Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp2213343rdf; Mon, 6 Nov 2023 07:48:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IHaKkbU4Uu/BB+CRJtKu/yIIQ0V7H5ACEgrBH02E6xkQixmFDH2mbtbk3PbEC+d/p7Xop4H X-Received: by 2002:a17:90b:1894:b0:274:6839:6a8c with SMTP id mn20-20020a17090b189400b0027468396a8cmr22749291pjb.6.1699285709730; Mon, 06 Nov 2023 07:48:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699285709; cv=none; d=google.com; s=arc-20160816; b=PJIfkXDO5R8j0OLpq8WdFz7M4o5tjm0HN+ip2MgSJrf+hL/G9QkpS8ONVFLmvd/v1Z ObPjq9FTz55uaw+3c1ugFiCOuPUS2Mopg3XWrL5WfyQi5+j+d5fGPxUSk1DPiDoj4lqt cqTb/oOJbHyYSzYht4JLCS0sywquRn4QV9Hqf/2ZBBPW8EGjpPCa6EMLn/LciwJT38jZ g7B3dExepa/C2ejY9q7xLXGAB+JG+8LKqSEFN2Dx/UACK0xRJdkB+Jg++XPlmao2nRp2 C7NiVux8uXTItUFMOkIw4Jx4AQQKyC66IECKIo0U0Dw8pQKQLpE6hWPQRiNmJgTWWUD0 Mqlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:subject:user-agent:references :in-reply-to:message-id:date:cc:to:from:dkim-signature; bh=b/P3INIPambw78s/0yUwcWjLIUxJsqqUxdC4MF0mo3w=; fh=YwAE+9XMO2KgnyjsvWYwGFEOq9QOM9FLsd9lunBZWl8=; b=FZJ+dstpIdkpoy6yG+EYBIu3IPtqorhTIpSYH2dzkIhLiYhvE4E+kr/1Ii1mIyc5X+ U0IKufe2zs8rcudMwUxQ9Ei3aaUxlDGFJtRSPYCsDgaPxrZX7Y4aHwNwNnQToURu7+IH nddAF2pBoK+vjD5feHVSVYIAhVfj/bCgJqPze0WhZj2PGuJs0aFKoUi8QRiHGyYCXsWE GWZGegbmrAjRm6EF++G/Y46+m+lAS55O5ri2FYDBpdlZhPCH5jaQcO1WVTMXnTKUJp0p KgD6LRF4lpKOKjfdxszOPZydHrJ3Xi20dXt+vODw6GUGIq2gdH2K9dCZJKLkVEH3Fg8u 3K3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=Tad8rRl1; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id c7-20020a17090abf0700b00271ae22eea7si8441204pjs.117.2023.11.06.07.48.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Nov 2023 07:48:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=Tad8rRl1; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 681B78025D03; Mon, 6 Nov 2023 07:48:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231929AbjKFPs2 (ORCPT + 56 others); Mon, 6 Nov 2023 10:48:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230499AbjKFPs1 (ORCPT ); Mon, 6 Nov 2023 10:48:27 -0500 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AE83107 for ; Mon, 6 Nov 2023 07:48:24 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-9dd6dc9c00cso419678166b.3 for ; Mon, 06 Nov 2023 07:48:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1699285703; x=1699890503; darn=vger.kernel.org; h=mime-version:subject:user-agent:references:in-reply-to:message-id :date:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=b/P3INIPambw78s/0yUwcWjLIUxJsqqUxdC4MF0mo3w=; b=Tad8rRl1S4Ti26THP92v8vD49wn9G6TcRAX9AnVJc/9b7R+eoaLBW/wRGlAsmr1waF PacMzLI9Y74oH6XYCqTcTXxwtiHrBJjukJJtK5CDayikXVwUdGm+TFCpCf2qb1O7xUs6 Drg+svTU5fJqiTagzMbDpOus1IEmCjbhCkHEI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699285703; x=1699890503; h=mime-version:subject:user-agent:references:in-reply-to:message-id :date:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=b/P3INIPambw78s/0yUwcWjLIUxJsqqUxdC4MF0mo3w=; b=I0bJJw9UZIkPl2bTOiD1+WBlTobKGA38r3WUehRvd0IH/kmoLrrhhm1UX49zoKIaeR Hx+ctIivRd3dZ7g9NmvWzqMHAA/kNqt7q0QBYULmxPUv781TX64nsAE8LxZAkInjr6IQ G/4CFRrDJHz+VI7V+fgySZwnuDnRMNacuNxvCuQjV7j+OkI8gHJThJ2o56M5Z1+cxI7T K+S6g7FXsnJgJt7vLdP6xypTGfpC63JcBr16hx9UoZ/X/jpe94j7EneKRBU2mqsElqGJ fT/o+7gzmh/g3VCxY7fL/UIMT2U0GWIQB+UbujePdNHuRAexOWimYKii+4Lv7FPm7ZMt vNLQ== X-Gm-Message-State: AOJu0Yz6j9wc7QIEZKA2R9r3ki5qLZtpAywmGHr+TMYgb3P2uICEyWUz h/OUMsTULum1HH7sA31qa9piBw== X-Received: by 2002:a17:907:969f:b0:9be:466c:1824 with SMTP id hd31-20020a170907969f00b009be466c1824mr14276225ejc.11.1699285702666; Mon, 06 Nov 2023 07:48:22 -0800 (PST) Received: from [192.168.178.38] (f215227.upc-f.chello.nl. [80.56.215.227]) by smtp.gmail.com with ESMTPSA id n4-20020a170906378400b009c764341f74sm4250097ejc.71.2023.11.06.07.48.