Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

forward TCP port to http proxy or socks5 server "Segmentation fault" when using wrong pwd #37

Open
osnosn opened this issue Feb 26, 2023 · 8 comments
Open

forward TCP port to http proxy or socks5 server "Segmentation fault" when using wrong pwd #37

osnosn opened this issue Feb 26, 2023 · 8 comments
Assignees
@helintongh
Labels
help wanted Extra attention is needed

Comments

@osnosn
Copy link

osnosn commented Feb 26, 2023
edited

In Openwrt 22.03 , xfrpc - 2.1.606-1,
system type : MediaTek MT7620A
CPU model : MIPS 24KEc V5.0

# frpc.ini
[common]
server_addr = mydomain.xxx
server_port = 37219
token = xxxxxx
user = test
protocol = tcp
tls_enable = true
[socks5-test]
type = tcp
local_ip = 127.0.0.1
local_port = 1080
remote_port = 31080

run it /usr/bin/xfrpc -c frpc.ini

127.0.0.1:1080 is a local socks5 service that requires account authentication.

"frps-0.42.0" is running in my Debian system (x86_64).

I use ssh with ProxyCommand ncat --proxy-type socks5 --proxy 127.0.0.1:31080 --proxy-auth usr:12345 %h %p connect to the remote server,
If wrong password used, xfrpc crashes with "Segmentation fault".

I change 127.0.0.1:1080 to http proxy.
I use ssh with ProxyCommand ncat --proxy-type http --proxy 127.0.0.1:31080 --proxy-auth usr:12345 %h %p connect to the remote server,
If wrong password used, xfrpc crashes with "Segmentation fault".

If use correct password for socks5 or http proxy.
xfrpc works fine.

$ ncat -v
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: You must specify a host to connect to. QUITTING.
@osnosn osnosn changed the title forward TCP port to http or socks5 server "Segmentation fault" when using wrong pwd forward TCP port to http proxy or socks5 server "Segmentation fault" when using wrong pwd Feb 26, 2023
@liudf0716
Copy link
Owner

@osnosn Thank you for your detailed bug report. I will confirm the bug as soon as possible.

@osnosn
Copy link
Author

osnosn commented Mar 2, 2023 

# frpc.ini
[common]
server_addr = mydomain.xxx
server_port = 37219
token = xxxxxx
user = test
protocol = tcp
tls_enable = true
[socks5-t2]
type = tcp
local_ip = 192.168.1.200
local_port = 1080
remote_port = 34567

run it /usr/bin/xfrpc -c frpc.ini -f -d5

192.168.1.200:1080 is a "3proxy" service run in debian, provides http proxy(8888) and socks5(1080) that requires account authentication.

curl -i --proxy socks5h://user:abcd@127.0.0.1:34567 http://ident.me
If wrong password used for socks5, xfrpc crashes with "Segmentation fault".

I change local_port = 8888 in frpc.ini.
curl -i --proxy http://user:abcd@127.0.0.1:34567 http://ident.me
If wrong password used for http proxy, xfrpc crashes with "Segmentation fault".

If I use correct password for socks5 or http proxy.
xfrpc works fine.

@liudf0716 liudf0716 added the help wanted Extra attention is needed label Mar 2, 2023
@helintongh
Copy link
Collaborator

helintongh commented Mar 2, 2023
edited

I will test and fix it on weekend.
If it's easy to reproduce, it shouldn't be too hard to change

@helintongh
Copy link
Collaborator

Now we add a debug version of xfrpc with asan that can detect memory errors in pr.
Can you compile xfrpc in the following command and paste the error message to this issue? so that we can determine what is wrong.thanks

cmake -DCMAKE_BUILD_TYPE=Debug ..

@osnosn
Copy link
Author

osnosn commented May 5, 2023

I don't know how to compile.

Downloaded the SDK for openwrt.
It took 3 hours and the feeds couldn't be downloaded successfully.
Give up.

@osnosn
Copy link
Author

osnosn commented May 6, 2023
edited

#37
Same device (MT7620A) Same version, Same config.

run /usr/bin/xfrpc -f -d 9 -c /root/frpc-test.ini

[7][Sat May  6 19:10:53 2023][16574](config.c:328) Reading configuration file '/root/frpc-test.ini'
[7][Sat May  6 19:10:53 2023][16574](config.c:93) Section[common]: {server_addr:mydomain.xxx, server_port:37219, auth_token:AB-----------------124, interval:30, timeout:90}
[7][Sat May  6 19:10:53 2023][16574](config.c:115) Proxy service 0: {name:socks5-test, local_port:1080, type:tcp}
[7][Sat May  6 19:10:53 2023][16574](login.c:104) working in router
[6][Sat May  6 19:10:53 2023][16574](control.c:653) connect server [mydomain.xxx:37219]...
[7][Sat May  6 19:10:53 2023][16574](control.c:615) xfrp server connected
[7][Sat May  6 19:10:53 2023][16574](control.c:690) send plain msg ----> [o: { "version": "0.43.0", "hostname": "","os": "Linux", "arch": "mips", "user": "", "privilege_key": "8d50c4----------------6bf3149", "timestamp": 16833----53, "run_id": "207---------234", "pool_count": 1, "metas": null }]
[7][Sat May  6 19:10:53 2023][16574](control.c:627) start keep_control_alive
[7][Sat May  6 19:10:58 2023][16574](login.c:127) xfrp login response: run_id: [207---------234], version: [0.42.0]
[3][Sat May  6 19:10:58 2023][16574](control.c:445) login success! login_len 75 len 84 ilen 0
[7][Sat May  6 19:10:58 2023][16574](control.c:317) recv eas1238 iv data
[6][Sat May  6 19:10:58 2023][16574](control.c:159) Start xfrp proxy services ...
[7][Sat May  6 19:10:58 2023][16574](control.c:790) control proxy client: [Type 112 : proxy_name socks5-test : msg_len 244]
[7][Sat May  6 19:10:58 2023][16574](control.c:128) new client through tcp mux: 5
[7][Sat May  6 19:10:58 2023][16574](control.c:690) send plain msg ----> [w: { "run_id": "207---------234" }]
[7][Sat May  6 19:11:14 2023][16574](control.c:393) proxy service [socks5-test] [127.0.0.1:1080] start work connection. remain data length 0
[7][Sat May  6 19:11:14 2023][16574](client.c:133) proxy server [mydomain.xxx:31080] <---> client [127.0.0.1:1080]
[7][Sat May  6 19:11:14 2023][16574](control.c:128) new client through tcp mux: 7
[7][Sat May  6 19:11:14 2023][16574](control.c:690) send plain msg ----> [w: { "run_id": "207---------234" }]
[7][Sat May  6 19:11:14 2023][16574](client.c:78) what [128] client [5] connected : Operation in progress
[7][Sat May  6 19:11:14 2023][16574](client.c:70) xfrpc proxy close connect server [127.0.0.1:1080] stream_id 5: Operation in progress
[7][Sat May  6 19:11:14 2023][16574](tcpmux.c:266) free stream 5
[7][Sat May  6 19:11:14 2023][16574](client.c:182) free client 5
Segmentation fault

@osnosn
Copy link
Author

osnosn commented May 6, 2023
edited

system "Debian GNU/Linux 11 (bullseye)" , x86_64

sudo apt-get install libjson-c-dev libevent-dev libssl-dev
git clone https://github.com/liudf0716/xfrpc.git xfrpc
cd xfrp
mkdir builder
cd builder
cmake -D THIRDPARTY_STATIC_BUILD=ON ..   >> log  2>&1
echo ============================   >> log  2>&1
make  V=s   >> log  2>&1
gzip log
base64 log.gz

