Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <7a566a14-9e33-5307-0ccb-051368f5f169@broadcom.com>
Date:   Wed, 16 Nov 2022 12:27:25 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.13.1
Subject: Re: [PATCH] wifi: brcmfmac: Check the count value of channel spec to
 prevent out-of-bounds reads
To:     Kalle Valo <kvalo@kernel.org>,
        Minsuk Kang <linuxlovemin@yonsei.ac.kr>
Cc:     linux-wireless@vger.kernel.org, aspriel@gmail.com,
        dokyungs@yonsei.ac.kr, jisoo.jang@yonsei.ac.kr
References: <20221111075346.136376-1-linuxlovemin@yonsei.ac.kr>
 <166859062890.16887.3852526152218508056.kvalo@kernel.org>
From:   Arend van Spriel <arend.vanspriel@broadcom.com>
In-Reply-To: <166859062890.16887.3852526152218508056.kvalo@kernel.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256;
        boundary="000000000000ee3b5b05ed94c1c0"
Precedence: bulk

--000000000000ee3b5b05ed94c1c0
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 11/16/2022 10:23 AM, Kalle Valo wrote:
> Minsuk Kang <linuxlovemin@yonsei.ac.kr> wrote:
> 
>> This patch fixes slab-out-of-bounds reads in brcmfmac that occur in
>> brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count
>> value of channel specifications provided by the device is greater than
>> the length of 'list->element[]', decided by the size of the 'list'
>> allocated with kzalloc(). The patch adds checks that make the functions
>> free the buffer and return -EINVAL if that is the case. Note that the
>> negative return is handled by the caller, brcmf_setup_wiphybands() or
>> brcmf_cfg80211_attach().
>>
>> Found by a modified version of syzkaller.
>>
>> Crash Report from brcmf_construct_chaninfo():
>> ==================================================================
>> BUG: KASAN: slab-out-of-bounds in brcmf_setup_wiphybands+0x1238/0x1430
>> Read of size 4 at addr ffff888115f24600 by task kworker/0:2/1896
>>
>> CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G        W  O      5.14.0+ #132
>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
>> Workqueue: usb_hub_wq hub_event
>> Call Trace:
>>   dump_stack_lvl+0x57/0x7d
>>   print_address_description.constprop.0.cold+0x93/0x334
>>   kasan_report.cold+0x83/0xdf
>>   brcmf_setup_wiphybands+0x1238/0x1430
>>   brcmf_cfg80211_attach+0x2118/0x3fd0
>>   brcmf_attach+0x389/0xd40
>>   brcmf_usb_probe+0x12de/0x1690
>>   usb_probe_interface+0x25f/0x710
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_set_configuration+0x984/0x1770
>>   usb_generic_driver_probe+0x69/0x90
>>   usb_probe_device+0x9c/0x220
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_new_device.cold+0x463/0xf66
>>   hub_event+0x10d5/0x3330
>>   process_one_work+0x873/0x13e0
>>   worker_thread+0x8b/0xd10
>>   kthread+0x379/0x450
>>   ret_from_fork+0x1f/0x30
>>
>> Allocated by task 1896:
>>   kasan_save_stack+0x1b/0x40
>>   __kasan_kmalloc+0x7c/0x90
>>   kmem_cache_alloc_trace+0x19e/0x330
>>   brcmf_setup_wiphybands+0x290/0x1430
>>   brcmf_cfg80211_attach+0x2118/0x3fd0
>>   brcmf_attach+0x389/0xd40
>>   brcmf_usb_probe+0x12de/0x1690
>>   usb_probe_interface+0x25f/0x710
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_set_configuration+0x984/0x1770
>>   usb_generic_driver_probe+0x69/0x90
>>   usb_probe_device+0x9c/0x220
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_new_device.cold+0x463/0xf66
>>   hub_event+0x10d5/0x3330
>>   process_one_work+0x873/0x13e0
>>   worker_thread+0x8b/0xd10
>>   kthread+0x379/0x450
>>   ret_from_fork+0x1f/0x30
>>
>> The buggy address belongs to the object at ffff888115f24000
>>   which belongs to the cache kmalloc-2k of size 2048
>> The buggy address is located 1536 bytes inside of
>>   2048-byte region [ffff888115f24000, ffff888115f24800)
>>
>> Memory state around the buggy address:
>>   ffff888115f24500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>   ffff888115f24580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>> ffff888115f24600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>>                     ^
>>   ffff888115f24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>>   ffff888115f24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>> ==================================================================
>>
>> Crash Report from brcmf_enable_bw40_2g():