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2023 07:48:21 -0800 (PST) From: Arend Van Spriel To: Zheng Hacker , Kalle Valo CC: Zheng Wang , , , , , , , , , , , , , , , Date: Mon, 06 Nov 2023 16:48:20 +0100 Message-ID: <18ba5520da0.279b.9b12b7fc0a3841636cfb5e919b41b954@broadcom.com> In-Reply-To: References: <20231106141704.866455-1-zyytlz.wz@163.com> <87o7g7ueom.fsf@kernel.org> User-Agent: AquaMail/1.47.0 (build: 104700356) Subject: Re: [PATCH v5] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000b2da9006097dc8d1" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 06 Nov 2023 07:48:28 -0800 (PST) --000000000000b2da9006097dc8d1 Content-Type: text/plain; format=flowed; charset="UTF-8" Content-Transfer-Encoding: 8bit On November 6, 2023 3:44:53 PM Zheng Hacker wrote: > Thanks! I didn't test it for I don't have a device. Very appreciated > if anyone could help with that. I would volunteer, but it made me dig deep and not sure if there is a problem to solve here. brcmf_cfg80211_detach() calls wl_deinit_priv() -> brcmf_abort_scanning() -> brcmf_notify_escan_complete() which does delete the timer. What am I missing here? Regards, Arend > > Kalle Valo 于2023年11月6日周一 22:41写道: >> >> Zheng Wang writes: >> >>> This is the candidate patch of CVE-2023-47233 : >>> https://nvd.nist.gov/vuln/detail/CVE-2023-47233 >>> >>> In brcm80211 driver,it starts with the following invoking chain >>> to start init a timeout worker: >>> >>> ->brcmf_usb_probe >>> ->brcmf_usb_probe_cb >>> ->brcmf_attach >>> ->brcmf_bus_started >>> ->brcmf_cfg80211_attach >>> ->wl_init_priv >>> ->brcmf_init_escan >>> ->INIT_WORK(&cfg->escan_timeout_work, >>> brcmf_cfg80211_escan_timeout_worker); >>> >>> If we disconnect the USB by hotplug, it will call >>> brcmf_usb_disconnect to make cleanup. The invoking chain is : >>> >>> brcmf_usb_disconnect >>> ->brcmf_usb_disconnect_cb >>> ->brcmf_detach >>> ->brcmf_cfg80211_detach >>> ->kfree(cfg); >>> >>> While the timeout woker may still be running. This will cause >>> a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker. >>> >>> Fix it by deleting the timer and canceling the worker in >>> brcmf_cfg80211_detach. >>> >>> Fixes: e756af5b30b0 ("brcmfmac: add e-scan support.") >>> Signed-off-by: Zheng Wang >>> Cc: stable@vger.kernel.org >>> --- >>> v5: >>> - replace del_timer_sync with timer_shutdown_sync suggested by >>> Arend and Takashi >>> v4: >>> - rename the subject and add CVE number as Ping-Ke Shih suggested >>> v3: >>> - rename the subject as Johannes suggested >>> v2: >>> - fix the error of kernel test bot reported >>> --- >>> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++ >>> 1 file changed, 2 insertions(+) >>> >>> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c >>> b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c >>> index 667462369a32..a8723a61c9e4 100644 >>> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c >>> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c >>> @@ -8431,6 +8431,8 @@ void brcmf_cfg80211_detach(struct brcmf_cfg80211_info >>> *cfg) >>> if (!cfg) >>> return; >>> >>> + timer_shutdown_sync(&cfg->escan_timeout); >>> + cancel_work_sync(&cfg->escan_timeout_work); >>> brcmf_pno_detach(cfg); >>> brcmf_btcoex_detach(cfg); >>> wiphy_unregister(cfg->wiphy); >> >> Has anyone tested this on a real device? As v1 didn't even compile I am >> very cautious: >> >> https://patchwork.kernel.org/project/linux-wireless/patch/20231104054709.716585-1-zyytlz.wz@163.com/ >> >> -- >> https://patchwork.kernel.org/project/linux-wireless/list/ >> >> https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches --000000000000b2da9006097dc8d1 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIQdwYJKoZIhvcNAQcCoIIQaDCCEGQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg gg3OMIIFDTCCA/WgAwIBAgIQeEqpED+lv77edQixNJMdADANBgkqhkiG9w0BAQsFADBMMSAwHgYD VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE AxMKR2xvYmFsU2lnbjAeFw0yMDA5MTYwMDAwMDBaFw0yODA5MTYwMDAwMDBaMFsxCzAJBgNVBAYT AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIEdDQyBS MyBQZXJzb25hbFNpZ24gMiBDQSAyMDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA vbCmXCcsbZ/a0fRIQMBxp4gJnnyeneFYpEtNydrZZ+GeKSMdHiDgXD1UnRSIudKo+moQ6YlCOu4t rVWO/EiXfYnK7zeop26ry1RpKtogB7/O115zultAz64ydQYLe+a1e/czkALg3sgTcOOcFZTXk38e aqsXsipoX1vsNurqPtnC27TWsA7pk4uKXscFjkeUE8JZu9BDKaswZygxBOPBQBwrA5+20Wxlk6k1 e6EKaaNaNZUy30q3ArEf30ZDpXyfCtiXnupjSK8WU2cK4qsEtj09JS4+mhi0CTCrCnXAzum3tgcH cHRg0prcSzzEUDQWoFxyuqwiwhHu3sPQNmFOMwIDAQABo4IB2jCCAdYwDgYDVR0PAQH/BAQDAgGG MGAGA1UdJQRZMFcGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYKKwYBBAGCNwoDBAYJ KwYBBAGCNxUGBgorBgEEAYI3CgMMBggrBgEFBQcDBwYIKwYBBQUHAxEwEgYDVR0TAQH/BAgwBgEB /wIBADAdBgNVHQ4EFgQUljPR5lgXWzR1ioFWZNW+SN6hj88wHwYDVR0jBBgwFoAUj/BLf6guRSSu TVD6Y5qL3uLdG7wwegYIKwYBBQUHAQEEbjBsMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9i YWxzaWduLmNvbS9yb290cjMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j b20vY2FjZXJ0L3Jvb3QtcjMuY3J0MDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs c2lnbi5jb20vcm9vdC1yMy5jcmwwWgYDVR0gBFMwUTALBgkrBgEEAaAyASgwQgYKKwYBBAGgMgEo CjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAN BgkqhkiG9w0BAQsFAAOCAQEAdAXk/XCnDeAOd9nNEUvWPxblOQ/5o/q6OIeTYvoEvUUi2qHUOtbf jBGdTptFsXXe4RgjVF9b6DuizgYfy+cILmvi5hfk3Iq8MAZsgtW+A/otQsJvK2wRatLE61RbzkX8 9/OXEZ1zT7t/q2RiJqzpvV8NChxIj+P7WTtepPm9AIj0Keue+gS2qvzAZAY34ZZeRHgA7g5O4TPJ /oTd+4rgiU++wLDlcZYd/slFkaT3xg4qWDepEMjT4T1qFOQIL+ijUArYS4owpPg9NISTKa1qqKWJ jFoyms0d0GwOniIIbBvhI2MJ7BSY9MYtWVT5jJO3tsVHwj4cp92CSFuGwunFMzCCA18wggJHoAMC AQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v dCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTA5 MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFowTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENB IC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJqYi8fXvqWaN+J J5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8gokeWdimFXN6x0FNx04Druci8u nPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTv riBJ/K1AFUjRAjFhGV64l++td7dkmnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGj QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5N UPpjmove4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGssxOGhigH M8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5V2yq/BKW7FPGLeQkbLmU Y/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V 14qWtNPeTCekTBtzc3b0F5nCH3oO4y0IrQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcy a5QBqJnnLDMfOjsl0oZAzjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/ XzCCBVYwggQ+oAMCAQICDE79bW6SMzVJMuOi1zANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJC RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMg UGVyc29uYWxTaWduIDIgQ0EgMjAyMDAeFw0yMjA5MTAxMTQzMjNaFw0yNTA5MTAxMTQzMjNaMIGV MQswCQYDVQQGEwJJTjESMBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxFjAU BgNVBAoTDUJyb2FkY29tIEluYy4xGTAXBgNVBAMTEEFyZW5kIFZhbiBTcHJpZWwxKzApBgkqhkiG 9w0BCQEWHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDxOB8Yu89pZLsG9Ic8ZY3uGibuv+NRsij+E70OMJQIwugrByyNq5xgH0BI22vJ LT7VKCB6YJC88ewEFfYi3EKW/sn6RL16ImUM40beDmQ12WBquJRoxVNyoByNalmTOBNYR95ZQZJw 1nrzaoJtK0XIsv0dNCUcLlAc+jHkngD+I0ptVuWoMO1BcJexqJf5iX2M1CdC8PXTh9g4FIQnG2mc 2Gzj3QNJRLsZu1TLyOyBBIr/BE7UiY3RabgRzknBGAPmzhS+fmyM8OtM5BYBsFBrSUFtZZO2p/tf Nbc24J2zf2peoZ8MK+7WQqummYlOnz+FyDkA9EybeNMcS5C+xi/PAgMBAAGjggHdMIIB2TAOBgNV HQ8BAf8EBAMCBaAwgaMGCCsGAQUFBwEBBIGWMIGTME4GCCsGAQUFBzAChkJodHRwOi8vc2VjdXJl Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2djY3IzcGVyc29uYWxzaWduMmNhMjAyMC5jcnQwQQYI KwYBBQUHMAGGNWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNwZXJzb25hbHNpZ24y Y2EyMDIwME0GA1UdIARGMEQwQgYKKwYBBAGgMgEoCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3 dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJBgNVHRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqG OGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NnY2NyM3BlcnNvbmFsc2lnbjJjYTIwMjAuY3Js MCcGA1UdEQQgMB6BHGFyZW5kLnZhbnNwcmllbEBicm9hZGNvbS5jb20wEwYDVR0lBAwwCgYIKwYB BQUHAwQwHwYDVR0jBBgwFoAUljPR5lgXWzR1ioFWZNW+SN6hj88wHQYDVR0OBBYEFIikAXd8CEtv ZbDflDRnf3tuStPuMA0GCSqGSIb3DQEBCwUAA4IBAQCdS5XCYx6k2GGZui9DlFsFm75khkqAU7rT zBX04sJU1+B1wtgmWTVIzW7ugdtDZ4gzaV0S9xRhpDErjJaltxPbCylb1DEsLj+AIvBR34caW6ZG sQk444t0HPb29HnWYj+OllIGMbdJWr0/P95ZrKk2bP24ub3ZP/8SyzrohfIba9WZKMq6g2nTLZE3 BtkeSGJx/8dy0h8YmRn+adOrxKXHxhSL8BNn8wsmIZyYWe6fRcBtO3Ks2DOLyHCdkoFlN8x9VUQF N2ulEgqCbRKkx+qNirW86eF138lr1gRxzclu/38ko//MmkAYR/+hP3WnBll7zbpIt0jc9wyFkSqH p8a1MYICbTCCAmkCAQEwazBbMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z YTExMC8GA1UEAxMoR2xvYmFsU2lnbiBHQ0MgUjMgUGVyc29uYWxTaWduIDIgQ0EgMjAyMAIMTv1t bpIzNUky46LXMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCClYw1OTDcnKsyNpyO1 PIBWXMaD3VZemGpk9RXnJDpuMTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ BTEPFw0yMzExMDYxNTQ4MjJaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFl AwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzAL BglghkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAcniUdIFbd3WnKY79xfXiSZDOrxc1sAKIvx6F Q/utJKEGw9hSYIENjzrXS7vZNFWyU2PieLDB6f42euUyx79K1wA59wg5T06/I2vV/33OtIH8It1Q IjSRpqHFlkJpjUMMiZ7rnQCSp/L8B/fxZeGoxr2Vch0Tfr9RLBlW70ID+WuU/jO67LJLomFLytAl eNBXhr6bMSSQ9it8qyhzbh1jVlPCy2SrIG/uhw+9M3HUpODMxBToDSC2RhBL7zr2w/JMlHz8UDUu 6gi30Z9y3ys358vgPUqwjAw7TtmH6AFGRXbIobZlrKWbYreeflwLpUYB+Gh5HQti64XlOPGteCf2 cg== --000000000000b2da9006097dc8d1--