(i = 0; i < session->userauth_kybd_num_prompts; i++) { >>>> /* string prompt[1] (ISO-10646 UTF-8) */ >>>> + if (4 > end - s) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> session->userauth_kybd_prompts[i].length = >>>> _libssh2_ntohu32(s); >>>> s += 4; >>>> + if (session->userauth_kybd_prompts[i].length > (size_t)(end - s)) >>>> + goto cleanup; /* XXX ??? XXX */ >>>> session->userauth_kybd_prompts[i].text = >>>> LIBSSH2_CALLOC(session, >>>> session->userauth_kybd_prompts[i].length); > _______________________________________________ > libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel