Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp28374393rwd; Tue, 4 Jul 2023 18:41:56 -0700 (PDT) X-Google-Smtp-Source: APBJJlEQ0GJngLL6bMsECczBnB8P7A2EmakzLreAfwWAf2Fw++DgSE3JqK2hCNG/wy32djjyWYCT X-Received: by 2002:a17:902:f68d:b0:1b6:af1a:7dd3 with SMTP id l13-20020a170902f68d00b001b6af1a7dd3mr13557185plg.23.1688521315927; Tue, 04 Jul 2023 18:41:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688521315; cv=none; d=google.com; s=arc-20160816; b=HD+SkTDTUlj8gl3ZOxmyuQMoR4EumDp9MLDK+lWmAJ0OWrcl5K034cfYlfVHFavHWl tCUdUceVEgwEm3CTGtnn8ffMWh9XC4V9MB4Jke2BnUhl7HFIyTE2Vj0DeGk3/+Ss8RPc 8iKmIJLZEHx0+ZxBRQKPbVdDHDkCJ3kIVL+tm+UC1FEaf4bM4qu6JazhyXcuqZoBWAsm 2Vzhokd3qmNrsI+D1bFeSdNkI8jV40ZKp3pgSyPfTs/nwsV40bP0CBhXi8Gy94Hal1VS q9lYO7A5N4NkrYSdo/rrMHROGst9SAiJOpM+riS2+GcpkkKNjZzGS5Ders7uy9TcMqgH iNJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=kpbowxm69YZmMWoNEGdziSl10Dw58zu3jSN67Mk4rqA=; fh=+aPSpm+T+pvdzVeseZpR3QIe2lpKwAOaupe2QsW7zNM=; b=YPMUxpSHJF2OJF5vLM5oRrzdeodk+p833k0R6kqKrZBGMXfWrD78simBfz9GLTue9L QYx14Wkm4SbQgvE1sa7tIBH03oc9yfyI12FOWAcWsMJKd1dgkkMHd7V/CiYiSECaXzQt iXgqwHlpagsx4F/o58wizetw3TxvcM5a44c+Zi6zX/ANGCoePOG0PHhAwgQ0mWANsf3z NjKL1tvWBVFCq5c4rMhdMqjnkSpla2PDY4tIjLtWWnjIYhWiRu+fd1gNP+SlILKBUw8Y Dviyy2AWR5Iy5DlFUoU0+/bAcz48DuLA45Z3S3vM74PHEdMK61pzThkYuSgB8jAzsPtK UzvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=H54g4VSA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bj2-20020a170902850200b001b69661e849si20307775plb.469.2023.07.04.18.41.42; Tue, 04 Jul 2023 18:41:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=H54g4VSA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231288AbjGEAnS (ORCPT + 99 others); Tue, 4 Jul 2023 20:43:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229512AbjGEAnR (ORCPT ); Tue, 4 Jul 2023 20:43:17 -0400 Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D3171B6 for ; Tue, 4 Jul 2023 17:43:16 -0700 (PDT) Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-7659924cd9bso654895785a.1 for ; Tue, 04 Jul 2023 17:43:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1688517795; x=1691109795; h=in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:from:to:cc:subject:date:message-id:reply-to; bh=kpbowxm69YZmMWoNEGdziSl10Dw58zu3jSN67Mk4rqA=; b=H54g4VSAzsncwOgxqrzEhDIdDH9OyjI+0hOg7aTvnVSR1PPxit4B715IkgvT1CP0gL VWf0jqVBQtIWXfNm4zgG5j0u6SD6p1WhAyiL9Rfr2ClqVolB616AAK28nRfdBt5UZPB7 7EJ57/9zfyIa/82KpgC/w1UrmnVWJ/6gWVnRQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688517795; x=1691109795; h=in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kpbowxm69YZmMWoNEGdziSl10Dw58zu3jSN67Mk4rqA=; b=J9+1L47nSP7FjZbwuHBQzQWLgXtR5G0Oy/BfM27bGS6DzQ4EvF1c7Y52qSJev/Vkp8 18nq9p9uituOkR7guSXOhytoHAIWwNkYz4t6aXl6QmTKJ7gkCkqYwBo7B2XlyuKn3oBv gAdVbSzJKdq2UuwzRmnmLYGLGBKR9dcSitUXKYMPCIPiCoQPkxEESr41v8tntvxtdq9f v5LAn5Pxjw78jgOQOnK8lIFQ4oyhYwbq+kQBE8I4xmvSkcEDcKKp0iYu2lRLxHmASgNL XfurXrAXfaTQMvB8AOsIqbAuFGdlJNvl5385XPdOS+poc1h3/hRfEJ6XEpGblyCnin+q 3HXA== X-Gm-Message-State: ABy/qLbRouuzC+l9KLy1O9IBZSXbXR8uEq4FyjSCeRJrV3rRV/qme22W l2Wx9CsTwkG0+TUrZfZHKT0t0Q== X-Received: by 2002:a05:620a:2989:b0:765:4e03:b136 with SMTP id r9-20020a05620a298900b007654e03b136mr19263552qkp.53.1688517795322; Tue, 04 Jul 2023 17:43:15 -0700 (PDT) Received: from bcacpedev-irv-3.lvn.broadcom.net ([192.19.161.250]) by smtp.gmail.com with ESMTPSA id l24-20020a62be18000000b006829ef1e179sm2666320pff.99.2023.07.04.17.43.