20527 2008-08-26 12:11:12 -0700 [sg:low] Cross-domain access to stylesheet text should not be allowed 2012-05-10 08:15:17 -0700 1 1 1 Unclassified Security Security 525.x (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 scarybeasts webkit-security-unassigned abarth apavlov cevans darin lcamtuf sam yong.li.webkit oldest_to_newest 89405 0 scarybeasts 2008-08-26 12:11:12 -0700 The following HTML raises security exceptions in Firefox and Opera (IE7 does not appear to support these APIs). Webkit nightly runs the code fine: <html> <head> <link rel="stylesheet" href="https://mail.google.com/mail"> <script> function func() { var sheet = document.styleSheets[0]; try { var len = sheet.cssRules.length; alert(len); alert(sheet.cssRules.item(0).cssText); } catch (e) { alert("Error name: " + e.name + ". Error message: " + e.message); } } </script> </head> <body onload="func()"> <div id="blah" class="show"> </body> </html> It's not a huge security hole because cross domain CSS property values can be accessed via e.g. window.getComputedStyle(ele, null).getPropertyValue('blah') I can think of a couple of minor threat scenarios this would protect against: - If a paranoid site wanted to hide sensitive property values (a customized background-url perhaps?) it would use randomized style names. - Any over-tolerance in the CSS parser would expose less of the HTML page. It's certainly worth bringing into line with Firefox in case there is some future attack I haven't thought about. 89409 1 sam 2008-08-26 13:03:20 -0700 <rdar://problem/6176957> 89410 2 sam 2008-08-26 13:05:57 -0700 I don't understand what this would be protecting against if all the values are accessible by other means. I am not sure there is much value in changing this if the only reason is to be brought in line with Firefox. 89437 3 scarybeasts 2008-08-26 17:49:06 -0700 The values are accessible but ONLY if you know the style name. Some web site out there may well use unpredictable style names to protect against this. Other threats may pop up in the future; I'd rather just be safe rather than waiting for a problem. 107263 4 scarybeasts 2009-01-27 14:44:49 -0800 Some minor frameworks do seem to randomize CSS style name (although the reason is not clear) so this may be worth fixing. 116941 5 scarybeasts 2009-04-08 15:06:15 -0700 Hmm... this would actually permit cross-domain theft of this (and related constructs): {} hexadecimal_or_ascii_security_token {} Because the lax CSS parser will pull that selector name (plus empty selector) out of the middle of some non-CSS target cross domain resource. 146110 6 abarth 2009-09-10 01:05:33 -0700 This seems low cost and a slight improvement. I, for one, would welcome a patch that changed our behavior to match Firefox. 159546 7 abarth 2009-10-31 04:04:36 -0700 Patch forthcoming. 159548 8 42250 abarth 2009-10-31 04:26:46 -0700 Created attachment 42250 Patch 159583 9 scarybeasts 2009-10-31 15:17:26 -0700 Nice patch Adam :) I had some random q's: 1) Does this prevent access at the same place in the object tree as FF? i.e., getting cssRules object as opposed to the actual stylesheet object? 2) We've had trouble in this area where we didn't account for any redirects in the security check. Is that taken care of? 3) It just occurred to me that Firefox had an interesting bug where it would expose the eventual redirect destination (including sensitive URL params :) of the "href" attribute on a stylesheet. Hopefully we're good here? 159585 10 abarth 2009-10-31 15:22:02 -0700 (In reply to comment #9) > 1) Does this prevent access at the same place in the object tree as FF? i.e., > getting cssRules object as opposed to the actual stylesheet object? Yes. Firefox throws an exception here. We just return null, but the mediation point is the same. > 2) We've had trouble in this area where we didn't account for any redirects in > the security check. Is that taken care of? We should add a test for that case! My understanding is that this code is checking against the final URL, just like access to an iframe is based on the final URL of the content loaded in the frame. > 3) It just occurred to me that Firefox had an interesting bug where it would > expose the eventual redirect destination (including sensitive URL params :) of > the "href" attribute on a stylesheet. Hopefully we're good here? No idea. I recommend writing a test. If we pass the test, great! We can check it in and we won't regress. If we fail the test, that's the first step towards fixing the problem. 159587 11 scarybeasts 2009-10-31 15:39:42 -0700 Ok. I'll be writing a test for some CSS issues I'm working on, so I can work these cases in. 159601 12 42263 abarth 2009-10-31 16:52:01 -0700 Created attachment 42263 Patch 159602 13 abarth 2009-10-31 16:55:10 -0700 > We should add a test for that case! Added. 159682 14 sam 2009-11-01 16:27:54 -0800 This doesn't really seem like the correct layer to be doing this check. All the other same-origin checks exist in the JS bindings layer, so that other bindings are not changed. 159683 15 abarth 2009-11-01 16:33:57 -0800 (In reply to comment #14) > This doesn't really seem like the correct layer to be doing this check. All > the other same-origin checks exist in the JS bindings layer, so that other > bindings are not changed. I modelled this check after similar checks that we do in WebCore for XMLHttpRequest, XSL style sheets, and external XML entities. I actually had the check in the bindings layer in my original patch (not posted). I can move it back if you like. 159685 16 abarth 2009-11-01 16:36:07 -0800 Oh, there's another instance in the canvas code somewhere that does similar things for cross-origin images. 160612 17 scarybeasts 2009-11-04 14:40:23 -0800 Pinging reviewer :) 161084 18 abarth 2009-11-05 22:57:16 -0800 http://trac.webkit.org/changeset/50587 216619 19 darin 2010-04-23 16:30:32 -0700 This breaks a technique where a site: 1) Puts its CSS on a different server. Putting subresources in a separate domain can be useful so that the HTTP GET does not include any cookies and also so you can do different types of caching and network acceleration. 2) Uses JavaScript to iterate the CSS so it can wait for all the CSS images to load before doing something. The Safari welcome screen webpage at http://www.apple.com/safari/welcome/ makes use of this technique. 216620 20 abarth 2010-04-23 16:34:44 -0700 > The Safari welcome screen webpage at http://www.apple.com/safari/welcome/ makes > use of this technique. How does the Safari welcome page work in Firefox? We're aiming to match FF here. 216621 21 abarth 2010-04-23 16:36:09 -0700 > How does the Safari welcome page work in Firefox? We're aiming to match FF > here. "Download Safari 4 to view this page." I guess that page doesn't work in other browsers. 42250 2009-10-31 04:26:46 -0700 2009-10-31 16:52:45 -0700 Patch bug-20527-20091031042645.patch text/plain 4194 abarth ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAxMjRiZWJjLi45OTgxMjYxIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMDktMTAt MzEgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDcm9zcy1kb21haW4gYWNjZXNzIHRvIHN0eWxl c2hlZXQgdGV4dCBzaG91bGQgbm90IGJlIGFsbG93ZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3CisKKyAgICAgICAgVGVzdCB0aGF0IGEgc2Ny aXB0IGNhbm5vdCByZWFkIGNyb3NzLW9yaWdpbiBjc3NSdWxlcy4KKworICAgICAgICAqIGh0dHAv dGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMtZXhwZWN0ZWQudHh0OiBBZGRlZC4K KyAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLmh0bWw6 IEFkZGVkLgorCiAyMDA5LTEwLTMwICBFbnJpY2EgQ2FzdWNjaSAgPGVucmljYUBhcHBsZS5jb20+ CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gQWRsZXIuCmRpZmYgLS1naXQgYS9MYXlvdXRU ZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLWV4cGVjdGVkLnR4 dCBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMt ZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjdhNzhiYWIK LS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2Nhbm5v dC1yZWFkLWNzc3J1bGVzLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDEwIEBACitUaGlzIHRlc3Qg d2hldGhlciBhIHNjcmlwdCBjYW4gcmVhZCB0aGUgcnVsZXMgZnJvbSBhIGNyb3NzLW9yaWdpbiBz