From b949cc3ddfbeb1b3fba571fb53b186b645e66e9c Mon Sep 17 00:00:00 2001 From: Andrew Selivanov Date: Tue, 25 Jun 2019 02:07:12 +0300 Subject: [PATCH] Fix leak and crash in ares_parse_a/aaaa_reply (#264) * fix leak if naddress of particular type found * fix segfault when wanted ttls count lesser than count of result records * add fuzzer input files that trigger problems (from #263) Reported-By: David Drysdale (@daviddrysdale) Fix-By: Andrew Selivanov (@ki11roy) --- ares_parse_a_reply.c | 8 ++++++-- ares_parse_aaaa_reply.c | 9 +++++++-- test/fuzzcheck.sh | 1 + test/fuzzinput/clusterfuzz-5650695891451904 | Bin 0 -> 32 bytes test/fuzzinput/clusterfuzz-5651369832218624 | Bin 0 -> 242 bytes test/fuzzinput/clusterfuzz-5674462260756480 | Bin 0 -> 1682 bytes test/fuzzinput/clusterfuzz-5680630672654336 | Bin 0 -> 1965 bytes test/fuzzinput/clusterfuzz-5683497160671232 | Bin 0 -> 52526 bytes test/fuzzinput/clusterfuzz-5687310655422464 | Bin 0 -> 789 bytes test/fuzzinput/clusterfuzz-5695341573177344 | Bin 0 -> 44 bytes test/fuzzinput/clusterfuzz-5697835103682560 | Bin 0 -> 251 bytes test/fuzzinput/clusterfuzz-5728518081609728 | Bin 0 -> 922 bytes test/fuzzinput/clusterfuzz-5732960017317888 | Bin 0 -> 207725 bytes 13 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 test/fuzzinput/clusterfuzz-5650695891451904 create mode 100644 test/fuzzinput/clusterfuzz-5651369832218624 create mode 100644 test/fuzzinput/clusterfuzz-5674462260756480 create mode 100644 test/fuzzinput/clusterfuzz-5680630672654336 create mode 100644 test/fuzzinput/clusterfuzz-5683497160671232 create mode 100644 test/fuzzinput/clusterfuzz-5687310655422464 create mode 100644 test/fuzzinput/clusterfuzz-5695341573177344 create mode 100644 test/fuzzinput/clusterfuzz-5697835103682560 create mode 100644 test/fuzzinput/clusterfuzz-5728518081609728 create mode 100644 test/fuzzinput/clusterfuzz-5732960017317888 diff --git a/ares_parse_a_reply.c b/ares_parse_a_reply.c index 850c39c0..b506f721 100644 --- a/ares_parse_a_reply.c +++ b/ares_parse_a_reply.c @@ -71,7 +71,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, if (naddrttls) { - *naddrttls = naddrs; + *naddrttls = 0; } return status; @@ -162,7 +162,7 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, memcpy(hostent->h_addr_list[i], &(((struct sockaddr_in *)next->ai_addr)->sin_addr), sizeof(struct in_addr)); - if (naddrttls) + if (naddrttls && i < *naddrttls) { if (next->ai_ttl > cname_ttl) addrttls[i].ttl = cname_ttl; @@ -177,6 +177,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, } next = next->ai_next; } + if (i == 0) + { + ares_free(addrs); + } } if (host) diff --git a/ares_parse_aaaa_reply.c b/ares_parse_aaaa_reply.c index c56279fa..aca3f001 100644 --- a/ares_parse_aaaa_reply.c +++ b/ares_parse_aaaa_reply.c @@ -73,7 +73,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, if (naddrttls) { - *naddrttls = naddrs; + *naddrttls = 0; } return status; @@ -164,7 +164,7 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, memcpy(hostent->h_addr_list[i], &(((struct sockaddr_in6 *)next->ai_addr)->sin6_addr), sizeof(struct ares_in6_addr)); - if (naddrttls) + if (naddrttls && i < *naddrttls) { if(next->ai_ttl > cname_ttl) addrttls[i].ttl = cname_ttl; @@ -179,6 +179,11 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, } next = next->ai_next; } + + if (i == 0) + { + ares_free(addrs); + } } if (host) diff --git a/test/fuzzcheck.sh b/test/fuzzcheck.sh index 4c50ff21..3a137661 100755 --- a/test/fuzzcheck.sh +++ b/test/fuzzcheck.sh @@ -1,4 +1,5 @@ #!/bin/sh +set -e # Check that all of the base fuzzing corpus parse without errors ./aresfuzz fuzzinput/* ./aresfuzzname fuzznames/* diff --git a/test/fuzzinput/clusterfuzz-5650695891451904 b/test/fuzzinput/clusterfuzz-5650695891451904 new file mode 100644 index 0000000000000000000000000000000000000000..1aba3b328defb7c0a5fe61235d584533f529ef3d GIT binary patch literal 32 ccmY#TP*7lCWMBkR3JhQZ!uzklzyjg|05CWMXaE2J literal 0 HcmV?d00001 diff --git a/test/fuzzinput/clusterfuzz-5651369832218624 b/test/fuzzinput/clusterfuzz-5651369832218624 new file mode 100644 index 0000000000000000000000000000000000000000..7e5184cf93dc6cb4e500a79c82abb84533b10b4e GIT binary patch literal 242 zcma!M00Kq^eh>u(j6gmE!&wFvjsO3F3?TRa|NnvvED&jktRh$zD2=R`{@hrSox#8W E0E1^X_W%F@ literal 0 HcmV?d00001 diff --git a/test/fuzzinput/clusterfuzz-5674462260756480 b/test/fuzzinput/clusterfuzz-5674462260756480 new file mode 100644 index 0000000000000000000000000000000000000000..c7b7c65d34060465f1a9ac9528c7dc1069274652 GIT binary patch literal 1682 zcmc&!O$)*>41E*9i30_%9`z@B_ec6$l%3|w+I-Z(@KCqHx;9CZmzT8n1Kw!xxB~nE zFMb@Gw3FpdCJxcs$eXRQx{s4DrInn?C literal 0 HcmV?d00001 diff --git a/test/fuzzinput/clusterfuzz-5680630672654336 b/test/fuzzinput/clusterfuzz-5680630672654336 new file mode 100644 index 0000000000000000000000000000000000000000..7b5f9cbf3169aff6379c5df2ab1a7dcbbb7f403a GIT binary patch literal 1965 zcmd6oK@!6t2t{E!S+@tsg8N^w3yT;dq6s+Jl!an=z>jeZ5fLD~c_JW6d0&ct-ojfz@MefgTQWBVl3d7EnjeG~9{YK{KW^(u<>;5CA)1_TVFHg<|(e z0>MmMR4SKYgFIV6X}6)0CL@aGdc==1eB`gpmQwEqH3#O~P{TYgD^_hvZfLhv$GKaC z%C{N;)$_Okm_cY@0W{WP%5wq5TKD=xc=KYsns_%PdSLlI z9zAf7IKFl|yPer~7I0Wx_?p0U+Sk|DuiaAKbh=rVWs)SKmu&pY-aRwFUC7JGl(5b-{72P*?icCTyHZ zFMXZbu$?~Xr|CV7%YwE?4Jn(^lT}&Mmbr@Vrz+{1d?upuuF0!f=IfUq2a+tkFiZ@E zWsxOG`dU;|Y*ZeYbXk;@?y*TTp)tuwYZz}T&FAM>aMoH)8Iu< zrzkr#L`3cy9Epr@cp8dm{z>JQD$3%*1>EDBz{}Qy>%>#j5taTN-R|t$LGkw2LnC8@ z75rVZty;Y3x@DELVjYXf7EYc!EuG?4Wc}n&hn6K57+Ov`bn&zXqB?ksDndnDOWPfG zwnR21Ir{wWNV+-}p6Y1WHtqe#tZ#)vqu*CA-GSWMw6wH^()lp3)f@aKYw?Zkxg9^* zbU`xIPpnv39fEt3oI1&I?3G_eRcW<(9#E$>Rn%KiKPe#4V6m+xY|&&jVT-y02cflY zMG*ub009U<00Izz00bZa0SG_<0uX4Q0Pbeo&FVPo<8JP&w-R@A`!ft0ApijgKmY<4 zBf#2}wJB@UoUITSn>LV!00bZa0SJh&h-4ATBJ$c7k){hK_9llm@9La&m9iht9cE^& zZqL?DwE8o-@6=BU2(Z1Czi<$M00bZa0SG_<0uX=z1a1idoLe}zjJJf{d+gqePkC*; z7T)llId6>nZaVuqeC!=|-WZRMQgR>w0SG_<0uX=z1Rwwb2tWV=5cq!x;B&_3jL-Sn zH&ixE2!T^cRk}>&fKolz)NZ-tfYOFRL>2@f009U<00Izz00bZa0SG_<0uX=z1R!uD z3Gjr6Cp1Rwwb2tWV=5P$##AOHafKmY<4B7mO|KOufX{DjSu#_q7Q zC3+x6(r|>x<+3<u!BXq1Kq;o?>5m-P5tYt`8Mk2VMHzjAOHaf vKmY;|fB*z$L?97aKRGA9!ykgG&TQ9&L`Fd zhS17+eFyBGZD~U(MOO>jaLwk#p3w1>@1a})tirLtM2mxl0l9jLcm@gZc1jK-F>zR5 z&XH+(VQvpmwC=tAW_O`x+^dESYfb6om!C#0mk%770xVPb*ARjMHyMKcLkX_4uZw2P81oahT}rC$)jVDgm+JQ+|` z!>oxnW`)BX&CqDBmUN~cR6jd>{U|%j4fQ`( n!#bl%BiY)8+G&-c zkwx$rBC$a7=M7u7*{~le5-?IEc1Q>*Y}iGtz6F*SiFt|Qe&?L})2FJdx~ltD-+TK` zwPxEl3SaWtQ~G-A+X&UV zQZgorz;c;1zq3oTWaS&S^k6Ut$`_WTT)CS*|LQq}h-L zNTQXbAuT`5Y0NdoEL7nD@7W|3G;hDsi?gF&o{@4j2nyX;Et`IVv&lyAmmf1XpKB*8 znL7l$;8=;=cNk{B8&+&s<3q8#>iaAz(nTN@Rob6wXyaw(YO4#Q)aF<6qoH-}5SX2S zPp_%GCq0B=GPJGSj>DrU{C1f&_b;865hA&*+`~~$gxM+(JVi<*gpbBKnpB`4`!7Z@ zVsfp&=mGbtKMky^d+V6D`(j9oElSt**8-O~b)YQpeh~gQeQd=6)eEtC zvx-O%5{^qiGPmXDBpx9*&I}(Tu2{sb*&T)peXA4xxl62vir=5dRE7$;Zxa_ z%hl-iU7xKy2JnC>&JLFtyv|0dk*IA{AVrD5bsn(%)ttD(!TDD}ucuuDaR|KCpzqsq z1<8D^XTEr}B;a^lPn9<6F1WJDB2>xP@z|JF@p+*q&~5i%hbxPG;DOSq*l z>OXL{iJlzN#;5(QY!9301CF8E4mZ0VCg3*`wX0FB3}jksy0TWXl>zkKB?b_5)IWe5 zSV$fNWzVkOtO5BuE@{+XWvmmhg2vFG40rCwqLfiQE{rePS{QYtk zT>fZrQNdQ`xwT?chJ%E~gu1T2wD=|;NyHA3yG7_y`6vh!1i}b-+EtjiTqy_?1PTIi z1lHmtqf@|BX}+8Sh6hWu!sZJwWPuwlv%1Ltd_43t+FihLF>QT@USac#d)AT%dXOGl zyWl?HXCkcFG81m>C;I=OzP>2NFm z(y>e?3r}3#8T_M=v zrXeg$*fWSU6Rm)@8DV&Wmd6+aB$P{|O^j-pz(_DKHfl^T`0+)7&iIb%9oh-NBH9Pg zVCkKJFKTFs1}cgcMpuOYE=31)0>p0aL(XnBX0R8wMLOKcLpRroYh#RSo&_zIYFuN+ ztv>&x$2Tjr_PsUKGQFQ0+u(diuU6L!8<)5NA2iUR6#P6}l(>HW5W2=+-+dC;t0UH| z^rSqJGg|9pO?+cUc8v3+ljdPYq85o{gzjM4nThJs!++^>qqcfi-zHzQzXTPa2w$zl z=HnX*x1%Fq@67D5|J>MSa)g;JT8 zb%-lnu(Gv4zwx=nRq+x5EI#jg4Yyv~5LzgjwIB;2cU{%mRU=CyiuANKgGO@&i{ABV zr1_D_9XC)iec8@dJ`?zMd8?gVO?8e3xDgFs20(tQW%yQmYZuEdIMB()uKj?`|Cfyx}1<+9}DHj-i* z^+`^#!%mDblFVvLnDxH`@K}V*6J|+9hAgwNP6Pp~$lr-gw1AIlO2r_m-8qL~RyUEWXH7J_9odXiQ0_h{YGviM7q zS=yW2z9L-=KNC3wp)Ng|zwZj>>f544Kd)JI{q*D^@~oyjFCsT8&x`b}!91TAd7d$9 zG01mi3~ioR%_1A{0!A}Ey2Mzn1os3pVI^%NJ-zO}Td2DLZOW(7g|3~_eGLMa>Ob-;xMw=vg#0ShQ zK%7}w-jmXqCp(Gzc(lx8%fOlpU`A_{yUO9HmjQwF+js!&GtA0Qi}K~`4D!pDu{o5ENKb*vS$vw{C#=sNYRBk86uUt{d zjh1MgE}wMobOW>}WFatgH|2J-+hNGT0$wu3+f5mp0tz+54^K13tZ2EVBtW57ASO4~ znG4FkN_=@!^@^^R-2-Yy>PKe+x4f}llR@=AEZvceqT(6D5=of;EeX6kq{IP>7NK-WPyXPzGB5X9YfILr$DM7W1+L*$v^SG6b^!qINe zvx8JPpil5#B5zdcfo~FNJ|8HH3bGnLajIoV=+Nz-d898#?>rxV!??IUB#{mT8k61i8)4wYsL5l4lbI8@9hPDYYx=|^V*5vN3k#)>>Lq({cqh{Nv- zm^;;BR|C;zG#)bANOJr|ueNg!?d!t!><*0?p(4>Alhq9sCt{5Tod&g8tMZpGJN|SU za;V#swX&VCCcA%n`p>D#-Z6_WWbjqzot3h2Na1xr?6mKmOb(3TkG?*1ypk)!Z8XYm~ zojcZUs#3L(IQXt&>tKYK@0?nslR60n1f>M&IhF~^{jGKt=1wIkL9uYKPEuUf!=qoZ zd_&5zte=dL%Y=zTw;_Wx^bjMaaTjwl!(eCurG@^vT+AY0771k z5vc274l7KcZ>Ca}pNi2}*ktigR6HKcAM(_`9#5VWVivbWc1Oga$Z&DgoqdqQvT2L* z4A+*l$;Baat2!rzTN34FMyhYKS{1z)5CPCu^MNn3%eOpUJT_tY`g%NRKOehEpd(%~ zZbvdJcPN}>kZTTz+tUdx1wsdfO!wj7^zJ32b#Tb8|oCTLZT3l4Hm3eNh7?I&1 zVKJeut1m6S$wv~gL*#A|x>P<20tJCE0-kmiCN5VB0tJDBKpcU!ILYV~TepNbi?@IW zqPn;KIt&lsmGPJo__F)G+jP0Yw9urXOE$H)G$-*8Y=9)7G2EDnO|1C~P%E!l2}z>G zg~V5q@X{BdoKZBa-gD~GFYW;_4F?kaY)=Ik10SMvr+9oC)U~bPDEQq(D|iqUGf2$+ z!jWk2Hc8x|gD&Lt3*$eoaB%(=(CcXiQL935zYbR%Zi`k$ac6SH-?}xcX4vj*0KWz( zlY=^!T8hGK94qU#8g?nWq8GUo ztp?Rr6&sXW`Wfva9qj^|qK;uM(+I#Fp0r}&%LQhv@a0-?>z3#MS+^cf<47oFT%w6) zi9Ls$78WoqEawz_)53??^31HHo^!2W(t@Ti|4cKQIJ;nGG#z47gwqU)0|T%y*ce2b ziB>?nYi#2&#(-Y6u1$0|vUo>V17oAc1cM)s(co~}t4zI(e|RN;u+!EV**t*V6t}VRm@M)Mlim|>UCKPNmWH>T?hXk!dr7d9?&gBv)h4(8zJ*`mbt^M}wi{`&5d zz+N4(W~C?Pk(|+5Cu`yxGqPixC!I78GZM8(BqMYO)6Q({!8QB5%<&u_N!I!bGubw6 z9L8SeWY;#a=&+QnxHJ^>qTzm3JiY_Iz8+5vdblm9c!xO3*WuRt+COkv)PCfUs|?m_ zm+bHFs+_&cFetCgWyMg75&TxG7jP^cJ^nD-A;i&JkAwI%&TCu{myS2#45rkMe*fmT zPTxV{dRU?|v?hV&&0*zQF-Hy_#qI|+tmB5+e)xl7>Wv++4;+}R>qDJ9_Yjn=9(@|d z9=peoxdEpj@`L!Z;;rlFaY%9#X@N+7LHR8-H5`(aNowgpvhPJ?xF9YvaE{=maH6^d z6`%-Tt;FWz8w$6hBVg~$?DRPO?d~BI-zL$O{6fGgKM;OhoQ7KEVRG~peW9Uk=N#%R zDy@Z5nU-~kD_yX%wLrh|xy4oS5&*Cd-b5)O?r38Y6l{>b4={`Qj8e-@tYF z3BI911jjC^+){)9*Xd9wsW;bWDMcmRmqW5~q&Vm>K|ULmeGjraQjdKPSZJ%RlryS=1Cd9LvkJ8V*|vx!Iw^~u!5oF&>Vi%B+SGJhws2{@YD