H4sICNtRVmQAA2xvZwDsnOtz2ziSwD+f/wqWP2xmtiIrkh9xXLdb5TiexLuOk4qTm9vb2WLxAUoc
kQQHAGV5av/4a4CkhAaa9MbxzF3VnRO9fo3Go9F4EuRkEnxesuAiSHhZ5wUTQZ6ySuVZnkQq51WQ
y+DtzZdg9uJgfjDbm0yCN0yxROXVwlY6f30V5FXGHwwQTIKUV0yHu1iyZBVkXAR3XKxw+LNg2kgx
jfNqmiSgI1d5XbN0IPogY5FqBJMPyfvUL95HKxb8GIlKh/suZevvIXeBwde5VPJAbdTZXhCcBwVf
gCmKIC445JbXzKiAYRSYrcghMggWBFNeq+kmE3UydWI5Cb7Ls+91qKTgEvLwFbrzl8F3rEo7/btc
LYMyl5MyUslSZyMSi6aE6pIHe5+XUFN3XYngq7ZrLfjPYIsAyscKyLqQB0HwRbJg8mPFJ0ADxQPZ
1DWYRga5OtjTBvz46cNfLi8+Bx/PP78Lrm7PgrNdBrU8EpC4tjFYFFI6O/two3Fra2McMJKUxZCV
1TIXaR0Jde8W95EGH47w8PRrjD8cz9Hp710PHyBUZLxY3kvFyrNgc3oSnhxN7paRgmjEBIrQbOZ7
F7zK8kUjdFBQqm5vrwMQS912Zwfwrwy+e7GZvdD/0uz6e5MhoztpY9z7Io2B5UTWLNENP5CMpVCf
bcSmG9i7EKzNTovTSEUHdbnD2l4ZNLW9vT8+yZ+OJvjGv100vWGWkQxixiowdpKArbOmKO63JYVC
j0fzRLm5yoJ73gSsSnhTKegcI+0hccHK4G6pu6u4yYsUrPo8qAsWgZ/oVhBEFY4ml7Jh2qHf5upd
Ewf/vlSqlmfT6QL8s4kPoEFOu6a4/TQ68s92NFGVQqtMiiZlpmnwRtWNCjLBS/M740XB79qqL0sI
ffZb2kb/gesX2M+CySRtyvrronmC3HzXVVUEPV3F7nQz7VzpueFlvlgqaO2V0iLIsmwKZayGonn2
WfAG6lcuOdet5Rm0sKQdXdvu6Orm9vP59XWQmcEqF1J9/xsV6ima5nZoNhW1P7k62A8m73cVFuw3
Ki+mKdfFOaiL/eAn09XuT3jfTez3LjdNxH2t+DSuQh3BwfIATPLnQelvknYq+VjiO/HTpu60TSoH
ZJC9Ug+rKQOWBn/4Q2B+hlFRGMHfZ/84Cy51t6KbbJoL8DQu7oNn9EDXxTxph4pnuyiuWbT+thge
nwlsZmPSctV1ihmYNdhHs8Ps49VFMKnVEgajNJiUJ0cwsEbPJ5OKsw1LpIpgIgGkKILJh0PoS4Ao
GOYmbz58vLyBxhx+ub0Mbz68uby+/HwJ+Dq8vHlzdX5jhTBJbH9dfPxy9Sb88PovFrs6P5yHt7eX
c4u9vgnPb9+H7z/cfKbpsY/f/jCH/u7N7bvzmf7dfp0fn+x+HM/m3Y+/Xl5cnP91dvLiRQc+XRx1
396/Oe6+nV/e3lx13//jI/zqvr99d377rvt+efExvLm6/fxfu4T+c358PHvV/fj44fpvs8MXfZQ3
by5ff3m7H+zbE4l9cNy+vfZ1ZTUZqKkAGgy8+tFmctUG//8a/P1rsMvym6tPf9r/qW1OMN+Oiim0
w5/293WEN2+vbi5v/RBFHk9ZtYAZtNQttg3degTU8Pv3b+Dth94Tkm4uepAeKBjAJ+8/exKof6hJ
TnCXJHuRCPTsNW4lB5GvtPc0XcM1OOqPxfPJrxVPWQFLymAil5GeIhr8Wt6XMS8gZNACyauoZH/a
ZU1y3ZlB//9vUDQPG51Jl+mJTEReK0u5jOq+ZBGT+hUmcbKzyBZmMQG5YD5lCRE0XxAhYWVDJMWp
pO5EVHu0yidl3PUJlBDsOBsXgwuPBKAk6xrefYnII/NmIVnNplEY50oq4eF0nodZ7WOwk1Q+bvyg
C1gFlh7N5ykVb175kZYxlTEe6wWkjxPFfFoLKmKZLyofKsE2FK3y1MMqL5kP72sfNiohrNCo7NSD
0Aby7N7FJVPLENqDy+EtZMKzj8ZgeQrnsHiGmPzq08KBFGBW4mNoF37xNea+qTSWKi4IXkOP4+A4
56H+QuAqZZmDtY/Wbv4MbBzI1jUVb0b4XabrHOZqDtZ+66VloJsWFGzF3GqESR37xWH1cVjHrh1b
uJ77WJrfLj+lUlNtq/YoGVTWq9yFunpSllAY1uoUzoRbEoNhqUjhWrgearBMSAwNi8KNcr1qA3P/
BXdraQPWWFSN2wo3od6FJaBCHWdLC+55xIYy50Z3Lj7zTbwJ1xHK/n2VTPV+Yvs1rJpiTFxzmW9G
5Hd55Un1OwndfmQnuItyy4viDP7rkdY2UAvRmNohO7UWcUpVIitCU5/GYZSmwmV628NlTv/eQsnt
fmXH5g7MwrjJMg8WQD1YwacPUR0ZCB0VskTHkIF7iLrcHuru3qFShlFSu8UE6udJ6jlPVfk0XYio
9HGWEkwv2D1a8IUPS0bESVgFqFMpBSyN591HPMClx8twSKOX2DoVOHE57TaLF0mCRHGlncxFMazi
PKg3s5QH1cZFKbMHiI4tPZKvXYS9o0WbmkBzly0SL7eLbF66LNf7D5VLV4J7DPukQSX30ih55Rmk
rHMPNYWLqtw3JTRiezqxhX4aIvJrR7DEM5Vc5pmnLH/xrAzIDya86O648JLdvDqc4YBCRr9OovVm
7lN3Nt5xr5Z7X3WrsOOe2S1+bAmgV2NCfzieteXwscMJTDGLApYHSVkUXlaRFK+yHJEaihMPDliE
V1hYxnFiUk0Td/DpqJNAy6rEY5zUxgNQsozgf/fhm6OMEngLI9xP97gmcWTnpJT65cxGt1QpH9pt
vGcpwXCJt3BNQNsttlBKH9ojTM9WsI70Keo5eljfUUElkXmJ1xT6EipUza84VgPhzSnAFjuhq8y8
hZHdNe0wWlDssBN3jwfiLiN7tLO43WvusLR3CSws7Uhq5WRCf+D0wW9hko880yCsZxAauVvE7QV0
i2q9hXPvUXvUaJH0dQHh8bDF68yLb3P84tX60KZozexveKUM3COGdr+SpU+RxxuoGzhLGUWJsH4E
KZM+hO7lkKQ+zMx3ioUxppzMKiezyqms1qQFfmlSwlh64AxRN6epZIqASsw9uPHTWsJ/txvsIOra
WpboEy4uxBOmliEHbhHazmjRKs08hPJsEGoyLaLyW5NQeImKLDmezY4I/PLV7JWFZaRfnnF6jM3T
UccWHcXW6CC2Rwdx8TuIDdBBOlccdUE9dU3TY0HkAO+q9XQt7JqS7TXEtKBYllQ+dizQQqdcLewu
nfmCdSl9CAvkQ2umxuIkzS33ZjBuN2LNzHUDHx8dnZrVdng415tIZV3QYfov49JQRfqSOB2IpWBG
WpRpV2CCyrcWyyQq7O07kLFkjjv/jkm3BCxx3beDyHlb5rTtDupceHDtJo3rt0XIlTtE5QV5QYtg
xeGl4JfXdesO4hWHgW5X00PcWlrqNaItxi1ji1HTMHSFW5ZhtbPa6iBeSFmwns+PBgTHJ7TgeO7W
aSfQ15tJya/UdQlH7gn8iqgpx9uEXu1sTDP0EzSX3vRHiGZhFk+qjOZK0ArpfUVy7Kc7nkWK5HmV
0wLstTaXtILXr1kyvANpCUSK18qWyHQ2nkTFum2XyPBbSZLXS+aXHyQpGd69SmRJUF+2xeD6REFA
ULstfyshy6c5SkGIKa65Fjj+0kHc+Na12ZBDk+weoqlQD8vUZ3yFWaJTTgjm6Cb+ZR+NPcMCY2GE
xo4e6euk4RIWn6G+zPhQANxg2yDocmHL4swl/Zrd535G20X1/IVebdzrS/BugNQvCaBDl+Up89LD
244t465ZWSiSuY+OCNRapky9PIrEQ/qUqMdKL1Yzi3YDVgm3FwGGrWun4+qg53YGIv/uIG5OHfTc
SUN0CWoLPf0STDH30ZGPjglEuKDmbl2URC2Wochr5ratkowR2KHH8sWaCZfe1ZjoIwuO69XHYSJq
RUIn3zW+WNYir7KICqhN7+4yyaLCY3gOYZh7wdjQmHlXCg03HUrmxmGoFzPR+WxCcwB1CxZMoa0l
3VrgzZ019rgmsb0xptv0NMeHO3qGt+06ijb9OsbJkHiDD4/MML2bLtEcTxN44XaloWtWzVQhZzBu
WOrFMpJLeA/1+Rnpc3jfQWhA+hWmC7uz7CmvmA2P9cubBHXci6KlThTJ3LwNYCcK++IO/AjTeIGB
tJ2+5On2XMoiKf188m7XZjY/9WhSUjSLKaoESSVBF2S8C10HA/njCZUmJ3Oij/wQeONkBZa2ubB/
Znkt0W/cB3Bn7shDdAyGO4dP2vMwkMfQ6cO2gvhn3XZpAXJyW4Bavy3YCHvblCeyNm969kjhpKAo
TnaHN4rCS5LiHG4xmsTtsBRrCqM9SoPXh6H+3FEYfPQLTxl7iArSQ3yuoKcovz3kdq/Yw3p1SkG7
E+spHhZ6qrdZCRo1G4euV1lpGbdeJeC7U/BqfHHU5nY121zZTmoJ8BiKBDSHoZSOCTcLS4AtY/Hc
vqRhCUp0dMQSVHVEa9SntDnqU0ZyGUcLUkCmvJrNsSMBf2nWD/XqpYsBOdswFvdqoeUpd03XcuyT
W4yvxey4pAXwjrPfze63X7zO1gsxInKnFH4AZ3KhV4bTVMQLfE1yh1GpDTb742yRkli4kRg8EElT
2edydhxtQu4wOqezxfgIBixZ9AtPjXqIZkE9xBOejjqzqI5ylx7p14SaafQyj5v5+VSUqTMJsQRo
wgFLdP1yK3aLkXP3NFmuCIg6l57ivfSe4nrsINpL7yGu2g7SebWPJPWsIgvLI0aExTuGPYUOgYB0
DtB4t4V2x9dDGXGKohFkS6ls6TMPNLX6Or0WnuIF8RZhF7awfaV/h5Fv7zA6FwBLvumKJUm00ncO
eL6pxeaUNXEOeysbEmCv7Sn28Y7q/dDhJKjd0p3IY8ez+VBwEFksr82iovscFLgNzRU7niXLuX6F
5qePUTvq4UAU2LlkeagX5OUhRg44mqKtEylq/cKNsodo+mZuYWjfbcgFmxY8Splwjra1IvPuFMoS
4EmHLcEZsgSCLXKp2ECE7eliqyG2d2RIp9voaXfDhi9AIwfMzZV7pqRl5kY5h6HCtggVpkWC/eJe
E9kJ9JUB6QnM9JvSkO4Gxo4PxuTubrSSluLjBmqjYHHafexwk8N/XNgWocK2CO87tczbeG8xvijS
2Efe75aiqDkvpne114AtmTNM6tn6NL7Hy8QeYpc1VEHLLDwm7PPlHcPrAAP1Gz5mtMOJPZrtsL3v
Z1F7GbjDyNwW3pApFg1FcV+y47D8pLCYb0jsGcRgycicKCFJTOfbPsNiUdtdLVyXBE7ojOhFPIEF
HRofLN9ifKqmxXj92jNYL9iNocO+f210DdpzpY5S2Q3rJkYT0A4TFUJ6qIERpuvDaZ1As4+SJSMl
eHfSEhRu+TpeRjXJK7QdbwmUYL5gfeicVbd5mUtS4Blnx/0yaEGhSCztvmfHY31gmRTgm0J2AjxI
WByWWGRM4CBk0gzdZmHxjVo1lADm3xXF8+iYxGhnxeZkuai6B1wNGahO8gFM1ks9GA9d2Bp8jg4v
SCPUjfB9FLgccCC5qdxeohWoQpL1izYjthh34WYYS+p2nGvv4Ud/kyItdveV7u45LdKzPg504+ZZ
8Inpu2f1Qx+kfupDd4YluLz+Ifju8v1ZMDs9/P73jAfKy0UAzbh9xoy+m1WetQ+ggGjvBAeccVFG
ai/hRcESNe+UzoIiDQRTjahYGswCtslVoPf9G7m7+V8/seLv/TMPzl6+ODpDN8H+I7g06c+wxo9R
bp4mo59R01QZTEPlEtL4mcfyAP72RFRBLOgG4H/+M2DJkgc3+qE4QanvZHiihxi4hZi9hELAeNLn
fY6fegSZYmtwxf8Fjz06nT3NY49ezf4HHj/1f/BxZBDsB95UqX6Sj5XUAtpVsJfBGF+cBTc8iKqK
QzODBqGihQySqALT6nvHYxY8Y+z0xemr+OTo5Iixl0cRm81Pj0/iV/GreZq9PDk8TWfp4cmLV88O
9t7xO91YnmuXECy4029NhWM/CxS0lslEfz8wTwVjQncHuiCfmVSBOf8WJmFvojArokUY6lvpvzI4
WOG2fRzT1yjC4Cqir1Z4XFoVD5uqkSzVdwbrbQUmvlH9cfnQq+hEwcwoj/Qzu75B9ZvSh3atuJ5t
f5vyo/KQVebK4CPNQGg/zhLQDWrlR5rC135cLvQ2DSztiuxRSt9W8ixnRWo2inIw5a/QuT9NLI/L
VcqSImofVRdGGTQwcxCB6cHpiaJ5XL70MulxKo/tqWDGpg0JRk0frfi4tDmMKQKGa1Odj1Z8XNrd
7Cnk9eO0HpfqncjVdm/z0Yo47WvOV/0UOAxhrhNeX73+dP7pb2H4gBjiyfQswg0m7+XUdDIHyxHR
mLa+jRnWWKR6LxvShxkxTDrVNK98fVs2ln5D6Pb8Nyq1SvXq2lft+Iie3iKk9Ay39doJp4Q2F/AM
QogG5sranLoHgBnDvxLGmkHShj0Zs/qJyRBM++jCNPpQe+pH0PORKk9jMl2Nh7TaW2E8rQ4PaUWi
jqa6OL6mJRrShqhV4Wt2eEgLPGDAs3aSId2SlbAM9TV7PqRXwxrc12rpsI4gzNLSsXrXFy0iIrWe
jzg/rAhJ5zf8KRrNEzVSvUdG6Rk+rNdexCIUO8G45pDieCcG62S68pFwtD4hIBuOg417kQmyhhlQ
RnQFSPhgDCP6D5cg5wnVVi3RWPr6ybW0cisZ0zWrNlq5E41p/9KwhtHanWh06GV6621g6O1k4/rd
wZqBGHrpaBwwBx7QN5LRIVifnaJHYCMZHfZzPjDua8Fw79w+XVKXS9pj/fMgz/SwSfbbD+sM9uhR
spzqt5Auqysf8/N+aFZJPTxuG+GY3czzi0jDtZIxXVh68EYkA3W2k476y70cbKq97CGfEUO9zVY4
FAOsJSrCbzo8qKU7wTDRjzP3ZlO27AF9VQwKBjXb7nMAD2kleps4XDCl7TEqHJ37kHBIAyLUbaHf
WB0QjWjr66YD2r1oRFsXhmdpdD8mG9E3uy3xfdWUcbt/NyYfiUcysYZgkW93JBzun5gKK9WuVEnB
qGateDUoGNJcmZGGpmP9EYyNXjY1G5xx5rWXimZj4eckHJsHU2xsDjzQrC3R6NyjGyOH+GBPli8i
85D3QcGIJsyzaTqoUxd54ufR0JFZaZHUXnPq8KhNlJDM84yWjqSm+Cr0Wl7PR/X8Su/wkNY6kuZQ