dHlsZSBzaGVldC4gRm9yIG1vcmUgaW5mb3JtYXRpb24gb24gd2h5IHdlIGJsb2NrIHRoaXMsIHBs ZWFzZSBzZWUgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3Lgor CitUZXN0IGJlZ2lucy4KKz09IENyb3NzLU9yaWdpbiA9PQorY3NzUnVsZXM6IG51bGwKK3J1bGVz OiBudWxsCis9PSBTYW1lLU9yaWdpbiA9PQorY3NzUnVsZXM6IFtvYmplY3QgQ1NTUnVsZUxpc3Rd CitydWxlczogW29iamVjdCBDU1NSdWxlTGlzdF0KK1Rlc3QgZW5kcy4KZGlmZiAtLWdpdCBhL0xh eW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMuaHRtbCBi L0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMuaHRt bApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwLi4yMDg2NzU3Ci0tLSAvZGV2L251 bGwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jYW5ub3QtcmVhZC1jc3Ny dWxlcy5odG1sCkBAIC0wLDAgKzEsMzggQEAKKzwhRE9DVFlQRSBodG1sPgorPGh0bWw+Cis8aGVh ZD4KKzxsaW5rIHJlbD0ic3R5bGVzaGVldCIKKyAgICAgIGhyZWY9Imh0dHA6Ly9sb2NhbGhvc3Q6 ODAwMC9zZWN1cml0eS9yZXNvdXJjZXMvY3NzU3R5bGUuY3NzIj4KKzxsaW5rIHJlbD0ic3R5bGVz aGVldCIgaHJlZj0icmVzb3VyY2VzL2Nzc1N0eWxlLmNzcyI+Cis8c2NyaXB0PgoraWYgKHdpbmRv dy5sYXlvdXRUZXN0Q29udHJvbGxlcikKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNU ZXh0KCk7CisKK2Z1bmN0aW9uIGxvZyhtc2cpIHsKKyAgICB2YXIgZGl2ID0gZG9jdW1lbnQuY3Jl YXRlRWxlbWVudCgiZGl2Iik7CisgICAgZGl2LnRleHRDb250ZW50ID0gbXNnOworICAgIGRvY3Vt ZW50LmdldEVsZW1lbnRCeUlkKCJjb25zb2xlIikuYXBwZW5kQ2hpbGQoZGl2KTsKK30KKword2lu ZG93Lm9ubG9hZCA9IGZ1bmN0aW9uKCkgeworICAgIGxvZygiVGVzdCBiZWdpbnMuIik7CisgICAg bG9nKCI9PSBDcm9zcy1PcmlnaW4gPT0iKTsKKyAgICB2YXIgc2hlZXQxID0gZG9jdW1lbnQuc3R5 bGVTaGVldHNbMF07CisgICAgbG9nKCJjc3NSdWxlczogIiArIHNoZWV0MS5jc3NSdWxlcyk7Cisg ICAgbG9nKCJydWxlczogIiArIHNoZWV0MS5ydWxlcyk7CisgICAgbG9nKCI9PSBTYW1lLU9yaWdp biA9PSIpOworICAgIHZhciBzaGVldDIgPSBkb2N1bWVudC5zdHlsZVNoZWV0c1sxXTsKKyAgICBs b2coImNzc1J1bGVzOiAiICsgc2hlZXQyLmNzc1J1bGVzKTsKKyAgICBsb2coInJ1bGVzOiAiICsg c2hlZXQyLnJ1bGVzKTsKKyAgICBsb2coIlRlc3QgZW5kcy4iKTsKK30KKzwvc2NyaXB0PgorPC9o ZWFkPgorPGJvZHk+Cis8cD5UaGlzIHRlc3Qgd2hldGhlciBhIHNjcmlwdCBjYW4gcmVhZCB0aGUg cnVsZXMgZnJvbSBhIGNyb3NzLW9yaWdpbiBzdHlsZQorc2hlZXQuICBGb3IgbW9yZSBpbmZvcm1h dGlvbiBvbiB3aHkgd2UgYmxvY2sgdGhpcywgcGxlYXNlIHNlZQorPGEgaHJlZj0iaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3Ij5odHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjA1Mjc8L2E+LgorPC9wPgorPGRpdiBpZD0iY29uc29sZSI+ PC9kaXY+Cis8L2JvZHk+Cis8L2h0bWw+CmRpZmYgLS1naXQgYS9XZWJDb3JlL0NoYW5nZUxvZyBi L1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IGM0MGZiNmIuLmMxYWViMTggMTAwNjQ0Ci0tLSBhL1dl YkNvcmUvQ2hhbmdlTG9nCisrKyBiL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTkgQEAK KzIwMDktMTAtMzEgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDcm9zcy1kb21haW4gYWNjZXNz IHRvIHN0eWxlc2hlZXQgdGV4dCBzaG91bGQgbm90IGJlIGFsbG93ZWQKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3CisKKyAgICAgICAgQ2hlY2sg