zqkf{-_50E;{fZ5&ZMlmjM)Dz0mrkS)Y9$IzqfKJWh(t3Jm`Z$^hD}Mz##l|Nqlb_9 zK#!Xs@U;@RelPjw(uz)~81UT0I-M=;t+yuAiPfM4r`@=SAdP z<$00rI_CMj$n%U*i$T6CgJScnT_20;A#~Ma z`M9q-rjBKMZ686}!7JZ+5g!H%@za;8f8RXB6g=wvB!5Nd0KubJ{01^PpgNA z@GZnCI`&WL%r%sft^nt?b&zxC9TfJP_;KY5Rdfs_)ON1F0nDo%Wxh2$gPjB5Dm`RY zX_@1G;yF^{cl{sts^-%(|J0u0X>)jA=by3jL;OdO{~%Ns%WvdA)ja0jREFLGw3@>j zU+leTFVg^E5nECH^6oRAkY%0}uThi2g~Jnk%w-#ehK;GTMT1PDfP)kV~%r%HM##7O<c6wztTycfqi++D2EMw5|T$~5*TlO3=6}>v-+0tMt$y4vGp^0RQ`ex z|NMa55C~<9pfjHo%r_&K8D%_~kyl1mmfY6KXqBWh#(`!Rb?JjSI^_YpY~UP|Welq* zU!)H)_vXv4OG*&!Zo@0dA<1kJA5eGMDd?34@L9dc?N-VIco|qzTrqdREq9f}Q7;1m z>9P1*2Q^m{_el1SQ{1yWumPF|NV6l>Zg2m+GI({== z4~ZVqX>^fCuYhSLAH8!l6dW-jHvI&!9DuNe4?ls)HHj!?E`k+^*F&Goc#QJ9c^V+w ztPnX@d5VcJ41S8~aR#@sp5Uf(n_LV&=Gi`2ZP}Vid59S_BI~65Rz4|%yeZyp%Gl($ z8_V@HW6WX{6H20}D-e@eyPHSSXJB96RK0>+e0GJHDg4YP5DjC!CWGpKSh^z_Ma7TR z*tzMquFb98eEoZD1i)rZ70y_;xxi>xa*lVc?~?<85oldImzl}aJK638q?wz~7zBYT z^?H0(e9I!0YlGbe10B~_^R4&ik5@s!EKrq}y)QO_D`8tEr zFOzdbU1$yj%oP6GCNRS?qi?6#!t`N7e^$^S-Gf69(u7|&3=&~+e8Dht(VrZE*X6HO zk(DolfIng+=fYMTep+3D|7tjQU=KC0n36Iq&e#OOi4R@zt_fO;6S9dpMuu#67(@L; z2pw@ZVE*1D zn^a&neF71uM25zSJTjz5#@2`<>`hZ0b~O-fM&lu)jU>lk^lCfz(7rBg&+gEe5h@b> zFo;u^Ht)@o2o-)LXrh#KRT1Ub;}SSqM-Pp z8ap?Al`T2PoP)&J+FR;4_nNV~1Je>ce;2xE9uCFo%ix1ph0|eJ2xO{4dCF`G%~l#k zSS1dLtE4c;wOap*Q=kcJ*C?=Zf5xMx4^2q1d=}NmWB4? znqJkjEaJ$<9WVh1c{N6$u7^3SFoC|AN>zR;Mqgo*#Y0i?crbs+Q~P>6c~Xd3+!om# z5r-nf#Zh?&oD^?VPZc*(dO$%G9%Ez!S^#;#yznzOKP%!5L_B6c?f-Jt0=K&r`$hv_C* zzK3$}b65!O<08kkr^M;E0S^fYeZuP|_kRVYPrv=Td%Wgm=yT$MOsZ>7VflBu53#We za#5{65JJ5@){gVe)#A*WPclD2#n1Xdpb3R^ljzF~$=8{fVU z?}dho{ysSiE`PMRs9-De+*&ar!$HDgLS0v1T6~j_B=Q~Nts-=(d=vx<0$~I^?J7)M zt`r0c0tJCM0&8)S(J8iW32_#00S`oVZ~b)`QNU}kF-5mfd$;Lwg)hDrnlyB&vZ$ei zbxx&umWN;iBms@###C%#&0m08dCf{l5-lzyELH& z3NQvfMCnfP_%x_%TftHAyNOotASz~%nEQnz(cW#6xIqV9$m(+r|k zh2TIPt~lHlt%~B#z3#MS+^dyvb0jhC7NiK*mKBfVFA;^a!$cFEqsVA z&&*2dIoAp%Eoch!&orZn6B1@d(;+rRIL)9qkbt0zg*i8fG!w0WcGuX(V~hd4YF(S? zZe(eXkD%!ejEx!