VjYoGBmBiG68pYOr0CRhtToawMNr1+RIH3zm5bBkrBZ2ofQz/cal/2I8uhN/IEe7MGNx2mPmbFQ4
0tOyRT6Ex7QaWqsZ1ermecOSwV5ZSqYaIqdbwWgPqyeGUSx50SgWUoO5H2J0BhlVXBbMb5xbwVA5
GlKtGdUxkzGwzhAfy6kJkxQs8nqEneRh/dLLcc8f1M3SgYEBS0fLbup4WDKWh7rR95L+d3vP2tw4
jtz3+RXMXCVrX0my9bBsabKpkmXZqxpZciR55+a2dnm0TNvMSJSih298dZW6n5H8vfsl6caDBEkA
BKjZ15RdtTs2gG4AjUajAfZDXqqUTb4MhpZqYNbzYBFkhhlVKDli4W0+SQuVEKF8hLxcs/+elpst
VZyyR0SqOvOIiu2ib2mZ1oih931vOHXd7zrf99yr3vS70WR6/nHYue65Y7fudsZXgPPSm2/8L4Tz
5GfA2WQ4p+usKkefAuSl6jfnHZyDZ+5WWZGxjhDrq00VJNZoQes1FSjWaEGbDRUo1ihBN0+g7CmK
lUBBKAEJQs0AQ1TSfBmlWU0uqLxTsVaJAqM1y0u1IDq4FHD68xZh0/5w0B/2cqp137geduFM9nGL
lqtEhute3g670/5oKION61Tw005/8J/u5Wjc63S/01aKGNJTFPfrRa87cLvTgfu+Nx5aNVZTR2hh
PgYEAFkxvLBrTcQVXGgypBJbJI4zM9zjzvBidG3bXk2TZCPzwVAQ9/a2b0YYob16MMlGUk67dCe9
6eWFolgtnUED4QewtEIt7OBfmZSk5Uqw5cODDIoUq/tSdpbT22TS/3PPnSorkC4RN6ZQL2ef5n4o
7ZVXKftdBfcyQFKsBqKGvlJAXqU9tlbbtercIlVK4Ocl3B/+qCpXgqEKKuuQlqtXk35gFl/5tA3y
EAVhk1wXcxtoDhlxX06m49vuFM4U0IUuLsbuhP5bbRYGdLSGHwYo6rXCgMm+U/Tx3AdvEcxfpFwe
V+atQGQrAJQ2amS3EpNR9z2ZFM5ugv8b9HLPPh1s4hCyQ4I4inXPIROd6ymFbo3eowHdWcOCZJ1M
R+POFZRP3MvOdX/wcW8E1gyfQeXuPxo3MZ4cmqN1va8WIbTakRvCcEfSrBUEr9CpEN3rzvsencmg
f951b6bfgUYo1R4UTZU6FT822BtDEPKSjIahbql9XVBBGTcUCUOt06e027YDq9pznLiC5URtK7wK
ks4VR6L3xgHpIkpY/JY2eXtIsfO0vezzrCF+1lpEAF2aDw69X713tlN5V54zwr27n8ek+TNwAzPp
x7x5LHcBTZv4GO6w8G+VzVJCiFqlWgVCxKhuXrZPy7CPWS1WgpfAihTXOYbNLiCxLmNU9UqrUntb
Qt+YYLFbOGv/v3cBZrILNlDJurhCPyKaynntPxID1K2PfiAVYv2P/0W+T+XygTNAbxc0i60hJY7L
d/7Wcw6hirfuPAPfk4HQdnfe7JMfIvf0bkaDwbtJb9DrTt/h72Rrk/1z3h+iKeNFfxwnGZYvxJz1
X6b904yTMaLu7XiMYkhEWAjRZHQ77vYKjCg7FhGVMQqWjF1CGcvpcETZCVlO53p0cTvouZgdvm23
RjP0qjoSCDO6vobrk5hPWvCzwcZx2/FoNE005G1JVkbaulyvVM+Epfs4maJHnPgzIBvvpFI9qdRb
5Wp59eynAVx8bmsnADJNvu+NJ/3RkLbSYwO6d3uTyYiQm2Vcj9u879+44wQpneEorod+zkcToDn8
cdkfkGFddgaTnkBE93LQuZokp8kyWnKfF3S3oh4oZcEDhXlklGNPCF4i+iU8AGy2IbPfT7QkngVl
6lkQNSAG/uWkgb9oZl8mZvZlwcw+NoAXjNK/xa8okaF4mRqKc/vtMn4ypzbVZcEYm4mU2/7gwp1+
vInXFH0oMa26SETgxRsgsLjLBY+vA+j+anhbcmDcMP/jEv7VdaqHMYrOOM2eAgr6jYNxcmdIzgRp
Q+rgyGVolyWmR5pz7UYQ1KQo4W2IroTXXriD1X8pb1b+LAD6w6mCQW0x2Dr19UKlAZnBuXshXoHM
T69NPQN5MltqV96bvCFeeecoR5h91JP37Dt3vo9uosF2C/9ul3bidTLzQuIpSLNY++EsQCdFuJ96
60d/S48MHgVk49KkrIZQhOftQNipzoF+cJzjf/2RThlhuw4NBegQWl8iDY6kI6zcB2uoYRoVVzFn
laXhOGYkVApJM2sFYTNXu8Z0LECQqhlBROIzamDx1nt8BEBCCkBWM0OWXBaCjqZxSlRzpPXCI7wP
N/siedpuV5Y4hMUWpmaJJEMaW/g9+5dQEwQAR9LYhxLULJhhOilIjgSSZkGaJJCc2sxJtTpWSKTD
wRA52xjh2T70KYjLZFytfaiVoPv+mJJDqxqKeN0arLwgQmcoIHXo4Fj358GCYzSUkgZjs5JIctqJ
6Ay3tdksTZHlDKsf8tgV5PIPqsp6ubB6L+DFR3imPLWrZ6Vs2A8N0qyiIzmp2s1m+80+8A7OcxdS
88F//uN/Ja1c6pGHSYj/+Y//U3WXQwNMsvrUbpzV2vVGm8d1aIMiOd/5JIzBbksfECJd8ofyB3bF
II1+BOIBuPN35w+gYjwEoe+c90cYh8olISkO7kqzQ0rUgyDcHmIlpieBcvy1Ox0P8PuY2x3A/ad0
MDssDW8Hg0O2JH/PrEzm56f/Mf/Za0mqDVjUehsp4bfx/cz/vPJC8vQC6tTCm62XuFKJ2cPCvHEQ
kMwkRZhgWXKOD98JU03MZf8dSLLSsu2HByvccT9RRHSX4XPZ2lu/4L8RESJdt+IhnP1ZKkpzU3Cd
tBRnYXieKoRISiLth6zAsNKz9J8xTBfDYXgaZ3EI1LbCYUQjq9NYHJVwJ9oHDQlHSJHUDE/e9KXE
ElxHHGHNa4antnxKNL9PEUyKydnrECLz1exvEakVrtkf74kBmOr9Kt4oCp9YiCKyjiAhDl+WSLIP
CWkMW/0rCbQsLHcyoy4oORJrWFCCYWowfOviaAxlRWIUIiuYwitHULe6MSjW0UZPTesflaPYCh91
yfp+GmqC09tVUPRo3DiuC2a+VYn+e+1atV0TNMM/8NhfbzF+17+LTf/DefIxEDGqixik3J+RKFPQ
rfPXYD537nxn7S+Wz0D1t6hGzlYr1B5BMqP2+GXwxsrUT5EWZbqeGY6KhcM+qykjfxE2SF8JsJLk
5nIpoVyygJqrQA7+ausY1dtopaELihhQpkj/Az7t87/Kwiv/BhcUEBFtNnhwDo6df/mW+dQcLIK7
klMvOf8GR+oPcz/8EX4NSw7q+6gIHyYU4a9nA50et6s1fm2gtILZYEQ2HNQp0gqjz65DYvTL/I/w
ruT80SURaEukAn4HmpWYQZiL2d/gAlaSXZR+suX8rCQTBGq94IsHZuZmGArqSsxBbV8sNJoFQ2L/
3po9LetW751qqQKY7PUWgayGwIphiBOy13wEqn41O/UrOOrstc+08lNQp2QxKuyQqPd6wVGQCCcM
hf1TOd9ar6f962n/ezzt7T/oiPvF/t6U2PMNey07cTI3Cr7PpOSXKRpxGAnR0yj6sBPR8qvh5d/7
efg7k+PAewU/4MU6YVEMwlZ8PU5+Q1vwVzxOGgVvOSlxWuBl9lWSvkrSV434a+H9X1OEFXwhSSq2
9nfqYvCpj7opY8qG/Z1aMFY0ho4nIdwNGvZ3aV8Et79aiMaaJ0Xe77MEPCl4wRAmclL0U20BHAli
xLaWxuBSm9WTIs+fwkoUARfGXjc2QuFmN57Y6zbHmvukYYyf2LNS7A059oR5uRVuXH0tatGYG1ql
THPIuksxVzZLq/Z0JBSoaTp8OnLFN+jITlzVwN6yPf6sbQPFVscGJGKXvDnEK2MoNFNTUHsHAEpD
SSrOTy3RiiITJYKhbJYMSJALxZHE0qFpKOaT65jjLdCsGm+WyO5t82pl+mplmvr5mq1Mm1W5HExL
ZqvdxGcEmymRpNDKOfsAGZCkuTwskhDxtS/o62fNAFnjGSDNpDTI9grJuFg9brZV/FKh+0OROVLs
iWdsrLXPajBkkzEk0jpapaQE7q8Zcz9VL4nm1axp9Uu6taRpKJvHujSU/7VZhuXZbyAJZbV6+mWy
UFZrp69pKH+JNJSUZy7YCxZOk/OPx/SteFHqdeeAON27cIcNZi+HyEBIs9Hgwrnzn7znYElDWtJ6
gL85Pm7U0q+KVNnxQN3AofCgFYALTjXSZeUNQ0xd/Ak2UOMPTg/h1ENPZzwJ514AUnL7BOPcpsZA
FH5MSuk4HBYYxk8/dhJYjw9287TcgYiDYWIQV2APxLgM5y8gAu79NeBiztUzGkKyvPXXC2cWrGe7
BcjBcOYjj91QxtsI6DDmOGbYXJJxDnsfAFVELRwHajprHzoC6m8wrj1Snw+LDqRCPbIzYft/0TxG
xXP9/Ao5dPA7mCyZBClXwTXSWUFYdqCSA2K/5DzMl7KsKGZQ6vi5xTJu7Z/ibd+8H8Wyd6FUl+Xl
4eUqOBK2WDJZXq6EA41KlguHl6vgimbt+sUzVMFazeAipOADVqWD3i/XEfu0IOchVqeDL5pp6LNq
YT8LK6uMleUGm9DLpGmgpVo41Aaz4cNZsQ6yP7zsD/vTj6pydax50BakhWoIydT4zFQR5CVFyjC8
98vVOsxEnmbF2hwSoTxBAy//8pkdnlVdPuf2qYDTQ+2b3+Fuc3+kkgRi3Z79S2FR95eVqdqvfdCx
ljNFsSY2Pd2gygp1tgJfDhlVaPSImbfxJZkD4hoNbKgGDvOh73cyQCjVwJArt6pczetEvVEUa+Lw
yxkmqtBB7jYsIqa0QjPDAvldSPVOAbbTwRVN0GodDV4ZrT4vWP3PH8j9i8SLtgj9nI0MPyG5iz90
xsP+8ModjIZXpu20EWJJAM7OdHTd75LIX9P+cGLaTh8ZlUC4rjoCaKJBEteH9RL0AfljB32voY9g
RzMS8ItypzEQ/uGKkOmRjXu94XTcGU7dD6Pxeyk9Uk30pDiffLw+Hw2AdEp8qSZ6fCyanjvpjvs3
mkHK2qViKJN79nA0hdsXXKYvlp9fHuHMOmDR6NrOxehPH696Q7f3p173dto5H/QOnTc8eBqwK20f
ncglck3/5n45+4a/0pH3C2xwF38Gsloub7XaJJbLJMpbuXgENrHz3E+i7PXQrFk5jpeWaxOYgKBP
ruu194JW2sbRoigOOXCuRY8ATDeMy96ainR/79/tHgt3TVsYR6XKki7Rfe7HXnn3LlxRgMOW5gGM
0ni2y0+Cgb0pvDiPLDUKY0kvZ370pPR0BNfG/IBJ2rlkSGvNIc9wpzOPlSJAz4Pw05O3eTKOQCLA
ksvM3e7BOGqIAMtSw6HZpXFsDwUNk2xVy/36L4yCK8UuDxRqHAYjvQCrZRDGscLy42Bk55JaifxA
GFkUqQXJD2ahoKgYBaGAtMlwZH58iSySLIPkB2TIYlEtcL5Ds2JayXWu533HZmyyifyOdaZTrLEn
+ihvLQ9ajMHtkkdjs6ZwAzVsCcrBxjdreu/7K9BYVi+GY1guALkh7hnQGK/NZq1hsTBdiNphm8Qs
PxLWPSYgWXThT5OwrNh87K/m3szvfQZtA5qq/bzlfRM6x33TP037rl2S7+9bA2M2bF5Vu/rKBxet
bDzAuEjrcivHx1czRheVaL1vFdiAmQVMXqTtKXwSFVgoOwqIWIHWP1GOi/FfjIsXpHBtVYqywg1R
2luK8aJO0+WCh1csjvzP/mxHEwEIMkTpvSMdQMx9Ud810X1H3Vu0q5Vm7tIOq1E/VeMt0lBbsZtM
iuxHoI73uDHfldz0XU0AS5FJTldu0q4hK0p3ZrGubmUh2ZF94Q/DY2C5gz7gCF+zUO5mYGhzJsAw
U3XNJNnxoTQrly5rI2KdBjc+teH0DIOf6Bk8PohSFtSphtnDI2tdnGIYpf2uWiQBlqRIwoKULfBW
fuwqjXTlvVE1MOpL1AoVdrpyPEmmiBGmyqXGuikSV0VjKqNDL83HwuGXqTKVCa6oTkrNu4S9qay2
0PRCfPw20/TYNQK71R4SltqGG32bYIglbBbt5aZ2P9XMRQmx++UIJT1SEamojbdtU7ttG7xFBkV2
QzdtFKTEpSNiO8lVpGkjA/hCCPuIlzBsNns8unbGSmvyInpqs9ORT2NM5K8Ulm1ahT3VHxDZcwhA
bK4DCXK5rvJWedrIPQPw8ISG8pu5WvQRJk5KPVpkLG7Yx0/oW8vI6dPX6BYRiwFAf6pFTxUX8wun
S759mQGkHtPMgIhHKj6S87FnOAz39qnNfmAmJNFqsb8pj5zpNTZB9p5J+b0mEvvM4nZQzSrnVT4m
m9NQWJbULZUVMpwWG6yqV7EBmc0FOlrReHhxEcOn3wOpo/nMRmCnX3SjMcifes+kLIcXhjMbgZ6c
s1JEmXymiVSOM7kmGEuxs5ZeksSn/VlLikommFv6/SGe6C3pBonuRi39rYfoQ6xVFknmEtLSX5dF
YcUaS5S5eHMrWqQ4ryXne/wieJR6qxTejYQ/KZO19HeTtNwEAP3+iM6Slvxuklgk7XmQODpa+iuy
KKlbct4UWE7RIrVO8kacNeS1EnLJG3IyVY+VPC1uONosq+AIJFI0EUkjaSJ08hvw8mg0v5CXR7P+
S3t5JKmX9XE4OXUOFtDae/SJe8PEwzR2ID8IHmrJT5wCiKUzfpN10NL6TRpztC5fZjFSWFpWbjZp
4Nav4Frzcxg8EPMGELLfan5yz0uCyuiTPmlJpPPCC6JvzrlfoWKw2TyIw/TnfyAWAKnliOnX0QTg
dr00j4wfQwZhYPydTSDMxjwgbQxFfzMNHRjDiSYR+eFdYri/BZHHuxUtFwsvvMcdJr4XmkLTlMGm
7u0x4IO32a7uPt0/8FfKpkWveKhs9Dd45VwjswrFTVcKiJItFK9JhnAgVD6/uNsZX5gziz4p7EMU
xqBl26+oYhnCwUgXu88UUKMbUOGScNgl/ntEnIbkpWwbYEOlm/gmct51/vrko3+Yt6ZiGmVxeQ5V
++OPUnNLu6C1Jm7HHB//Cn6QsgA4JF7sUZSBvzArHhDDrtDyG1VkAWbVlkDarterbeKhh5EA0EMZ
HenDmY+n0F9im/dvvog/c8wAggNz/bTepitt5adcrZ605cyVcUzOuAM3Wil34P8HKoLTNNP5AAA=

build Failed

rm -rf CMake* cmake_install.cmake Makefile thirdparty
cmake -DCMAKE_BUILD_TYPE=Debug  ..
echo ============================
make  V=s

build OK

$ ./xfrpc
==74495==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.

$ LD_PRELOAD=/usr/lib/gcc/x86_64-linux-gnu/10/libasan.so ./xfrpc -f -c frpc-test.ini
[6][Sat May  6 21:27:40 2023][74518](control.c:652) connect server [mydomain.xxx:37129]...
=================================================================
==74518==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080000000f4 at pc 0x7f9810a36b11 bp 0x7ffc9bec4b50 sp 0x7ffc9bec4300
READ of size 76 at 0x6080000000f4 thread T0
    #0 0x7f9810a36b10 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:370
    #1 0x7f981067a39a in json_tokener_parse_ex (/lib/x86_64-linux-gnu/libjson-c.so.5+0x839a)
    #2 0x7f981067cb16 in json_tokener_parse_verbose (/lib/x86_64-linux-gnu/libjson-c.so.5+0xab16)
    #3 0x7f981067cb7d in json_tokener_parse (/lib/x86_64-linux-gnu/libjson-c.so.5+0xab7d)
    #4 0x55fbb60ec2ea in login_resp_unmarshal /opt/xfrpc/msg.c:320
    #5 0x55fbb60e7210 in handle_login_response /opt/xfrpc/control.c:428
    #6 0x55fbb60e7610 in handle_frps_msg /opt/xfrpc/control.c:471
    #7 0x55fbb6100045 in process_data /opt/xfrpc/tcpmux.c:356
    #8 0x55fbb6100b13 in handle_tcp_mux_stream /opt/xfrpc/tcpmux.c:494
    #9 0x55fbb60e7af4 in recv_cb /opt/xfrpc/control.c:564
    #10 0x7f98106bb5e3 in bufferevent_run_readcb_ (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x195e3)
    #11 0x7f98106bff3b  (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x1df3b)
    #12 0x7f98106c5b4e  (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x23b4e)
    #13 0x7f98106c628e in event_base_loop (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x2428e)
    #14 0x55fbb60e9579 in close_main_control /opt/xfrpc/control.c:869
    #15 0x55fbb60ecdda in xfrpc_loop /opt/xfrpc/xfrpc.c:54
    #16 0x55fbb60d6b58 in main /opt/xfrpc/main.c:35
    #17 0x7f98104c0d09 in __libc_start_main ../csu/libc-start.c:308
    #18 0x55fbb60d6a69 in _start (/opt/xfrpc/builder/xfrpc+0xea69)

0x6080000000f4 is located 0 bytes to the right of 84-byte region [0x6080000000a0,0x6080000000f4)
allocated by thread T0 here:
    #0 0x7f9810aa4037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x55fbb610000a in process_data /opt/xfrpc/tcpmux.c:354
    #2 0x55fbb6100b13 in handle_tcp_mux_stream /opt/xfrpc/tcpmux.c:494
    #3 0x55fbb60e7af4 in recv_cb /opt/xfrpc/control.c:564
    #4 0x7f98106bb5e3 in bufferevent_run_readcb_ (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x195e3)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:370 in __interceptor_strlen
Shadow bytes around the buggy address:
  0x0c107fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c107fff8010: fa fa fa fa 00 00 00 00 00 00 00 00 00 00[04]fa
  0x0c107fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==74518==ABORTING

rm -rf CMake* cmake_install.cmake Makefile thirdparty
cmake  ..
echo ============================
make  V=s

build OK

$ ./xfrpc -f -c frpc-test.ini

Works fine.

Port forwarding to HTTP proxy or socks5.
Using the correct or incorrect account will not crash.

On Debian x86_64 systems. No bugs were found.

@helintongh
Copy link
Collaborator

system "Debian GNU/Linux 11 (bullseye)" , x86_64

sudo apt-get install libjson-c-dev libevent-dev libssl-dev
git clone https://github.com/liudf0716/xfrpc.git xfrpc
cd xfrp
mkdir builder
cd builder
cmake -D THIRDPARTY_STATIC_BUILD=ON ..   >> log  2>&1
echo ============================   >> log  2>&1
make  V=s   >> log  2>&1
gzip log
base64 log.gz