d2hldGhlciB3aGV0aGVyIHRoZSBjdXJyZW50IGRvY3VtZW50IGNhbiByZWFkIHRoZSBjc3NSdWxl cyBmcm9tCisgICAgICAgIHRoZSBzdHlsZSBzaGVldC4gIEZpcmVmb3ggdGhyb3dzIGEgc2VjdXJp dHkgZXJyb3IgaGVyZSwgYnV0IHdlIHJldHVybgorICAgICAgICBudWxsIGluc3RlYWQgYmVjYXVz ZSB0aGF0J3Mgd2hhdCB3ZSB1c3VhbGx5IGRvIGluIHRoZXNlIGNhc2VzLgorCisgICAgICAgIFRl c3Q6IGh0dHAvdGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMuaHRtbAorCisgICAg ICAgICogY3NzL0NTU1N0eWxlU2hlZXQuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q1NTU3R5bGVT aGVldDo6Y3NzUnVsZXMpOgorCiAyMDA5LTEwLTMwICBab2x0YW4gSG9ydmF0aCAgPHpvbHRhbkB3 ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhcmluIEFkbGVyLgpkaWZmIC0tZ2l0 IGEvV2ViQ29yZS9jc3MvQ1NTU3R5bGVTaGVldC5jcHAgYi9XZWJDb3JlL2Nzcy9DU1NTdHlsZVNo ZWV0LmNwcAppbmRleCAxNTc5OTk5Li45ZTU3MzM2IDEwMDY0NAotLS0gYS9XZWJDb3JlL2Nzcy9D U1NTdHlsZVNoZWV0LmNwcAorKysgYi9XZWJDb3JlL2Nzcy9DU1NTdHlsZVNoZWV0LmNwcApAQCAt MjgsNiArMjgsNyBAQAogI2luY2x1ZGUgIkRvY3VtZW50LmgiCiAjaW5jbHVkZSAiRXhjZXB0aW9u Q29kZS5oIgogI2luY2x1ZGUgIk5vZGUuaCIKKyNpbmNsdWRlICJTZWN1cml0eU9yaWdpbi5oIgog I2luY2x1ZGUgIlRleHRFbmNvZGluZy5oIgogI2luY2x1ZGUgPHd0Zi9EZXF1ZS5oPgogCkBAIC0x MTgsNiArMTE5LDggQEAgaW50IENTU1N0eWxlU2hlZXQ6OmFkZFJ1bGUoY29uc3QgU3RyaW5nJiBz ZWxlY3RvciwgY29uc3QgU3RyaW5nJiBzdHlsZSwgRXhjZXB0aW8KIAogUGFzc1JlZlB0cjxDU1NS dWxlTGlzdD4gQ1NTU3R5bGVTaGVldDo6Y3NzUnVsZXMoYm9vbCBvbWl0Q2hhcnNldFJ1bGVzKQog eworICAgIGlmIChkb2MoKSAmJiAhZG9jKCktPnNlY3VyaXR5T3JpZ2luKCktPmNhblJlcXVlc3Qo YmFzZVVSTCgpKSkKKyAgICAgICAgcmV0dXJuIDA7CiAgICAgcmV0dXJuIENTU1J1bGVMaXN0Ojpj cmVhdGUodGhpcywgb21pdENoYXJzZXRSdWxlcyk7CiB9 42263 2009-10-31 16:52:01 -0700 2009-11-05 10:03:35 -0800 Patch bug-20527-20091031165159.patch text/plain 6752 abarth ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAxMjRiZWJjLi42ZDAyYWI1IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMDktMTAt MzEgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDcm9zcy1kb21haW4gYWNjZXNzIHRvIHN0eWxl c2hlZXQgdGV4dCBzaG91bGQgbm90IGJlIGFsbG93ZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3CisKKyAgICAgICAgVGVzdCB0aGF0IGEgc2Ny aXB0IGNhbm5vdCByZWFkIGNyb3NzLW9yaWdpbiBjc3NSdWxlcy4KKworICAgICAgICAqIGh0dHAv dGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMtZXhwZWN0ZWQudHh0OiBBZGRlZC4K KyAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLXJlZGly ZWN0LWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9j YW5ub3QtcmVhZC1jc3NydWxlcy1yZWRpcmVjdC5odG1sOiBBZGRlZC4KKyAgICAgICAgKiBodHRw L3Rlc3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLmh0bWw6IEFkZGVkLgorCiAyMDA5 LTEwLTMwICBFbnJpY2EgQ2FzdWNjaSAgPGVucmljYUBhcHBsZS5jb20+CiAKICAgICAgICAgUmV2 aWV3ZWQgYnkgRGFyaW4gQWRsZXIuCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9odHRwL3Rlc3Rz L3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3Rz