-41PRDgX?IoGW9n8;gulR5FWtp3gAfZ1bk6LOEgeX)COG<{<{<% z&S>0(l(XiDU&1+m^hFw1YobaIB zn65LRjWKjx*todPt!Zrb$(r~EUdDrwoW!Jg zn31S_BH3)v&TQbIR&6^Jcb`t#~Qih62$v!+i1h4!iaB_}Mz7 zR9A*u?`!|SWl{T)L#{GduU)dgzpHZgF2kU_GM5!Y?aje&wR!=^($V7&qa8vVz4bVV zU*o*S1##(k6V6~t?dbP!e(Urd6s|{rtPHJ5V0m*`xt5{i;8E;;P{TTInC*u@7^dFX z0sFv#$+|w&$#V}u+3L}!VeGMc44E5n3L-yI=(S-xe+UdCj8hrza1QXEo({5jj_RUZlH@c|I@l zJY&>iknhSE+B~tEMK<6Cj28ark{(x9^i&ljf`^M&BFAMq>iSqz5233b%g24yF%3kw z*Y**l9lY|L7x7`R5I=pX`uEL4Ou?hxPx5D^@D^t{o~Px9;zJ=m{Iq&_2;V}SqGSJ* z&Rjz&=?ZXOTL(FJ-a%o%i62+4P({Z;LT%^z8^FBUQRZ92GuSx*uF^whm6kc~C!QlE ze%JqTuWCL$^H1#=o;HW~b^aMUKg53o`42*MvHV8WI} z|M%`tmbi5jzJKy#n6tbrm(nVqAep4%U=eK-tQY?48<=HPsB_PJgd6bOp|uJw0TyZ( z!)SB#)|*FojU}xPa-CYHe7FsJbch$|uIq`7^&kEGRgwq`>u2`xqXV796bo5Pkt883 z?aFcyQEj7Z$u@xrvpB>okT5w!1i=l-=xDCAat^JWvRnk=U`s^&%SAW^68l?C>HaTY zF5N%t8aoFQssm}dPjEzDwsilc`#%}oe-k(TaW#~CgmaA0gMADOHpR1gD0ibi_o&$V z89l;!L5P2TfDs;!O1_kZ(ve|U!rN!xkkj#tOaS&n9O*4U;= zjVHaY-dJtRD%W_f7(*m)&C7-F5=b+G2=23sj8)*xRu{X(s!zz%cnCoH*+q|7#7O;6 z_gd2BXVE8D_G6aaF)OtEi0;Rcpidohqs5ByJ#=NJTFNBOe$5S9wD~gBmZWe#AISRP zeT}uAj9B6_w`P*e576R_=a*-sTn2EgGegYsytx`V&8=s5j1b9f1>bRj2M1-S&v*jJ((qmQt;BFp)i2=}XQ3&si%0Cx-R6Mm zPA@9E_;(u(s52Az*!l9xGX%0!ga3ce`3RWaXRAiYK%oSJ1d_3;&cink7su$s@nquU zZoCw5=fdrklc(9 zxJx-zWzdv3-%9iUOk!eZrspYOkrn& zybNKJ6y!*+hMi9%T+v!a8eI&2<$NEQ^~-9-0lhRA?x!}vx9|Dh8>&fPr{Ai(o^8J} z7(Gk$eRp(SC%$D9Ho5UM1zQ3SfqsQB;6ty%J=_3{q{kJ{)iLg5LvM9$;J0-%@3YpSD$p!E0?iriwgjXYYU^Ht z^RL{#mC`_FccHnz@EHvRE<`&2;-0ZLh7Z!_EZ50J2B{eZm3=t~6hD-#3-uH9 z+LwcI>zP!y%zhc>kz1DN%ce6Atb6)~)uvIte9OOQk))$lEggtHfqZ%05qC-&dj@(| zui&*j%k-l&foK@(HhUW}3W^`9v2)AzFUByAug8!tcdWhJKn&7&XxSV(40nu+qL({X zGGGGerisL9CvnH>aRyhj6&M^1Z7Nf|W0jt48L`~35-2R@TJZE}(~LzRS#JAA2&Dn6 zXE7YIT!F|o3j}VXNI*G(B%w!fL)1Y>bIfO>^2_W21`k`)H(Tl&R^9zeCh5L|^j*}6 zRWD1oSHsb*P@-YBL)J*$kc5HC0td@w$qCF%WC3-G9ky&|%vk=UYL2`uVOD5Q>MU?F zzrv(^QHEc<@p8YUHP_#)D$H_DHP!UKLjgf)LV7;pm_%M<5R8``k8?