H4sICNtRVmQAA2xvZwDsnOtz2ziSwD+f/wqWP2xmtiIrkh9xXLdb5TiexLuOk4qTm9vb2WLxAUoc
kQQHAGV5av/4a4CkhAaa9MbxzF3VnRO9fo3Go9F4EuRkEnxesuAiSHhZ5wUTQZ6ySuVZnkQq51WQ
y+DtzZdg9uJgfjDbm0yCN0yxROXVwlY6f30V5FXGHwwQTIKUV0yHu1iyZBVkXAR3XKxw+LNg2kgx
jfNqmiSgI1d5XbN0IPogY5FqBJMPyfvUL95HKxb8GIlKh/suZevvIXeBwde5VPJAbdTZXhCcBwVf
gCmKIC445JbXzKiAYRSYrcghMggWBFNeq+kmE3UydWI5Cb7Ls+91qKTgEvLwFbrzl8F3rEo7/btc
LYMyl5MyUslSZyMSi6aE6pIHe5+XUFN3XYngq7ZrLfjPYIsAyscKyLqQB0HwRbJg8mPFJ0ADxQPZ
1DWYRga5OtjTBvz46cNfLi8+Bx/PP78Lrm7PgrNdBrU8EpC4tjFYFFI6O/two3Fra2McMJKUxZCV
1TIXaR0Jde8W95EGH47w8PRrjD8cz9Hp710PHyBUZLxY3kvFyrNgc3oSnhxN7paRgmjEBIrQbOZ7
F7zK8kUjdFBQqm5vrwMQS912Zwfwrwy+e7GZvdD/0uz6e5MhoztpY9z7Io2B5UTWLNENP5CMpVCf
bcSmG9i7EKzNTovTSEUHdbnD2l4ZNLW9vT8+yZ+OJvjGv100vWGWkQxixiowdpKArbOmKO63JYVC
j0fzRLm5yoJ73gSsSnhTKegcI+0hccHK4G6pu6u4yYsUrPo8qAsWgZ/oVhBEFY4ml7Jh2qHf5upd
Ewf/vlSqlmfT6QL8s4kPoEFOu6a4/TQ68s92NFGVQqtMiiZlpmnwRtWNCjLBS/M740XB79qqL0sI
ffZb2kb/gesX2M+CySRtyvrronmC3HzXVVUEPV3F7nQz7VzpueFlvlgqaO2V0iLIsmwKZayGonn2
WfAG6lcuOdet5Rm0sKQdXdvu6Orm9vP59XWQmcEqF1J9/xsV6ima5nZoNhW1P7k62A8m73cVFuw3
Ki+mKdfFOaiL/eAn09XuT3jfTez3LjdNxH2t+DSuQh3BwfIATPLnQelvknYq+VjiO/HTpu60TSoH
ZJC9Ug+rKQOWBn/4Q2B+hlFRGMHfZ/84Cy51t6KbbJoL8DQu7oNn9EDXxTxph4pnuyiuWbT+thge
nwlsZmPSctV1ihmYNdhHs8Ps49VFMKnVEgajNJiUJ0cwsEbPJ5OKsw1LpIpgIgGkKILJh0PoS4Ao
GOYmbz58vLyBxhx+ub0Mbz68uby+/HwJ+Dq8vHlzdX5jhTBJbH9dfPxy9Sb88PovFrs6P5yHt7eX
c4u9vgnPb9+H7z/cfKbpsY/f/jCH/u7N7bvzmf7dfp0fn+x+HM/m3Y+/Xl5cnP91dvLiRQc+XRx1
396/Oe6+nV/e3lx13//jI/zqvr99d377rvt+efExvLm6/fxfu4T+c358PHvV/fj44fpvs8MXfZQ3
by5ff3m7H+zbE4l9cNy+vfZ1ZTUZqKkAGgy8+tFmctUG//8a/P1rsMvym6tPf9r/qW1OMN+Oiim0
w5/293WEN2+vbi5v/RBFHk9ZtYAZtNQttg3degTU8Pv3b+Dth94Tkm4uepAeKBjAJ+8/exKof6hJ
TnCXJHuRCPTsNW4lB5GvtPc0XcM1OOqPxfPJrxVPWQFLymAil5GeIhr8Wt6XMS8gZNACyauoZH/a
ZU1y3ZlB//9vUDQPG51Jl+mJTEReK0u5jOq+ZBGT+hUmcbKzyBZmMQG5YD5lCRE0XxAhYWVDJMWp
pO5EVHu0yidl3PUJlBDsOBsXgwuPBKAk6xrefYnII/NmIVnNplEY50oq4eF0nodZ7WOwk1Q+bvyg
C1gFlh7N5ykVb175kZYxlTEe6wWkjxPFfFoLKmKZLyofKsE2FK3y1MMqL5kP72sfNiohrNCo7NSD
0Aby7N7FJVPLENqDy+EtZMKzj8ZgeQrnsHiGmPzq08KBFGBW4mNoF37xNea+qTSWKi4IXkOP4+A4
56H+QuAqZZmDtY/Wbv4MbBzI1jUVb0b4XabrHOZqDtZ+66VloJsWFGzF3GqESR37xWH1cVjHrh1b
uJ77WJrfLj+lUlNtq/YoGVTWq9yFunpSllAY1uoUzoRbEoNhqUjhWrgearBMSAwNi8KNcr1qA3P/
BXdraQPWWFSN2wo3od6FJaBCHWdLC+55xIYy50Z3Lj7zTbwJ1xHK/n2VTPV+Yvs1rJpiTFxzmW9G
5Hd55Un1OwndfmQnuItyy4viDP7rkdY2UAvRmNohO7UWcUpVIitCU5/GYZSmwmV628NlTv/eQsnt
fmXH5g7MwrjJMg8WQD1YwacPUR0ZCB0VskTHkIF7iLrcHuru3qFShlFSu8UE6udJ6jlPVfk0XYio
9HGWEkwv2D1a8IUPS0bESVgFqFMpBSyN591HPMClx8twSKOX2DoVOHE57TaLF0mCRHGlncxFMazi
PKg3s5QH1cZFKbMHiI4tPZKvXYS9o0WbmkBzly0SL7eLbF66LNf7D5VLV4J7DPukQSX30ih55Rmk
rHMPNYWLqtw3JTRiezqxhX4aIvJrR7DEM5Vc5pmnLH/xrAzIDya86O648JLdvDqc4YBCRr9OovVm
7lN3Nt5xr5Z7X3WrsOOe2S1+bAmgV2NCfzieteXwscMJTDGLApYHSVkUXlaRFK+yHJEaihMPDliE
V1hYxnFiUk0Td/DpqJNAy6rEY5zUxgNQsozgf/fhm6OMEngLI9xP97gmcWTnpJT65cxGt1QpH9pt
vGcpwXCJt3BNQNsttlBKH9ojTM9WsI70Keo5eljfUUElkXmJ1xT6EipUza84VgPhzSnAFjuhq8y8
hZHdNe0wWlDssBN3jwfiLiN7tLO43WvusLR3CSws7Uhq5WRCf+D0wW9hko880yCsZxAauVvE7QV0
i2q9hXPvUXvUaJH0dQHh8bDF68yLb3P84tX60KZozexveKUM3COGdr+SpU+RxxuoGzhLGUWJsH4E
KZM+hO7lkKQ+zMx3ioUxppzMKiezyqms1qQFfmlSwlh64AxRN6epZIqASsw9uPHTWsJ/txvsIOra
WpboEy4uxBOmliEHbhHazmjRKs08hPJsEGoyLaLyW5NQeImKLDmezY4I/PLV7JWFZaRfnnF6jM3T
UccWHcXW6CC2Rwdx8TuIDdBBOlccdUE9dU3TY0HkAO+q9XQt7JqS7TXEtKBYllQ+dizQQqdcLewu
nfmCdSl9CAvkQ2umxuIkzS33ZjBuN2LNzHUDHx8dnZrVdng415tIZV3QYfov49JQRfqSOB2IpWBG
WpRpV2CCyrcWyyQq7O07kLFkjjv/jkm3BCxx3beDyHlb5rTtDupceHDtJo3rt0XIlTtE5QV5QYtg
xeGl4JfXdesO4hWHgW5X00PcWlrqNaItxi1ji1HTMHSFW5ZhtbPa6iBeSFmwns+PBgTHJ7TgeO7W
aSfQ15tJya/UdQlH7gn8iqgpx9uEXu1sTDP0EzSX3vRHiGZhFk+qjOZK0ArpfUVy7Kc7nkWK5HmV
0wLstTaXtILXr1kyvANpCUSK18qWyHQ2nkTFum2XyPBbSZLXS+aXHyQpGd69SmRJUF+2xeD6REFA
ULstfyshy6c5SkGIKa65Fjj+0kHc+Na12ZBDk+weoqlQD8vUZ3yFWaJTTgjm6Cb+ZR+NPcMCY2GE
xo4e6euk4RIWn6G+zPhQANxg2yDocmHL4swl/Zrd535G20X1/IVebdzrS/BugNQvCaBDl+Up89LD
244t465ZWSiSuY+OCNRapky9PIrEQ/qUqMdKL1Yzi3YDVgm3FwGGrWun4+qg53YGIv/uIG5OHfTc
SUN0CWoLPf0STDH30ZGPjglEuKDmbl2URC2Wochr5ratkowR2KHH8sWaCZfe1ZjoIwuO69XHYSJq
RUIn3zW+WNYir7KICqhN7+4yyaLCY3gOYZh7wdjQmHlXCg03HUrmxmGoFzPR+WxCcwB1CxZMoa0l
3VrgzZ019rgmsb0xptv0NMeHO3qGt+06ijb9OsbJkHiDD4/MML2bLtEcTxN44XaloWtWzVQhZzBu
WOrFMpJLeA/1+Rnpc3jfQWhA+hWmC7uz7CmvmA2P9cubBHXci6KlThTJ3LwNYCcK++IO/AjTeIGB
tJ2+5On2XMoiKf188m7XZjY/9WhSUjSLKaoESSVBF2S8C10HA/njCZUmJ3Oij/wQeONkBZa2ubB/
Znkt0W/cB3Bn7shDdAyGO4dP2vMwkMfQ6cO2gvhn3XZpAXJyW4Bavy3YCHvblCeyNm969kjhpKAo
TnaHN4rCS5LiHG4xmsTtsBRrCqM9SoPXh6H+3FEYfPQLTxl7iArSQ3yuoKcovz3kdq/Yw3p1SkG7
E+spHhZ6qrdZCRo1G4euV1lpGbdeJeC7U/BqfHHU5nY121zZTmoJ8BiKBDSHoZSOCTcLS4AtY/Hc
vqRhCUp0dMQSVHVEa9SntDnqU0ZyGUcLUkCmvJrNsSMBf2nWD/XqpYsBOdswFvdqoeUpd03XcuyT
W4yvxey4pAXwjrPfze63X7zO1gsxInKnFH4AZ3KhV4bTVMQLfE1yh1GpDTb742yRkli4kRg8EElT
2edydhxtQu4wOqezxfgIBixZ9AtPjXqIZkE9xBOejjqzqI5ylx7p14SaafQyj5v5+VSUqTMJsQRo
wgFLdP1yK3aLkXP3NFmuCIg6l57ivfSe4nrsINpL7yGu2g7SebWPJPWsIgvLI0aExTuGPYUOgYB0
