Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp510691rwb; Wed, 16 Nov 2022 04:08:18 -0800 (PST) X-Google-Smtp-Source: AA0mqf7prSx0ykxvtyupID+Rgs7fy2j5wUOp3Wo3OAU3B+yuxbVqKS6QibWpBvZjn5VlxrPy+iGW X-Received: by 2002:a17:90a:8047:b0:213:1fcb:3ce1 with SMTP id e7-20020a17090a804700b002131fcb3ce1mr3428277pjw.58.1668600498188; Wed, 16 Nov 2022 04:08:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668600498; cv=none; d=google.com; s=arc-20160816; b=y35jFSeoonT8Rczm3MUmYs1emmtH5Zb/UjCdE4HakWuLm0vfL3Dkr9Kfw5njXspp/U +GWXdBdKZANSrzVyJLUa5z3HCnRiQa7TikhGIKrJf5FZqB/cucXgx9CKJ1mVyaegkKus A2+1Muz0tSQnPDs2YJU9BuVPCLMg1WFu2KyKm30HXDBVJMBEKhqoqtgceu41R0SAT3mF W1kwksOo2UTUo/ad7jxumsXxlKSU8NJ4IDexq4Km+Fi324h6ufITR1cQdHb9GSzvFI2H GAfNlZy2KZoTjVUQNCC+maGy9ssO7WaNu/1c5RKTbDfbJygMsLYl0gqXzRNOSxrw+wDH zEbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:date:message-id:dkim-signature; bh=wAEVeFdxDBO/Rsem4CsGzHXwZNtEBQnGixsdwYd9zJ4=; b=UKxt4B9+FsdEzj38uhYPGUzKRzTPzFE51LJFPzZZGA5AMoM0NTy44JQkwCwUzYr8XA F5ywlnonE2t+Dja+YBLOtqVIR3uRIYa6ZQ1zkrQPAsRce5uei6tu41OQZcmfyuQ+H4gH t9Ms3WaGhYZsi/hyT1DtqFFZkXc7999Uv/FRdPFA4oCH942mC6ECtLnlZWFBwrOUO/54 VRU7oNF6PaPiA7ooymeS6YUARv2dlSNH6M6bFmTkvEacWHaEhhiPsUYGQDvZpFC3t57L HthQSP35v4YEhzhy/GtLQiGSvKMIIFSsyZKT4s3doVEF78ZCbFJD9jQQBbzIjStcXHm9 KEHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=exOs+yda; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z30-20020a63191e000000b0041183daa0ffsi14684038pgl.761.2022.11.16.04.08.03; Wed, 16 Nov 2022 04:08:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=exOs+yda; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233110AbiKPMGN (ORCPT + 67 others); Wed, 16 Nov 2022 07:06:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48448 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229536AbiKPMFr (ORCPT ); Wed, 16 Nov 2022 07:05:47 -0500 Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E81C21BC for ; Wed, 16 Nov 2022 03:58:33 -0800 (PST) Received: by mail-pl1-x62b.google.com with SMTP id io19so16199292plb.8 for ; Wed, 16 Nov 2022 03:58:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=in-reply-to:from:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=wAEVeFdxDBO/Rsem4CsGzHXwZNtEBQnGixsdwYd9zJ4=; b=exOs+ydacJtTtrwrhsYlOc3WssEXqvq19hUz0nXJI5ctdqiwq1fBI/BZzU9xfF9aLu n1eZir6Z+pOI3fyunRfUxdPm11pgv3hw6/yIITGDS19JVAHgFrwkUNuZUHey+0erCY8g 11yVGgVvUAsZFQi9glCnKvXhPA623ptLK5Lbk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:from:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=wAEVeFdxDBO/Rsem4CsGzHXwZNtEBQnGixsdwYd9zJ4=; b=7uGLCKahtfdcvoNaxDa59xt5cS7fyo2lpy8kNT1KgSGar7Kfwy1U7sqJOCgA5Lct+6 zQplLJSO4hTs1lHSFAqoQMi+qHlslzGkm7rvzRvtUSTxtRDns9F6WO3auOVuuD+C3yw7 6p4i6CbhB+UWdu1NFK9AMdc0BKONlSKV+7U8fKmnQsPWcazXe81MPj8AQ43Ln51BKBQv sWeT7Rv4QO81OGwgFdVYRCOz9S52AeBWoCUKyIeGtlPAckAyFPs2iGnjgemrEU9p7Bul 