=z{KEyD77W$K zVfMgU*YxHX%irb?Nkqtjy7euV*k=!c8b#@XHL>bt87_DnsV~^XA^=J0??wiAhzolh z7|j=nW+pHNOr1%RE^jJT%z#dk*&;sBBQ(r>1Kb&9({U(wE1u?_2w#cb1XLzZl)T1Z zmJq#rwA>P96Pw5QK(QM9;rpb_n=l}}N#ovg{aNc=D_gextDuq0MSm4Go4T457eJAf zFN1(TVkGCThsF)Mf@Drm0BHw~Ee94;QuY-xU$N*ifL#-`7AK@9n4(l&0wqsyC@4Fb z5lvTZt4Y9M_bY#b`*qv@4kSKLpda|5isnYaj&fKS0arRMM2R>QEe1PE9AV~46H792 z{c27i;*`kHSdmADbcb(^IQ+hVxlH4sf}&9d#>L;Je0J-b6=wCiB7rX(Me)eRLV zr3$K{L2cHm{N>A=E;|i5)NRUA=T2CY-9J6@V|{)XPs%M%QHH}e#iuB;_m8@U^kNH| z868b=jMh8?0kU*PJ?~nFlx>8XiSab~y0byACOg%bWTg!_uMW~j zZ#@o+HR`kQaY0-<-h?yQrR?bUZ+`3a9o$~ZKY{MetxT>-SlbU7v9;d(EJ%r-hB)XEHw!{ND*Tre5RUTg?zrA*P_|evGE$(+*cDXsEQzaX;}KDe=4hk9$?~ z>6w3O&+xQ4ysz`m*!dy;BglUcs*B|}@}FwL)}}J_4xrT>R)4?uqS)sL0E^g)>X&z) z`GhR*6b5KkmP$Q>pDdHgVlkFyCHMESOFaic`)^p$XP~A_6_4ik?ogJvbrZgS z@?+?nFAD*$b=2r%O1TGEL?^Lc_^)qZmQ|t7J@XNC0pbpIV=e&}Y8S)!cl6eqM|h1T zt4^iV<_fe)65kYW2vBv$L2w)9*bdC7O@g8j z8?$W|&yAtv=UE;tI<|=(U=3z?DxJPnx<|Aqz#X!$*cR6wr}X-(p>yGc^OS(*w#M## z#I=LCm8F$3!Lw=PiM!Ox*QkgyP(KYCUZMAiU|Z88femqpEzg|N+=U%ltawk&8Dh`y zAeYk8DU3AQdL;;&^}O1-+#Ax|c1I!2*9N$vC8VLh#9q?jLTg;4yQChdnHK4UV`ZFp z{Y~TAR0BrC5-!ch8|1F@Gr2E7O)qemkHD%jUkh8R9@&_(8EgatKr({9c75VUBAJ?P zz_H3mgby>(nT=;R@e8q|{~;rhWqGTSjAHuUVX1-%!s|vn*D^q2pLwQw>k3<*7&@B8MfWUuY z^xW(fXhnmjtJIQ*FaZGuA0gvMsu)<3A)y5D)!$G_Db|_{uL+T=izInL49Rq=Vb;Zz zXy;3C!FYJ5x;-WH>rfW>5{x0B%K~4VPlChmJ*$(e*N*jQdW_VM!vua(l*ObMc)v&1Y}{K6{yExh=@(f-6^q%)$-hATTo1Qk^04z> z=}SXMGEDtYm%dcC0zW!wxnpe)EPpi8EyMG=5!;OkbGr*JD*;L^6`!aA2>ske_u1N) z=bJ7_nZ!6klfc8&kKtDY;#s{O^+tW}QL*(i+8_7@A^!OR=?;XlMbMc~3WiVQGNX(q zGxEyF%97hU8LN^p`Hsn3dC$NqW^8li$3*}?golOyqC@=>sad7pOibhNJ3z`@KQ0P5 z+RO2y(^Fr5nT@)dr21);Ub3WESOK{qwzBn2?MeD6Q@}P2LUSeo2+be`{gDJ zS}b!qo@Ut@k~2>GSyH;-GMLhgsVmYVm%CaX>zH+Bx88g9T2_(9|<8BfucF;ka z&qi4v53^B{jz%%o)G1cmS+OM0pG-o` z3f+keGBaB)Y$#A@kh9$>(IY>0s4$^#xl_!p2v)TQw^ux0!5iEchj>;&L($0?wU> zwfp+JvP#x{m85WIWXksI+A-(v9C}7`(JK@eT|Y(Cvj3_O^IIXgtZNo^V=UhVfr3Cm zpde5XSS-mYb ztNJpVk#Jx9((I91c2>{7v7yhdxce@%J3Y(7jn%0~v*~pww+0Dp>1viTVdv}T{13+%6MCnVZ#REk zY56V)6a)$a1%ZM