L2h0dHAvdGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMtZXhwZWN0ZWQudHh0Cm5l dyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjdhNzhiYWIKLS0tIC9kZXYvbnVsbAor KysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVz LWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDEwIEBACitUaGlzIHRlc3Qgd2hldGhlciBhIHNjcmlw dCBjYW4gcmVhZCB0aGUgcnVsZXMgZnJvbSBhIGNyb3NzLW9yaWdpbiBzdHlsZSBzaGVldC4gRm9y IG1vcmUgaW5mb3JtYXRpb24gb24gd2h5IHdlIGJsb2NrIHRoaXMsIHBsZWFzZSBzZWUgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3LgorCitUZXN0IGJlZ2lucy4K Kz09IENyb3NzLU9yaWdpbiA9PQorY3NzUnVsZXM6IG51bGwKK3J1bGVzOiBudWxsCis9PSBTYW1l LU9yaWdpbiA9PQorY3NzUnVsZXM6IFtvYmplY3QgQ1NTUnVsZUxpc3RdCitydWxlczogW29iamVj dCBDU1NSdWxlTGlzdF0KK1Rlc3QgZW5kcy4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAv dGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMtcmVkaXJlY3QtZXhwZWN0ZWQudHh0 IGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jYW5ub3QtcmVhZC1jc3NydWxlcy1y ZWRpcmVjdC1leHBlY3RlZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4u MDYyNjQ2ZgotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJp dHkvY2Fubm90LXJlYWQtY3NzcnVsZXMtcmVkaXJlY3QtZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEs MTAgQEAKK1RoaXMgdGVzdCB3aGV0aGVyIGEgc2NyaXB0IGNhbiByZWFkIHRoZSBydWxlcyBmcm9t IGEgY3Jvc3Mtb3JpZ2luIHN0eWxlIHNoZWV0IGluIHRoZSBwcmVzZW5jZSBvZiByZWRpcmVjdHMu IEZvciBtb3JlIGluZm9ybWF0aW9uIG9uIHdoeSB3ZSBibG9jayB0aGlzLCBwbGVhc2Ugc2VlIGh0 dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMDUyNy4KKworVGVzdCBiZWdp bnMuCis9PSBTYW1lLU9yaWdpbiB0byBDcm9zcy1PcmlnaW4gPT0KK2Nzc1J1bGVzOiBudWxsCity dWxlczogbnVsbAorPT0gQ3Jvc3MtT3JpZ2luIHRvIFNhbWUtT3JpZ2luID09Citjc3NSdWxlczog W29iamVjdCBDU1NSdWxlTGlzdF0KK3J1bGVzOiBbb2JqZWN0IENTU1J1bGVMaXN0XQorVGVzdCBl bmRzLgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jYW5ub3Qt cmVhZC1jc3NydWxlcy1yZWRpcmVjdC5odG1sIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1 cml0eS9jYW5ub3QtcmVhZC1jc3NydWxlcy1yZWRpcmVjdC5odG1sCm5ldyBmaWxlIG1vZGUgMTAw NjQ0CmluZGV4IDAwMDAwMDAuLmZkNDFkNTUKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0 cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLXJlZGlyZWN0Lmh0bWwK QEAgLTAsMCArMSw0MCBAQAorPCFET0NUWVBFIGh0bWw+Cis8aHRtbD4KKzxoZWFkPgorPGxpbmsg cmVsPSJzdHlsZXNoZWV0IgorICAgICAgaHJlZj0icmVzb3VyY2VzL3JlZGlyLnBocD91cmw9aHR0 cDovL2xvY2FsaG9zdDo4MDAwL3NlY3VyaXR5L3Jlc291cmNlcy9jc3NTdHlsZS5jc3MiPgorPGxp bmsgcmVsPSJzdHlsZXNoZWV0IgorICAgICAgaHJlZj0iaHR0cDovL2xvY2FsaG9zdDo4MDAwL3Nl Y3VyaXR5L3Jlc291cmNlcy9yZWRpci5waHA/dXJsPWh0dHA6Ly8xMjcuMC4wLjE6ODAwMC9zZWN1 cml0eS9yZXNvdXJjZXMvY3NzU3R5bGUuY3NzIj4KKzxzY3JpcHQ+CitpZiAod2luZG93LmxheW91 dFRlc3RDb250cm9sbGVyKQorICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsK KworZnVuY3Rpb24gbG9nKG1zZykgeworICAgIHZhciBkaXYgPSBkb2N1bWVudC5jcmVhdGVFbGVt ZW50KCJkaXYiKTsKKyAgICBkaXYudGV4dENvbnRlbnQgPSBtc2c7CisgICAgZG9jdW1lbnQuZ2V0 RWxlbWVudEJ5SWQoImNvbnNvbGUiKS5hcHBlbmRDaGlsZChkaXYpOworfQorCit3aW5kb3cub25s b2FkID0gZnVuY3Rpb24oKSB7CisgICAgbG9nKCJUZXN0IGJlZ2lucy4iKTsKKyAgICBsb2coIj09 IFNhbWUtT3JpZ2luIHRvIENyb3NzLU9yaWdpbiA9PSIpOworICAgIHZhciBzaGVldDEgPSBkb2N1 bWVudC5zdHlsZVNoZWV0c1swXTsKKyAgICBsb2coImNzc1J1bGVzOiAiICsgc2hlZXQxLmNzc1J1 bGVzKTsKKyAgICBsb2coInJ1bGVzOiAiICsgc2hlZXQxLnJ1bGVzKTsKKyAgICBsb2coIj09IENy b3NzLU9yaWdpbiB0byBTYW1lLU9yaWdpbiA9PSIpOworICAgIHZhciBzaGVldDIgPSBkb2N1bWVu dC5zdHlsZVNoZWV0c1sxXTsKKyAgICBsb2coImNzc1J1bGVzOiAiICsgc2hlZXQyLmNzc1J1bGVz KTsKKyAgICBsb2coInJ1bGVzOiAiICsgc2hlZXQyLnJ1bGVzKTsKKyAgICBsb2coIlRlc3QgZW5k cy4iKTsKK30KKzwvc2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8cD5UaGlzIHRlc3Qgd2hldGhl ciBhIHNjcmlwdCBjYW4gcmVhZCB0aGUgcnVsZXMgZnJvbSBhIGNyb3NzLW9yaWdpbiBzdHlsZQor c2hlZXQgaW4gdGhlIHByZXNlbmNlIG9mIHJlZGlyZWN0cy4gIEZvciBtb3JlIGluZm9ybWF0aW9u IG9uIHdoeSB3ZSBibG9jawordGhpcywgcGxlYXNlIHNlZQorPGEgaHJlZj0iaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNTI3Ij5odHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9MjA1Mjc8L2E+LgorPC9wPgorPGRpdiBpZD0iY29uc29sZSI+PC9k aXY+Cis8L2JvZHk+Cis8L2h0bWw+CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9odHRwL3Rlc3Rz L3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLmh0bWwgYi9MYXlvdXRUZXN0cy9odHRwL3Rl c3RzL3NlY3VyaXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA2 NDQKaW5kZXggMDAwMDAwMC4uMjA4Njc1NwotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3Rz L2h0dHAvdGVzdHMvc2VjdXJpdHkvY2Fubm90LXJlYWQtY3NzcnVsZXMuaHRtbApAQCAtMCwwICsx LDM4IEBACis8IURPQ1RZUEUgaHRtbD4KKzxodG1sPgorPGhlYWQ+Cis8bGluayByZWw9InN0eWxl c2hlZXQiCisgICAgICBocmVmPSJodHRwOi8vbG9jYWxob3N0OjgwMDAvc2VjdXJpdHkvcmVzb3Vy Y2VzL2Nzc1N0eWxlLmNzcyI+Cis8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9InJlc291cmNl cy9jc3NTdHlsZS5jc3MiPgorPHNjcmlwdD4KK2lmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xs ZXIpCisgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworCitmdW5jdGlvbiBs b2cobXNnKSB7CisgICAgdmFyIGRpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImRpdiIpOwor ICAgIGRpdi50ZXh0Q29udGVudCA9IG1zZzsKKyAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgi Y29uc29sZSIpLmFwcGVuZENoaWxkKGRpdik7Cit9CisKK3dpbmRvdy5vbmxvYWQgPSBmdW5jdGlv bigpIHsKKyAgICBsb2coIlRlc3QgYmVnaW5zLiIpOworICAgIGxvZygiPT0gQ3Jvc3MtT3JpZ2lu ID09Iik7CisgICAgdmFyIHNoZWV0MSA9IGRvY3VtZW50LnN0eWxlU2hlZXRzWzBdOworICAgIGxv ZygiY3NzUnVsZXM6ICIgKyBzaGVldDEuY3NzUnVsZXMpOworICAgIGxvZygicnVsZXM6ICIgKyBz aGVldDEucnVsZXMpOworICAgIGxvZygiPT0gU2FtZS1PcmlnaW4gPT0iKTsKKyAgICB2YXIgc2hl ZXQyID0gZG9jdW1lbnQuc3R5bGVTaGVldHNbMV07CisgICAgbG9nKCJjc3NSdWxlczogIiArIHNo