DtB4t4V2x9dDGXGKohFkS6ls6TMPNLX6Or0WnuIF8RZhF7awfaV/h5Fv7zA6FwBLvumKJUm00ncO
eL6pxeaUNXEOeysbEmCv7Sn28Y7q/dDhJKjd0p3IY8ez+VBwEFksr82iovscFLgNzRU7niXLuX6F
5qePUTvq4UAU2LlkeagX5OUhRg44mqKtEylq/cKNsodo+mZuYWjfbcgFmxY8Splwjra1IvPuFMoS
4EmHLcEZsgSCLXKp2ECE7eliqyG2d2RIp9voaXfDhi9AIwfMzZV7pqRl5kY5h6HCtggVpkWC/eJe
E9kJ9JUB6QnM9JvSkO4Gxo4PxuTubrSSluLjBmqjYHHafexwk8N/XNgWocK2CO87tczbeG8xvijS
2Efe75aiqDkvpne114AtmTNM6tn6NL7Hy8QeYpc1VEHLLDwm7PPlHcPrAAP1Gz5mtMOJPZrtsL3v
Z1F7GbjDyNwW3pApFg1FcV+y47D8pLCYb0jsGcRgycicKCFJTOfbPsNiUdtdLVyXBE7ojOhFPIEF
HRofLN9ifKqmxXj92jNYL9iNocO+f210DdpzpY5S2Q3rJkYT0A4TFUJ6qIERpuvDaZ1As4+SJSMl
eHfSEhRu+TpeRjXJK7QdbwmUYL5gfeicVbd5mUtS4Blnx/0yaEGhSCztvmfHY31gmRTgm0J2AjxI
WByWWGRM4CBk0gzdZmHxjVo1lADm3xXF8+iYxGhnxeZkuai6B1wNGahO8gFM1ks9GA9d2Bp8jg4v
SCPUjfB9FLgccCC5qdxeohWoQpL1izYjthh34WYYS+p2nGvv4Ud/kyItdveV7u45LdKzPg504+ZZ
8Inpu2f1Qx+kfupDd4YluLz+Ifju8v1ZMDs9/P73jAfKy0UAzbh9xoy+m1WetQ+ggGjvBAeccVFG
ai/hRcESNe+UzoIiDQRTjahYGswCtslVoPf9G7m7+V8/seLv/TMPzl6+ODpDN8H+I7g06c+wxo9R
bp4mo59R01QZTEPlEtL4mcfyAP72RFRBLOgG4H/+M2DJkgc3+qE4QanvZHiihxi4hZi9hELAeNLn
fY6fegSZYmtwxf8Fjz06nT3NY49ezf4HHj/1f/BxZBDsB95UqX6Sj5XUAtpVsJfBGF+cBTc8iKqK
QzODBqGihQySqALT6nvHYxY8Y+z0xemr+OTo5Iixl0cRm81Pj0/iV/GreZq9PDk8TWfp4cmLV88O
9t7xO91YnmuXECy4029NhWM/CxS0lslEfz8wTwVjQncHuiCfmVSBOf8WJmFvojArokUY6lvpvzI4
WOG2fRzT1yjC4Cqir1Z4XFoVD5uqkSzVdwbrbQUmvlH9cfnQq+hEwcwoj/Qzu75B9ZvSh3atuJ5t
f5vyo/KQVebK4CPNQGg/zhLQDWrlR5rC135cLvQ2DSztiuxRSt9W8ixnRWo2inIw5a/QuT9NLI/L
VcqSImofVRdGGTQwcxCB6cHpiaJ5XL70MulxKo/tqWDGpg0JRk0frfi4tDmMKQKGa1Odj1Z8XNrd
7Cnk9eO0HpfqncjVdm/z0Yo47WvOV/0UOAxhrhNeX73+dP7pb2H4gBjiyfQswg0m7+XUdDIHyxHR
mLa+jRnWWKR6LxvShxkxTDrVNK98fVs2ln5D6Pb8Nyq1SvXq2lft+Iie3iKk9Ay39doJp4Q2F/AM
QogG5sranLoHgBnDvxLGmkHShj0Zs/qJyRBM++jCNPpQe+pH0PORKk9jMl2Nh7TaW2E8rQ4PaUWi
jqa6OL6mJRrShqhV4Wt2eEgLPGDAs3aSId2SlbAM9TV7PqRXwxrc12rpsI4gzNLSsXrXFy0iIrWe
jzg/rAhJ5zf8KRrNEzVSvUdG6Rk+rNdexCIUO8G45pDieCcG62S68pFwtD4hIBuOg417kQmyhhlQ
RnQFSPhgDCP6D5cg5wnVVi3RWPr6ybW0cisZ0zWrNlq5E41p/9KwhtHanWh06GV6621g6O1k4/rd
wZqBGHrpaBwwBx7QN5LRIVifnaJHYCMZHfZzPjDua8Fw79w+XVKXS9pj/fMgz/SwSfbbD+sM9uhR
spzqt5Auqysf8/N+aFZJPTxuG+GY3czzi0jDtZIxXVh68EYkA3W2k476y70cbKq97CGfEUO9zVY4
FAOsJSrCbzo8qKU7wTDRjzP3ZlO27AF9VQwKBjXb7nMAD2kleps4XDCl7TEqHJ37kHBIAyLUbaHf
WB0QjWjr66YD2r1oRFsXhmdpdD8mG9E3uy3xfdWUcbt/NyYfiUcysYZgkW93JBzun5gKK9WuVEnB
qGateDUoGNJcmZGGpmP9EYyNXjY1G5xx5rWXimZj4eckHJsHU2xsDjzQrC3R6NyjGyOH+GBPli8i
85D3QcGIJsyzaTqoUxd54ufR0JFZaZHUXnPq8KhNlJDM84yWjqSm+Cr0Wl7PR/X8Su/wkNY6kuZQ
VjYoGBmBiG68pYOr0CRhtToawMNr1+RIH3zm5bBkrBZ2ofQz/cal/2I8uhN/IEe7MGNx2mPmbFQ4
0tOyRT6Ex7QaWqsZ1ermecOSwV5ZSqYaIqdbwWgPqyeGUSx50SgWUoO5H2J0BhlVXBbMb5xbwVA5
GlKtGdUxkzGwzhAfy6kJkxQs8nqEneRh/dLLcc8f1M3SgYEBS0fLbup4WDKWh7rR95L+d3vP2tw4
jtz3+RXMXCVrX0my9bBsabKpkmXZqxpZciR55+a2dnm0TNvMSJSih298dZW6n5H8vfsl6caDBEkA
BKjZ15RdtTs2gG4AjUajAfZDXqqUTb4MhpZqYNbzYBFkhhlVKDli4W0+SQuVEKF8hLxcs/+elpst
VZyyR0SqOvOIiu2ib2mZ1oih931vOHXd7zrf99yr3vS70WR6/nHYue65Y7fudsZXgPPSm2/8L4Tz
5GfA2WQ4p+usKkefAuSl6jfnHZyDZ+5WWZGxjhDrq00VJNZoQes1FSjWaEGbDRUo1ihBN0+g7CmK
lUBBKAEJQs0AQ1TSfBmlWU0uqLxTsVaJAqM1y0u1IDq4FHD68xZh0/5w0B/2cqp137geduFM9nGL
lqtEhute3g670/5oKION61Tw005/8J/u5Wjc63S/01aKGNJTFPfrRa87cLvTgfu+Nx5aNVZTR2hh
PgYEAFkxvLBrTcQVXGgypBJbJI4zM9zjzvBidG3bXk2TZCPzwVAQ9/a2b0YYob16MMlGUk67dCe9
6eWFolgtnUED4QewtEIt7OBfmZSk5Uqw5cODDIoUq/tSdpbT22TS/3PPnSorkC4RN6ZQL2ef5n4o
7ZVXKftdBfcyQFKsBqKGvlJAXqU9tlbbtercIlVK4Ocl3B/+qCpXgqEKKuuQlqtXk35gFl/5tA3y
EAVhk1wXcxtoDhlxX06m49vuFM4U0IUuLsbuhP5bbRYGdLSGHwYo6rXCgMm+U/Tx3AdvEcxfpFwe
V+atQGQrAJQ2amS3EpNR9z2ZFM5ugv8b9HLPPh1s4hCyQ4I4inXPIROd6ymFbo3eowHdWcOCZJ1M
R+POFZRP3MvOdX/wcW8E1gyfQeXuPxo3MZ4cmqN1va8WIbTakRvCcEfSrBUEr9CpEN3rzvsencmg
f951b6bfgUYo1R4UTZU6FT822BtDEPKSjIahbql9XVBBGTcUCUOt06e027YDq9pznLiC5URtK7wK
ks4VR6L3xgHpIkpY/JY2eXtIsfO0vezzrCF+1lpEAF2aDw69X713tlN5V54zwr27n8ek+TNwAzPp
x7x5LHcBTZv4GO6w8G+VzVJCiFqlWgVCxKhuXrZPy7CPWS1WgpfAihTXOYbNLiCxLmNU9UqrUntb
Qt+YYLFbOGv/v3cBZrILNlDJurhCPyKaynntPxID1K2PfiAVYv2P/0W+T+XygTNAbxc0i60hJY7L
d/7Wcw6hirfuPAPfk4HQdnfe7JMfIvf0bkaDwbtJb9DrTt/h72Rrk/1z3h+iKeNFfxwnGZYvxJz1
X6b904yTMaLu7XiMYkhEWAjRZHQ77vYKjCg7FhGVMQqWjF1CGcvpcETZCVlO53p0cTvouZgdvm23
RjP0qjoSCDO6vobrk5hPWvCzwcZx2/FoNE005G1JVkbaulyvVM+Epfs4maJHnPgzIBvvpFI9qdRb
5Wp59eynAVx8bmsnADJNvu+NJ/3RkLbSYwO6d3uTyYiQm2Vcj9u879+44wQpneEorod+zkcToDn8
cdkfkGFddgaTnkBE93LQuZokp8kyWnKfF3S3oh4oZcEDhXlklGNPCF4i+iU8AGy2IbPfT7QkngVl
6lkQNSAG/uWkgb9oZl8mZvZlwcw+NoAXjNK/xa8okaF4mRqKc/vtMn4ypzbVZcEYm4mU2/7gwp1+
vInXFH0oMa26SETgxRsgsLjLBY+vA+j+anhbcmDcMP/jEv7VdaqHMYrOOM2eAgr6jYNxcmdIzgRp
Q+rgyGVolyWmR5pz7UYQ1KQo4W2IroTXXriD1X8pb1b+LAD6w6mCQW0x2Dr19UKlAZnBuXshXoHM
T69NPQN5MltqV96bvCFeeecoR5h91JP37Dt3vo9uosF2C/9ul3bidTLzQuIpSLNY++EsQCdFuJ96
60d/S48MHgVk49KkrIZQhOftQNipzoF+cJzjf/2RThlhuw4NBegQWl8iDY6kI6zcB2uoYRoVVzFn
laXhOGYkVApJM2sFYTNXu8Z0LECQqhlBROIzamDx1nt8BEBCCkBWM0OWXBaCjqZxSlRzpPXCI7wP
N/siedpuV5Y4hMUWpmaJJEMaW/g9+5dQEwQAR9LYhxLULJhhOilIjgSSZkGaJJCc2sxJtTpWSKTD