>> ==================================================================
>> BUG: KASAN: slab-out-of-bounds in brcmf_cfg80211_attach+0x3d11/0x3fd0
>> Read of size 4 at addr ffff888103787600 by task kworker/0:2/1896
>>
>> CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G        W  O      5.14.0+ #132
>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
>> Workqueue: usb_hub_wq hub_event
>> Call Trace:
>>   dump_stack_lvl+0x57/0x7d
>>   print_address_description.constprop.0.cold+0x93/0x334
>>   kasan_report.cold+0x83/0xdf
>>   brcmf_cfg80211_attach+0x3d11/0x3fd0
>>   brcmf_attach+0x389/0xd40
>>   brcmf_usb_probe+0x12de/0x1690
>>   usb_probe_interface+0x25f/0x710
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_set_configuration+0x984/0x1770
>>   usb_generic_driver_probe+0x69/0x90
>>   usb_probe_device+0x9c/0x220
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_new_device.cold+0x463/0xf66
>>   hub_event+0x10d5/0x3330
>>   process_one_work+0x873/0x13e0
>>   worker_thread+0x8b/0xd10
>>   kthread+0x379/0x450
>>   ret_from_fork+0x1f/0x30
>>
>> Allocated by task 1896:
>>   kasan_save_stack+0x1b/0x40
>>   __kasan_kmalloc+0x7c/0x90
>>   kmem_cache_alloc_trace+0x19e/0x330
>>   brcmf_cfg80211_attach+0x3302/0x3fd0
>>   brcmf_attach+0x389/0xd40
>>   brcmf_usb_probe+0x12de/0x1690
>>   usb_probe_interface+0x25f/0x710
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_set_configuration+0x984/0x1770
>>   usb_generic_driver_probe+0x69/0x90
>>   usb_probe_device+0x9c/0x220
>>   really_probe+0x1be/0xa90
>>   __driver_probe_device+0x2ab/0x460
>>   driver_probe_device+0x49/0x120
>>   __device_attach_driver+0x18a/0x250
>>   bus_for_each_drv+0x123/0x1a0
>>   __device_attach+0x207/0x330
>>   bus_probe_device+0x1a2/0x260
>>   device_add+0xa61/0x1ce0
>>   usb_new_device.cold+0x463/0xf66
>>   hub_event+0x10d5/0x3330
>>   process_one_work+0x873/0x13e0
>>   worker_thread+0x8b/0xd10
>>   kthread+0x379/0x450
>>   ret_from_fork+0x1f/0x30
>>
>> The buggy address belongs to the object at ffff888103787000
>>   which belongs to the cache kmalloc-2k of size 2048
>> The buggy address is located 1536 bytes inside of
>>   2048-byte region [ffff888103787000, ffff888103787800)
>>
>> Memory state around the buggy address:
>>   ffff888103787500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>   ffff888103787580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>> ffff888103787600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>>                     ^
>>   ffff888103787680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>>   ffff888103787700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>> ==================================================================
>>
>> Reported-by: Dokyung Song <dokyungs@yonsei.ac.kr>
>> Reported-by: Jisoo Jang <jisoo.jang@yonsei.ac.kr>
>> Reported-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
>> Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
> 
> Can someone review this, please?

Missed this one, but I will have a look now.

Regards,
Arend

--000000000000ee3b5b05ed94c1c0
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIIQdwYJKoZIhvcNAQcCoIIQaDCCEGQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg
gg3OMIIFDTCCA/WgAwIBAgIQeEqpED+lv77edQixNJMdADANBgkqhkiG9w0BAQsFADBMMSAwHgYD
VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE
AxMKR2xvYmFsU2lnbjAeFw0yMDA5MTYwMDAwMDBaFw0yODA5MTYwMDAwMDBaMFsxCzAJBgNVBAYT
AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBS
MyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
vbCmXCcsbZ/a0fRIQMBxp4gJnnyeneFYpEtNydrZZ+GeKSMdHiDgXD1UnRSIudKo+moQ6YlCOu4t
rVWO/EiXfYnK7zeop26ry1RpKtogB7/O115zultAz64ydQYLe+a1e/czkALg3sgTcOOcFZTXk38e
aqsXsipoX1vsNurqPtnC27TWsA7pk4uKXscFjkeUE8JZu9BDKaswZygxBOPBQBwrA5+20Wxlk6k1
e6EKaaNaNZUy30q3ArEf30ZDpXyfCtiXnupjSK8WU2cK4qsEtj09JS4+mhi0CTCrCnXAzum3tgcH
cHRg0prcSzzEUDQWoFxyuqwiwhHu3sPQNmFOMwIDAQABo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgGG
MGAGA1UdJQRZMFcGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJ
KwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcDBwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUljPR5lgXWzR1ioFWZNW+SN6hj88wHwYDVR0jBBgwFoAUj/BLf6guRSSu
TVD6Y5qL3uLdG7wwegYIKwYBBQUHAQEEbjBsMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9i
YWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j
b20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5jb20vcm9vdC1yMy5jcmwwWgYDVR0gBFMwUTALBgkrBgEEAaAyASgwQgYKKwYBBAGgMgEo
CjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAN
BgkqhkiG9w0BAQsFAAOCAQEAdAXk/XCnDeAOd9nNEUvWPxblOQ/5o/q6OIeTYvoEvUUi2qHUOtbf
jBGdTptFsXXe4RgjVF9b6DuizgYfy+cILmvi5hfk3Iq8MAZsgtW+A/otQsJvK2wRatLE61RbzkX8
9/OXEZ1zT7t/q2RiJqzpvV8NChxIj+P7WTtepPm9AIj0Keue+gS2qvzAZAY34ZZeRHgA7g5O4TPJ
/oTd+4rgiU++wLDlcZYd/slFkaT3xg4qWDepEMjT4T1qFOQIL+ijUArYS4owpPg9NISTKa1qqKWJ
jFoyms0d0GwOniIIbBvhI2MJ7BSY9MYtWVT5jJO3tsVHwj4cp92CSFuGwunFMzCCA18wggJHoAMC
AQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v
dCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5
MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB
IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E
XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+J
J5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8u
nPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTv
riBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGj
QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5N
UPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigH
M8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmU
Y/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V
14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcy
a5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/
XzCCBVYwggQ+oAMCAQICDE79bW6SMzVJMuOi1zANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJC
RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMg
UGVyc29uYWxTaWduIDIgQ0EgMjAyMDAeFw0yMjA5MTAxMTQzMjNaFw0yNTA5MTAxMTQzMjNaMIGV
MQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxFjAU
BgNVBAoTDUJyb2FkY29tIEluYy4xGTAXBgNVBAMTEEFyZW5kIFZhbiBTcHJpZWwxKzApBgkqhkiG
9w0BCQEWHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDxOB8Yu89pZLsG9Ic8ZY3uGibuv+NRsij+E70OMJQIwugrByyNq5xgH0BI22vJ
LT7VKCB6YJC88ewEFfYi3EKW/sn6RL16ImUM40beDmQ12WBquJRoxVNyoByNalmTOBNYR95ZQZJw
1nrzaoJtK0XIsv0dNCUcLlAc+jHkngD+I0ptVuWoMO1BcJexqJf5iX2M1CdC8PXTh9g4FIQnG2mc
2Gzj3QNJRLsZu1TLyOyBBIr/BE7UiY3RabgRzknBGAPmzhS+fmyM8OtM5BYBsFBrSUFtZZO2p/tf
Nbc24J2zf2peoZ8MK+7WQqummYlOnz+FyDkA9EybeNMcS5C+xi/PAgMBAAGjggHdMIIB2TAOBgNV
HQ8BAf8EBAMCBaAwgaMGCCsGAQUFBwEBBIGWMIGTME4GCCsGAQUFBzAChkJodHRwOi8vc2VjdXJl
Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2djY3IzcGVyc29uYWxzaWduMmNhMjAyMC5jcnQwQQYI
KwYBBQUHMAGGNWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNwZXJzb25hbHNpZ24y
Y2EyMDIwME0GA1UdIARGMEQwQgYKKwYBBAGgMgEoCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3
dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqG
OGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NnY2NyM3BlcnNvbmFsc2lnbjJjYTIwMjAuY3Js
MCcGA1UdEQQgMB6BHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wEwYDVR0lBAwwCgYIKwYB
BQUHAwQwHwYDVR0jBBgwFoAUljPR5lgXWzR1ioFWZNW+SN6hj88wHQYDVR0OBBYEFIikAXd8CEtv
ZbDflDRnf3tuStPuMA0GCSqGSIb3DQEBCwUAA4IBAQCdS5XCYx6k2GGZui9DlFsFm75khkqAU7rT
zBX04sJU1+B1wtgmWTVIzW7ugdtDZ4gzaV0S9xRhpDErjJaltxPbCylb1DEsLj+AIvBR34caW6ZG
sQk444t0HPb29HnWYj+OllIGMbdJWr0/P95ZrKk2bP24ub3ZP/8SyzrohfIba9WZKMq6g2nTLZE3
BtkeSGJx/8dy0h8YmRn+adOrxKXHxhSL8BNn8wsmIZyYWe6fRcBtO3Ks2DOLyHCdkoFlN8x9VUQF
N2ulEgqCbRKkx+qNirW86eF138lr1gRxzclu/38ko//MmkAYR/+hP3WnBll7zbpIt0jc9wyFkSqH
p8a1MYICbTCCAmkCAQEwazBbMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
YTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMgUGVyc29uYWxTaWduIDIgQ0EgMjAyMAIMTv1t
bpIzNUky46LXMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCCfOGwzSUHfeZMsNvwh
4H8AUFYxBBhwlFy2APKniTgMZjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
BTEPFw0yMjExMTYxMTI3MjhaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFl
AwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzAL
BglghkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAlllqrRsrkaIwI8lFWHVRX/3DfIqn5MCLesa2
F15fSRKyTuk4KAIQHjsJh3kkYIb/uW3QLE9AYjBwVDI0rc7O+1YIYCakMlOtf6n3h9qFbRZ5EOfz
O6hnmKSctz3XL5ofYc9+QtHkoZKtDTEIZjKsnSg3w9KuSNFk88ZHOjgexQJS9U+USJ8yuxYlvqrJ
/2r1JWGefmsZITvBNSoEPl2+M3p67ZoQjyx7bIXT4OBUx0c1OZD0DEwrcKRElvMxYtHLO9Y8PNac
b6H4nnenNEU9ngboivZBUA8GbxVP5KHAW+Tpp4IzbMx+uJpEImx/gcKHAb/Al9nFq5hkDuGtT2aC
JA==
--000000000000ee3b5b05ed94c1c0--