ZWV0Mi5jc3NSdWxlcyk7CisgICAgbG9nKCJydWxlczogIiArIHNoZWV0Mi5ydWxlcyk7CisgICAg bG9nKCJUZXN0IGVuZHMuIik7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5PgorPHA+VGhp cyB0ZXN0IHdoZXRoZXIgYSBzY3JpcHQgY2FuIHJlYWQgdGhlIHJ1bGVzIGZyb20gYSBjcm9zcy1v cmlnaW4gc3R5bGUKK3NoZWV0LiAgRm9yIG1vcmUgaW5mb3JtYXRpb24gb24gd2h5IHdlIGJsb2Nr IHRoaXMsIHBsZWFzZSBzZWUKKzxhIGhyZWY9Imh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0yMDUyNyI+aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTIwNTI3PC9hPi4KKzwvcD4KKzxkaXYgaWQ9ImNvbnNvbGUiPjwvZGl2PgorPC9ib2R5PgorPC9o dG1sPgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9DaGFuZ2VMb2cgYi9XZWJDb3JlL0NoYW5nZUxvZwpp bmRleCBjNDBmYjZiLi45ZDZiZTM2IDEwMDY0NAotLS0gYS9XZWJDb3JlL0NoYW5nZUxvZworKysg Yi9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDA5LTEwLTMxICBBZGFtIEJh cnRoICA8YWJhcnRoQHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgQ3Jvc3MtZG9tYWluIGFjY2VzcyB0byBzdHlsZXNoZWV0IHRleHQg c2hvdWxkIG5vdCBiZSBhbGxvd2VkCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0yMDUyNworCisgICAgICAgIENoZWNrIHdoZXRoZXIgd2hldGhlciB0aGUg Y3VycmVudCBkb2N1bWVudCBjYW4gcmVhZCB0aGUgY3NzUnVsZXMgZnJvbQorICAgICAgICB0aGUg c3R5bGUgc2hlZXQuICBGaXJlZm94IHRocm93cyBhIHNlY3VyaXR5IGVycm9yIGhlcmUsIGJ1dCB3 ZSByZXR1cm4KKyAgICAgICAgbnVsbCBpbnN0ZWFkIGJlY2F1c2UgdGhhdCdzIHdoYXQgd2UgdXN1 YWxseSBkbyBpbiB0aGVzZSBjYXNlcy4KKworICAgICAgICBUZXN0OiBodHRwL3Rlc3RzL3NlY3Vy aXR5L2Nhbm5vdC1yZWFkLWNzc3J1bGVzLXJlZGlyZWN0Lmh0bWwKKyAgICAgICAgICAgICAgaHR0 cC90ZXN0cy9zZWN1cml0eS9jYW5ub3QtcmVhZC1jc3NydWxlcy5odG1sCisKKyAgICAgICAgKiBj c3MvQ1NTU3R5bGVTaGVldC5jcHA6CisgICAgICAgIChXZWJDb3JlOjpDU1NTdHlsZVNoZWV0Ojpj c3NSdWxlcyk6CisKIDIwMDktMTAtMzAgIFpvbHRhbiBIb3J2YXRoICA8em9sdGFuQHdlYmtpdC5v cmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gQWRsZXIuCmRpZmYgLS1naXQgYS9XZWJD b3JlL2Nzcy9DU1NTdHlsZVNoZWV0LmNwcCBiL1dlYkNvcmUvY3NzL0NTU1N0eWxlU2hlZXQuY3Bw CmluZGV4IDE1Nzk5OTkuLjllNTczMzYgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUvY3NzL0NTU1N0eWxl U2hlZXQuY3BwCisrKyBiL1dlYkNvcmUvY3NzL0NTU1N0eWxlU2hlZXQuY3BwCkBAIC0yOCw2ICsy OCw3IEBACiAjaW5jbHVkZSAiRG9jdW1lbnQuaCIKICNpbmNsdWRlICJFeGNlcHRpb25Db2RlLmgi CiAjaW5jbHVkZSAiTm9kZS5oIgorI2luY2x1ZGUgIlNlY3VyaXR5T3JpZ2luLmgiCiAjaW5jbHVk ZSAiVGV4dEVuY29kaW5nLmgiCiAjaW5jbHVkZSA8d3RmL0RlcXVlLmg+CiAKQEAgLTExOCw2ICsx MTksOCBAQCBpbnQgQ1NTU3R5bGVTaGVldDo6YWRkUnVsZShjb25zdCBTdHJpbmcmIHNlbGVjdG9y LCBjb25zdCBTdHJpbmcmIHN0eWxlLCBFeGNlcHRpbwogCiBQYXNzUmVmUHRyPENTU1J1bGVMaXN0 PiBDU1NTdHlsZVNoZWV0Ojpjc3NSdWxlcyhib29sIG9taXRDaGFyc2V0UnVsZXMpCiB7CisgICAg aWYgKGRvYygpICYmICFkb2MoKS0+c2VjdXJpdHlPcmlnaW4oKS0+Y2FuUmVxdWVzdChiYXNlVVJM KCkpKQorICAgICAgICByZXR1cm4gMDsKICAgICByZXR1cm4gQ1NTUnVsZUxpc3Q6OmNyZWF0ZSh0 aGlzLCBvbWl0Q2hhcnNldFJ1bGVzKTsKIH0=