wRA52xjh2T70KYjLZFytfaiVoPv+mJJDqxqKeN0arLwgQmcoIHXo4Fj358GCYzSUkgZjs5JIctqJ
6Ay3tdksTZHlDKsf8tgV5PIPqsp6ubB6L+DFR3imPLWrZ6Vs2A8N0qyiIzmp2s1m+80+8A7OcxdS
88F//uN/Ja1c6pGHSYj/+Y//U3WXQwNMsvrUbpzV2vVGm8d1aIMiOd/5JIzBbksfECJd8ofyB3bF
II1+BOIBuPN35w+gYjwEoe+c90cYh8olISkO7kqzQ0rUgyDcHmIlpieBcvy1Ox0P8PuY2x3A/ad0
MDssDW8Hg0O2JH/PrEzm56f/Mf/Za0mqDVjUehsp4bfx/cz/vPJC8vQC6tTCm62XuFKJ2cPCvHEQ
kMwkRZhgWXKOD98JU03MZf8dSLLSsu2HByvccT9RRHSX4XPZ2lu/4L8RESJdt+IhnP1ZKkpzU3Cd
tBRnYXieKoRISiLth6zAsNKz9J8xTBfDYXgaZ3EI1LbCYUQjq9NYHJVwJ9oHDQlHSJHUDE/e9KXE
ElxHHGHNa4antnxKNL9PEUyKydnrECLz1exvEakVrtkf74kBmOr9Kt4oCp9YiCKyjiAhDl+WSLIP
CWkMW/0rCbQsLHcyoy4oORJrWFCCYWowfOviaAxlRWIUIiuYwitHULe6MSjW0UZPTesflaPYCh91
yfp+GmqC09tVUPRo3DiuC2a+VYn+e+1atV0TNMM/8NhfbzF+17+LTf/DefIxEDGqixik3J+RKFPQ
rfPXYD537nxn7S+Wz0D1t6hGzlYr1B5BMqP2+GXwxsrUT5EWZbqeGY6KhcM+qykjfxE2SF8JsJLk
5nIpoVyygJqrQA7+ausY1dtopaELihhQpkj/Az7t87/Kwiv/BhcUEBFtNnhwDo6df/mW+dQcLIK7
klMvOf8GR+oPcz/8EX4NSw7q+6gIHyYU4a9nA50et6s1fm2gtILZYEQ2HNQp0gqjz65DYvTL/I/w
ruT80SURaEukAn4HmpWYQZiL2d/gAlaSXZR+suX8rCQTBGq94IsHZuZmGArqSsxBbV8sNJoFQ2L/
3po9LetW751qqQKY7PUWgayGwIphiBOy13wEqn41O/UrOOrstc+08lNQp2QxKuyQqPd6wVGQCCcM
hf1TOd9ar6f962n/ezzt7T/oiPvF/t6U2PMNey07cTI3Cr7PpOSXKRpxGAnR0yj6sBPR8qvh5d/7
efg7k+PAewU/4MU6YVEMwlZ8PU5+Q1vwVzxOGgVvOSlxWuBl9lWSvkrSV434a+H9X1OEFXwhSSq2
9nfqYvCpj7opY8qG/Z1aMFY0ho4nIdwNGvZ3aV8Et79aiMaaJ0Xe77MEPCl4wRAmclL0U20BHAli
xLaWxuBSm9WTIs+fwkoUARfGXjc2QuFmN57Y6zbHmvukYYyf2LNS7A059oR5uRVuXH0tatGYG1ql
THPIuksxVzZLq/Z0JBSoaTp8OnLFN+jITlzVwN6yPf6sbQPFVscGJGKXvDnEK2MoNFNTUHsHAEpD
SSrOTy3RiiITJYKhbJYMSJALxZHE0qFpKOaT65jjLdCsGm+WyO5t82pl+mplmvr5mq1Mm1W5HExL
ZqvdxGcEmymRpNDKOfsAGZCkuTwskhDxtS/o62fNAFnjGSDNpDTI9grJuFg9brZV/FKh+0OROVLs
iWdsrLXPajBkkzEk0jpapaQE7q8Zcz9VL4nm1axp9Uu6taRpKJvHujSU/7VZhuXZbyAJZbV6+mWy
UFZrp69pKH+JNJSUZy7YCxZOk/OPx/SteFHqdeeAON27cIcNZi+HyEBIs9Hgwrnzn7znYElDWtJ6
gL85Pm7U0q+KVNnxQN3AofCgFYALTjXSZeUNQ0xd/Ak2UOMPTg/h1ENPZzwJ514AUnL7BOPcpsZA
FH5MSuk4HBYYxk8/dhJYjw9287TcgYiDYWIQV2APxLgM5y8gAu79NeBiztUzGkKyvPXXC2cWrGe7
BcjBcOYjj91QxtsI6DDmOGbYXJJxDnsfAFVELRwHajprHzoC6m8wrj1Snw+LDqRCPbIzYft/0TxG
xXP9/Ao5dPA7mCyZBClXwTXSWUFYdqCSA2K/5DzMl7KsKGZQ6vi5xTJu7Z/ibd+8H8Wyd6FUl+Xl
4eUqOBK2WDJZXq6EA41KlguHl6vgimbt+sUzVMFazeAipOADVqWD3i/XEfu0IOchVqeDL5pp6LNq
YT8LK6uMleUGm9DLpGmgpVo41Aaz4cNZsQ6yP7zsD/vTj6pydax50BakhWoIydT4zFQR5CVFyjC8
98vVOsxEnmbF2hwSoTxBAy//8pkdnlVdPuf2qYDTQ+2b3+Fuc3+kkgRi3Z79S2FR95eVqdqvfdCx
ljNFsSY2Pd2gygp1tgJfDhlVaPSImbfxJZkD4hoNbKgGDvOh73cyQCjVwJArt6pczetEvVEUa+Lw
yxkmqtBB7jYsIqa0QjPDAvldSPVOAbbTwRVN0GodDV4ZrT4vWP3PH8j9i8SLtgj9nI0MPyG5iz90
xsP+8ModjIZXpu20EWJJAM7OdHTd75LIX9P+cGLaTh8ZlUC4rjoCaKJBEteH9RL0AfljB32voY9g
RzMS8ItypzEQ/uGKkOmRjXu94XTcGU7dD6Pxeyk9Uk30pDiffLw+Hw2AdEp8qSZ6fCyanjvpjvs3
mkHK2qViKJN79nA0hdsXXKYvlp9fHuHMOmDR6NrOxehPH696Q7f3p173dto5H/QOnTc8eBqwK20f
ncglck3/5n45+4a/0pH3C2xwF38Gsloub7XaJJbLJMpbuXgENrHz3E+i7PXQrFk5jpeWaxOYgKBP
ruu194JW2sbRoigOOXCuRY8ATDeMy96ainR/79/tHgt3TVsYR6XKki7Rfe7HXnn3LlxRgMOW5gGM
0ni2y0+Cgb0pvDiPLDUKY0kvZ370pPR0BNfG/IBJ2rlkSGvNIc9wpzOPlSJAz4Pw05O3eTKOQCLA
ksvM3e7BOGqIAMtSw6HZpXFsDwUNk2xVy/36L4yCK8UuDxRqHAYjvQCrZRDGscLy42Bk55JaifxA
GFkUqQXJD2ahoKgYBaGAtMlwZH58iSySLIPkB2TIYlEtcL5Ds2JayXWu533HZmyyifyOdaZTrLEn
+ihvLQ9ajMHtkkdjs6ZwAzVsCcrBxjdreu/7K9BYVi+GY1guALkh7hnQGK/NZq1hsTBdiNphm8Qs
PxLWPSYgWXThT5OwrNh87K/m3szvfQZtA5qq/bzlfRM6x33TP037rl2S7+9bA2M2bF5Vu/rKBxet
bDzAuEjrcivHx1czRheVaL1vFdiAmQVMXqTtKXwSFVgoOwqIWIHWP1GOi/FfjIsXpHBtVYqywg1R
2luK8aJO0+WCh1csjvzP/mxHEwEIMkTpvSMdQMx9Ud810X1H3Vu0q5Vm7tIOq1E/VeMt0lBbsZtM
iuxHoI73uDHfldz0XU0AS5FJTldu0q4hK0p3ZrGubmUh2ZF94Q/DY2C5gz7gCF+zUO5mYGhzJsAw
U3XNJNnxoTQrly5rI2KdBjc+teH0DIOf6Bk8PohSFtSphtnDI2tdnGIYpf2uWiQBlqRIwoKULfBW
fuwqjXTlvVE1MOpL1AoVdrpyPEmmiBGmyqXGuikSV0VjKqNDL83HwuGXqTKVCa6oTkrNu4S9qay2
0PRCfPw20/TYNQK71R4SltqGG32bYIglbBbt5aZ2P9XMRQmx++UIJT1SEamojbdtU7ttG7xFBkV2
QzdtFKTEpSNiO8lVpGkjA/hCCPuIlzBsNns8unbGSmvyInpqs9ORT2NM5K8Ulm1ahT3VHxDZcwhA
bK4DCXK5rvJWedrIPQPw8ISG8pu5WvQRJk5KPVpkLG7Yx0/oW8vI6dPX6BYRiwFAf6pFTxUX8wun
S759mQGkHtPMgIhHKj6S87FnOAz39qnNfmAmJNFqsb8pj5zpNTZB9p5J+b0mEvvM4nZQzSrnVT4m
m9NQWJbULZUVMpwWG6yqV7EBmc0FOlrReHhxEcOn3wOpo/nMRmCnX3SjMcifes+kLIcXhjMbgZ6c
s1JEmXymiVSOM7kmGEuxs5ZeksSn/VlLikommFv6/SGe6C3pBonuRi39rYfoQ6xVFknmEtLSX5dF
YcUaS5S5eHMrWqQ4ryXne/wieJR6qxTejYQ/KZO19HeTtNwEAP3+iM6Slvxuklgk7XmQODpa+iuy
KKlbct4UWE7RIrVO8kacNeS1EnLJG3IyVY+VPC1uONosq+AIJFI0EUkjaSJ08hvw8mg0v5CXR7P+
S3t5JKmX9XE4OXUOFtDae/SJe8PEwzR2ID8IHmrJT5wCiKUzfpN10NL6TRpztC5fZjFSWFpWbjZp
4Nav4Frzcxg8EPMGELLfan5yz0uCyuiTPmlJpPPCC6JvzrlfoWKw2TyIw/TnfyAWAKnliOnX0QTg
dr00j4wfQwZhYPydTSDMxjwgbQxFfzMNHRjDiSYR+eFdYri/BZHHuxUtFwsvvMcdJr4XmkLTlMGm
7u0x4IO32a7uPt0/8FfKpkWveKhs9Dd45VwjswrFTVcKiJItFK9JhnAgVD6/uNsZX5gziz4p7EMU
xqBl26+oYhnCwUgXu88UUKMbUOGScNgl/ntEnIbkpWwbYEOlm/gmct51/vrko3+Yt6ZiGmVxeQ5V
++OPUnNLu6C1Jm7HHB//Cn6QsgA4JF7sUZSBvzArHhDDrtDyG1VkAWbVlkDarterbeKhh5EA0EMZ
HenDmY+n0F9im/dvvog/c8wAggNz/bTepitt5adcrZ605cyVcUzOuAM3Wil34P8HKoLTNNP5AAA=