8vFiu1Tpv/SiRXoK6jSp49PjE7v7jqUzHvfUrEbtwRbjKcj4JllYYTmK1l2ZfjK/nMvw tKXg== X-Gm-Message-State: ANoB5pm3bq/Q05mh6SASJlkxh7mi8fuqSSqhBZH2fM1W/2f2j/nh2b45 YwS/e6NBlpkNx9501LiI2bxnjw== X-Received: by 2002:a17:90a:e606:b0:218:f09:8759 with SMTP id j6-20020a17090ae60600b002180f098759mr3466377pjy.133.1668599912628; Wed, 16 Nov 2022 03:58:32 -0800 (PST) Received: from [192.168.178.136] (f215227.upc-f.chello.nl. [80.56.215.227]) by smtp.gmail.com with ESMTPSA id o17-20020a170902d4d100b0017305e99f00sm12032115plg.107.2022.11.16.03.58.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 16 Nov 2022 03:58:31 -0800 (PST) Message-ID: <176dd1b5-ee12-fa05-0aa6-e3e031087d6f@broadcom.com> Date: Wed, 16 Nov 2022 12:58:28 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.1 Subject: Re: [PATCH] wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads To: Minsuk Kang , linux-wireless@vger.kernel.org, aspriel@gmail.com Cc: dokyungs@yonsei.ac.kr, jisoo.jang@yonsei.ac.kr References: <20221111075346.136376-1-linuxlovemin@yonsei.ac.kr> From: Arend van Spriel In-Reply-To: <20221111075346.136376-1-linuxlovemin@yonsei.ac.kr> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000147e4905ed95311b" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org --000000000000147e4905ed95311b Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 11/11/2022 8:53 AM, Minsuk Kang wrote: > This patch fixes slab-out-of-bounds reads in brcmfmac that occur in > brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count > value of channel specifications provided by the device is greater than > the length of 'list->element[]', decided by the size of the 'list' > allocated with kzalloc(). The patch adds checks that make the functions > free the buffer and return -EINVAL if that is the case. Note that the > negative return is handled by the caller, brcmf_setup_wiphybands() or > brcmf_cfg80211_attach(). > > Found by a modified version of syzkaller. [snip] > Reported-by: Dokyung Song > Reported-by: Jisoo Jang > Reported-by: Minsuk Kang > Signed-off-by: Minsuk Kang > --- > .../broadcom/brcm80211/brcmfmac/cfg80211.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c > index ae9507dec74a..3a1c0743e19c 100644 > --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c > +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c > @@ -6840,6 +6840,13 @@ static int brcmf_construct_chaninfo(struct brcmf_cfg80211_info *cfg, > band->channels[i].flags = IEEE80211_CHAN_DISABLED; > > total = le32_to_cpu(list->count); > + if (total > BRCMF_DCMD_MEDLEN / sizeof(__le32) - 1) { Please add and use macro definition here: #define BRCMF_MAX_CHANSPEC_LIST (BRCMF_DCMD_MEDLEN / sizeof(__le32) - 1) > + bphy_err(drvr, "Invalid count of channel Spec. (%u)\n", > + total); > + err = -EINVAL; > + goto fail_pbuf; > + } > + > for (i = 0; i < total; i++) { > ch.chspec = (u16)le32_to_cpu(list->element[i]); > cfg->d11inf.decchspec(&ch); > @@ -6985,6 +6992,13 @@ static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg) > band = cfg_to_wiphy(cfg)->bands[NL80211_BAND_2GHZ]; > list = (struct brcmf_chanspec_list *)pbuf; > num_chan = le32_to_cpu(list->count); > + if (num_chan > BRCMF_DCMD_MEDLEN / sizeof(__le32) - 1) { ...and here. > + bphy_err(drvr, "Invalid count of channel Spec. (%u)\n", > + num_chan); > + kfree(pbuf); > + return -EINVAL; > + } > + > for (i = 0; i < num_chan; i++) { > ch.chspec = (u16)le32_to_cpu(list->element[i]); > cfg->d11inf.decchspec(&ch); --000000000000147e4905ed95311b Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQdwYJKoZIhvcNAQcCoIIQaDCCEGQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg3OMIIFDTCCA/WgAwIBAgIQeEqpED+lv77edQixNJMdADANBgkqhkiG9w0BAQsFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMDA5MTYwMDAwMDBaFw0yODA5MTYwMDAwMDBaMFsxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBS MyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vbCmXCcsbZ/a0fRIQMBxp4gJnnyeneFYpEtNydrZZ+GeKSMdHiDgXD1UnRSIudKo+moQ6YlCOu4t rVWO/EiXfYnK7zeop26ry1RpKtogB7/O115zultAz64ydQYLe+a1e/czkALg3sgTcOOcFZTXk38e aqsXsipoX1vsNurqPtnC27TWsA7pk4uKXscFjkeUE8JZu9BDKaswZygxBOPBQBwrA5+20Wxlk6k1 e6EKaaNaNZUy30q3ArEf30ZDpXyfCtiXnupjSK8WU2cK4qsEtj09JS4+mhi0CTCrCnXAzum3tgcH cHRg0prcSzzEUDQWoFxyuqwiwhHu3sPQNmFOMwIDAQABo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgGG MGAGA1UdJQRZMFcGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJ KwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcDBwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUljPR5lgXWzR1ioFWZNW+SN6hj88wHwYDVR0jBBgwFoAUj/BLf6guRSSu TVD6Y5qL3uLdG7wwegYIKwYBBQUHAQEEbjBsMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9i YWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j b20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5jb20vcm9vdC1yMy5jcmwwWgYDVR0gBFMwUTALBgkrBgEEAaAyASgwQgYKKwYBBAGgMgEo CjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAN BgkqhkiG9w0BAQsFAAOCAQEAdAXk/XCnDeAOd9nNEUvWPxblOQ/5o/q6OIeTYvoEvUUi2qHUOtbf jBGdTptFsXXe4RgjVF9b6DuizgYfy+cILmvi5hfk3Iq8MAZsgtW+A/otQsJvK2wRatLE61RbzkX8 9/OXEZ1zT7t/q2RiJqzpvV8NChxIj+P7WTtepPm9AIj0Keue+gS2qvzAZAY34ZZeRHgA7g5O4TPJ /oTd+4rgiU++wLDlcZYd/slFkaT3xg4qWDepEMjT4T1qFOQIL+ijUArYS4owpPg9NISTKa1qqKWJ jFoyms0d0GwOniIIbBvhI2MJ7BSY9MYtWVT5jJO3tsVHwj4cp92CSFuGwunFMzCCA18wggJHoAMC AQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v dCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5 MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+J J5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8u nPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTv riBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGj QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5N UPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigH M8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmU Y/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V 14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcy a5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/ XzCCBVYwggQ+oAMCAQICDE79bW6SMzVJMuOi1zANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMg UGVyc29uYWxTaWduIDIgQ0EgMjAyMDAeFw0yMjA5MTAxMTQzMjNaFw0yNTA5MTAxMTQzMjNaMIGV MQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxFjAU BgNVBAoTDUJyb2FkY29tIEluYy4xGTAXBgNVBAMTEEFyZW5kIFZhbiBTcHJpZWwxKzApBgkqhkiG 9w0BCQEWHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDxOB8Yu89pZLsG9Ic8ZY3uGibuv+NRsij+E70OMJQIwugrByyNq5xgH0BI22vJ LT7VKCB6YJC88ewEFfYi3EKW/sn6RL16ImUM40beDmQ12WBquJRoxVNyoByNalmTOBNYR95ZQZJw 1nrzaoJtK0XIsv0dNCUcLlAc+jHkngD+I0ptVuWoMO1BcJexqJf5iX2M1CdC8PXTh9g4FIQnG2mc 2Gzj3QNJRLsZu1TLyOyBBIr/BE7UiY3RabgRzknBGAPmzhS+fmyM8OtM5BYBsFBrSUFtZZO2p/tf Nbc24J2zf2peoZ8MK+7WQqummYlOnz+FyDkA9EybeNMcS5C+xi/PAgMBAAGjggHdMIIB2TAOBgNV HQ8BAf8EBAMCBaAwgaMGCCsGAQUFBwEBBIGWMIGTME4GCCsGAQUFBzAChkJodHRwOi8vc2VjdXJl Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2djY3IzcGVyc29uYWxzaWduMmNhMjAyMC5jcnQwQQYI KwYBBQUHMAGGNWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNwZXJzb25hbHNpZ24y Y2EyMDIwME0GA1UdIARGMEQwQgYKKwYBBAGgMgEoCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3 dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqG OGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NnY2NyM3BlcnNvbmFsc2lnbjJjYTIwMjAuY3Js MCcGA1UdEQQgMB6BHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wEwYDVR0lBAwwCgYIKwYB BQUHAwQwHwYDVR0jBBgwFoAUljPR5lgXWzR1ioFWZNW+SN6hj88wHQYDVR0OBBYEFIikAXd8CEtv ZbDflDRnf3tuStPuMA0GCSqGSIb3DQEBCwUAA4IBAQCdS5XCYx6k2GGZui9DlFsFm75khkqAU7rT zBX04sJU1+B1wtgmWTVIzW7ugdtDZ4gzaV0S9xRhpDErjJaltxPbCylb1DEsLj+AIvBR34caW6ZG sQk444t0HPb29HnWYj+OllIGMbdJWr0/P95ZrKk2bP24ub3ZP/8SyzrohfIba9WZKMq6g2nTLZE3 BtkeSGJx/8dy0h8YmRn+adOrxKXHxhSL8BNn8wsmIZyYWe6fRcBtO3Ks2DOLyHCdkoFlN8x9VUQF N2ulEgqCbRKkx+qNirW86eF138lr1gRxzclu/38ko//MmkAYR/+hP3WnBll7zbpIt0jc9wyFkSqH p8a1MYICbTCCAmkCAQEwazBbMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMgUGVyc29uYWxTaWduIDIgQ0EgMjAyMAIMTv1t bpIzNUky46LXMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCChT8h4he1yKBwQCfDi zo19LLJeb/QqBLs6GjqVlZYnzTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0yMjExMTYxMTU4MzJaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFl AwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzAL BglghkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAXhndF11nnqvXO5IUSqk4KhkmtNzCMvdNMR+i jx5E22ri1gLQSq43MGyxWdkaj/Pco/smKlWU3VMiD3FDs7iIFC12Hfbe5Q450AEReCKegeUU3ihb o3Y1LVmxmlOCsBwNofY19IxuJQa7nV47U2MS5JW7n5HmRUvA/hCIPx7FrVKeieiPIPiUWP+cNsw9 UPjO2AD7u6VPC0caXs9PBYXsqheN9Vul+r+N7ctr64zMxWKJopgDQRs58B1m3na/QAKeJXMIQBhI EchCTXywkgUyumr+Mk+QAX+XJ8NZ6ejoM6YnUe7dF0pTBWF7OvPQi4H44QT9mVVGYFxmq1Zj6yCO Gw== --000000000000147e4905ed95311b--