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Jul 2023 17:43:13 -0700 (PDT) Subject: Re: [PATCH v3 4/5] mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write To: Miquel Raynal Cc: Broadcom Kernel List , Linux MTD List , f.fainelli@gmail.com, rafal@milecki.pl, kursad.oney@broadcom.com, joel.peshkin@broadcom.com, computersforpeace@gmail.com, anand.gore@broadcom.com, dregan@mail.com, kamal.dasu@broadcom.com, tomer.yacoby@broadcom.com, dan.beygelman@broadcom.com, Florian Fainelli , linux-kernel@vger.kernel.org, Vignesh Raghavendra , Richard Weinberger , Kamal Dasu References: <20230627193738.19596-1-william.zhang@broadcom.com> <20230627193738.19596-5-william.zhang@broadcom.com> <20230704172817.02e4cdb8@xps-13> From: William Zhang Message-ID: <5aa6cb07-eec9-d448-95d7-3a5591874d02@broadcom.com> Date: Tue, 4 Jul 2023 17:43:12 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20230704172817.02e4cdb8@xps-13> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000006793cd05ffb2afbe" X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --0000000000006793cd05ffb2afbe Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Hi Miquel, On 07/04/2023 08:28 AM, Miquel Raynal wrote: > Hi William, > > william.zhang@broadcom.com wrote on Tue, 27 Jun 2023 12:37:37 -0700: > >> When the oob buffer length is not in multiple of words, the oob write >> function does out-of-bounds read on the oob source buffer at the last >> iteration. Fix that by always checking length limit on the oob buffer >> read and fill with 0xff when reaching the end of the buffer to the oob >> registers. >> >> Fixes: 27c5b17cd1b1 ("mtd: nand: add NAND driver "library" for Broadcom STB NAND controller") > > Wrong Fixes. Same here. The function write_oob_to_regs was added by this commit and no change since then. > > Missing Cc stable. Will add > >> Signed-off-by: William Zhang >> Reviewed-by: Florian Fainelli >> >> --- >> >> Changes in v3: >> - Fix kernel test robot sparse warning: >> drivers/mtd/nand/raw/brcmnand/brcmnand.c:1500:54: sparse: expected unsigned int [usertype] data >> drivers/mtd/nand/raw/brcmnand/brcmnand.c:1500:54: sparse: got restricted __be32 [usertype] >> >> Changes in v2: >> - Handle the remaining unaligned oob data after the oob data write loop >> >> drivers/mtd/nand/raw/brcmnand/brcmnand.c | 13 +++++++++++-- >> 1 file changed, 11 insertions(+), 2 deletions(-) >> >> diff --git a/drivers/mtd/nand/raw/brcmnand/brcmnand.c b/drivers/mtd/nand/raw/brcmnand/brcmnand.c >> index ea03104692bf..407bf79cbaf4 100644 >> --- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c >> +++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c >> @@ -1477,19 +1477,28 @@ static int write_oob_to_regs(struct brcmnand_controller *ctrl, int i, >> const u8 *oob, int sas, int sector_1k) >> { >> int tbytes = sas << sector_1k; >> - int j; >> + int j, k = 0; >> + u32 last = 0xffffffff; >> + u8 *plast = (u8 *)&last; >> >> /* Adjust OOB values for 1K sector size */ >> if (sector_1k && (i & 0x01)) >> tbytes = max(0, tbytes - (int)ctrl->max_oob); >> tbytes = min_t(int, tbytes, ctrl->max_oob); >> >> - for (j = 0; j < tbytes; j += 4) >> + for (j = 0; (j + 3) < tbytes; j += 4) > > Maybe a comment here as well to mention that you stop at the last > iteration? Otherwise, just reading the line does not make you choice > obvious. > Will add comment. >> oob_reg_write(ctrl, j, >> (oob[j + 0] << 24) | >> (oob[j + 1] << 16) | >> (oob[j + 2] << 8) | >> (oob[j + 3] << 0)); >> + >> + while (j < tbytes) >> + plast[k++] = oob[j++]; >> + >> + if (tbytes & 0x3) >> + oob_reg_write(ctrl, (tbytes & ~0x3), (__force u32)cpu_to_be32(last)); >> + >> return tbytes; >> } >> > > > Thanks, > Miquèl > --0000000000006793cd05ffb2afbe Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQcAYJKoZIhvcNAQcCoIIQYTCCEF0CAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg3HMIIFDTCCA/WgAwIBAgIQeEqpED+lv77edQixNJMdADANBgkqhkiG9w0BAQsFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMDA5MTYwMDAwMDBaFw0yODA5MTYwMDAwMDBaMFsxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBS MyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vbCmXCcsbZ/a0fRIQMBxp4gJnnyeneFYpEtNydrZZ+GeKSMdHiDgXD1UnRSIudKo+moQ6YlCOu4t rVWO/EiXfYnK7zeop26ry1RpKtogB7/O115zultAz64ydQYLe+a1e/czkALg3sgTcOOcFZTXk38e aqsXsipoX1vsNurqPtnC27TWsA7pk4uKXscFjkeUE8JZu9BDKaswZygxBOPBQBwrA5+20Wxlk6k1 e6EKaaNaNZUy30q3ArEf30ZDpXyfCtiXnupjSK8WU2cK4qsEtj09JS4+mhi0CTCrCnXAzum3tgcH cHRg0prcSzzEUDQWoFxyuqwiwhHu3sPQNmFOMwIDAQABo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgGG MGAGA1UdJQRZMFcGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJ KwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcDBwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUljPR5lgXWzR1ioFWZNW+SN6hj88wHwYDVR0jBBgwFoAUj/BLf6guRSSu TVD6Y5qL3uLdG7wwegYIKwYBBQUHAQEEbjBsMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9i YWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j b20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5jb20vcm9vdC1yMy5jcmwwWgYDVR0gBFMwUTALBgkrBgEEAaAyASgwQgYKKwYBBAGgMgEo CjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAN BgkqhkiG9w0BAQsFAAOCAQEAdAXk/XCnDeAOd9nNEUvWPxblOQ/5o/q6OIeTYvoEvUUi2qHUOtbf jBGdTptFsXXe4RgjVF9b6DuizgYfy+cILmvi5hfk3Iq8MAZsgtW+A/otQsJvK2wRatLE61RbzkX8 9/OXEZ1zT7t/q2RiJqzpvV8NChxIj+P7WTtepPm9AIj0Keue+gS2qvzAZAY34ZZeRHgA7g5O4TPJ /oTd+4rgiU++wLDlcZYd/slFkaT3xg4qWDepEMjT4T1qFOQIL+ijUArYS4owpPg9NISTKa1qqKWJ jFoyms0d0GwOniIIbBvhI2MJ7BSY9MYtWVT5jJO3tsVHwj4cp92CSFuGwunFMzCCA18wggJHoAMC AQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v dCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5 MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+J J5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8u nPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTv riBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGj QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5N UPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigH M8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmU Y/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V 14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcy a5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/ XzCCBU8wggQ3oAMCAQICDDG6HZcbcVdEvVYk4TANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMg UGVyc29uYWxTaWduIDIgQ0EgMjAyMDAeFw0yMjA5MTAxMTMxNDVaFw0yNTA5MTAxMTMxNDVaMIGQ MQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxFjAU BgNVBAoTDUJyb2FkY29tIEluYy4xFjAUBgNVBAMTDVdpbGxpYW0gWmhhbmcxKTAnBgkqhkiG9w0B CQEWGndpbGxpYW0uemhhbmdAYnJvYWRjb20uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAyKF+RmY29Wvfmfe3L8J4rZNmBIvRmrWKI5td5L0vlpPMCEzUkVhBdL2N9cDP0rPScvWL CX/9cI1a2BUy/6/ZT5j9PhcUn6A3kwKFGukLY2itfKaDrP3ANVJGhBXPVJ6sx55GF41PkiL2EMnY 7LJGNpl9WHYrw8VqtRediPyXq8M6ZWGPZWxygsE6y1pOkEk9qLpvXTb2Epxk2JWcQFZQCDWVULue YDZuuBJwnyCzevMoPtVYPharioL5H3BRnQi8YoTXH7/uRo33dewYFm474yFjwwnt82TFtveVZkVq 6h4WIQ4wTcwFfET8zMkELnGzS5SHCl8sPD+lNxxJ1JDZYwIDAQABo4IB2zCCAdcwDgYDVR0PAQH/ BAQDAgWgMIGjBggrBgEFBQcBAQSBljCBkzBOBggrBgEFBQcwAoZCaHR0cDovL3NlY3VyZS5nbG9i YWxzaWduLmNvbS9jYWNlcnQvZ3NnY2NyM3BlcnNvbmFsc2lnbjJjYTIwMjAuY3J0MEEGCCsGAQUF BzABhjVodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9nc2djY3IzcGVyc29uYWxzaWduMmNhMjAy MDBNBgNVHSAERjBEMEIGCisGAQQBoDIBKAowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRw Oi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNwZXJzb25hbHNpZ24yY2EyMDIwLmNybDAlBgNV HREEHjAcgRp3aWxsaWFtLnpoYW5nQGJyb2FkY29tLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDBDAf BgNVHSMEGDAWgBSWM9HmWBdbNHWKgVZk1b5I3qGPzzAdBgNVHQ4EFgQUq65GzwZxydFHjjYEU/9h xHhPWlwwDQYJKoZIhvcNAQELBQADggEBAA2hGG3JPAdGPH0ZdohGUCIVjKz+U+EFuIDbS6A/5jqX VhYAxZlzj7tSjUIM7G7IhyfqPC46GKJ/4x+Amz1Z6YxNGy71L68kYD6hIbBcA5AM42QBUufly6Oa /ppSz3WoflVyFFQ5YXniZ+eU+2/cdnYZg4aVUnFjimOF5o3NfMLzOkhQNxbaDjFUfUYD8hKmU6v4 0vUBj8KZ9Gi1LIagLKUREn8jku0lcLsRbnJ5Ey5ScajC/FESPyYWasOW8j8/1EoJksmhbYGKNS6C urb/KlmDGfVrIRYDbL0ckhGQIP5c6L+kSQZ2sHnQK0e0WgIaZYxaPYeY5u0GLCOze+3vyRMxggJt MIICaQIBATBrMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYD VQQDEyhHbG9iYWxTaWduIEdDQyBSMyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwAgwxuh2XG3FXRL1W JOEwDQYJYIZIAWUDBAIBBQCggdQwLwYJKoZIhvcNAQkEMSIEIGZ8kIypyAAGpfv7013kBGmIZZ1C +Y/KIT6CuI10W9tAMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIz MDcwNTAwNDMxNVowaQYJKoZIhvcNAQkPMVwwWjALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG CWCGSAFlAwQBAjAKBggqhkiG9w0DBzALBgkqhkiG9w0BAQowCwYJKoZIhvcNAQEHMAsGCWCGSAFl AwQCATANBgkqhkiG9w0BAQEFAASCAQCyXdwLRLWS6b+zbSq8Vnn/hxRIi++67qwNQt3m7xuECLkw qigS2o0xfWHKMO5hDIoeccsjTWt5DjEb7eZOnaZBqrIjpz++qDIoD4CrQammyS/Lbz029x0y4Glr qpxdl6LRAZ2WbYniLdt/RTfnPiFy3+18/IqCNGpouuw1cc/W7GBg7b/upI14MwxOVSfg8yeterIb lQ4WE+iAnDBOJTyQq4NOjfzm6P28fFIRP+nHs5IlJBlh6AZiwTq1VVfGjU4yFd8Ql7+54PSIayNf SwhLSb6Q2DkgOkKqDzEzxYPu8uA77QoQKp0h8Rbm9b7SfvVNBNUFX1Wq8SoNWEWBUFfu --0000000000006793cd05ffb2afbe--