build Failed

rm -rf CMake* cmake_install.cmake Makefile thirdparty
cmake -DCMAKE_BUILD_TYPE=Debug  ..
echo ============================
make  V=s

build OK

$ ./xfrpc
==74495==ASan runtime does not come first in initial library list; you should either link runtime to your application or manually preload it with LD_PRELOAD.

$ LD_PRELOAD=/usr/lib/gcc/x86_64-linux-gnu/10/libasan.so ./xfrpc -f -c frpc-test.ini
[6][Sat May  6 21:27:40 2023][74518](control.c:652) connect server [mydomain.xxx:37129]...
=================================================================
==74518==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6080000000f4 at pc 0x7f9810a36b11 bp 0x7ffc9bec4b50 sp 0x7ffc9bec4300
READ of size 76 at 0x6080000000f4 thread T0
    #0 0x7f9810a36b10 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:370
    #1 0x7f981067a39a in json_tokener_parse_ex (/lib/x86_64-linux-gnu/libjson-c.so.5+0x839a)
    #2 0x7f981067cb16 in json_tokener_parse_verbose (/lib/x86_64-linux-gnu/libjson-c.so.5+0xab16)
    #3 0x7f981067cb7d in json_tokener_parse (/lib/x86_64-linux-gnu/libjson-c.so.5+0xab7d)
    #4 0x55fbb60ec2ea in login_resp_unmarshal /opt/xfrpc/msg.c:320
    #5 0x55fbb60e7210 in handle_login_response /opt/xfrpc/control.c:428
    #6 0x55fbb60e7610 in handle_frps_msg /opt/xfrpc/control.c:471
    #7 0x55fbb6100045 in process_data /opt/xfrpc/tcpmux.c:356
    #8 0x55fbb6100b13 in handle_tcp_mux_stream /opt/xfrpc/tcpmux.c:494
    #9 0x55fbb60e7af4 in recv_cb /opt/xfrpc/control.c:564
    #10 0x7f98106bb5e3 in bufferevent_run_readcb_ (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x195e3)
    #11 0x7f98106bff3b  (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x1df3b)
    #12 0x7f98106c5b4e  (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x23b4e)
    #13 0x7f98106c628e in event_base_loop (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x2428e)
    #14 0x55fbb60e9579 in close_main_control /opt/xfrpc/control.c:869
    #15 0x55fbb60ecdda in xfrpc_loop /opt/xfrpc/xfrpc.c:54
    #16 0x55fbb60d6b58 in main /opt/xfrpc/main.c:35
    #17 0x7f98104c0d09 in __libc_start_main ../csu/libc-start.c:308
    #18 0x55fbb60d6a69 in _start (/opt/xfrpc/builder/xfrpc+0xea69)

0x6080000000f4 is located 0 bytes to the right of 84-byte region [0x6080000000a0,0x6080000000f4)
allocated by thread T0 here:
    #0 0x7f9810aa4037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x55fbb610000a in process_data /opt/xfrpc/tcpmux.c:354
    #2 0x55fbb6100b13 in handle_tcp_mux_stream /opt/xfrpc/tcpmux.c:494
    #3 0x55fbb60e7af4 in recv_cb /opt/xfrpc/control.c:564
    #4 0x7f98106bb5e3 in bufferevent_run_readcb_ (/lib/x86_64-linux-gnu/libevent-2.1.so.7+0x195e3)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:370 in __interceptor_strlen
Shadow bytes around the buggy address:
  0x0c107fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff8000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
=>0x0c107fff8010: fa fa fa fa 00 00 00 00 00 00 00 00 00 00[04]fa
  0x0c107fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==74518==ABORTING

rm -rf CMake* cmake_install.cmake Makefile thirdparty
cmake  ..
echo ============================
make  V=s

build OK

$ ./xfrpc -f -c frpc-test.ini

Works fine.

Port forwarding to HTTP proxy or socks5. Using the correct or incorrect account will not crash.

On Debian x86_64 systems. No bugs were found.

thanks, I will try to fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@helintongh helintongh

Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@liudf0716 @helintongh @osnosn