<div dir="auto">FYI</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <span dir="auto"><<a href="mailto:scan-admin@coverity.com">scan-admin@coverity.com</a>></span><br>Date: Wed, Jan 27, 2021, 9:21 PM<br>Subject: New Defects reported by Coverity Scan for RTEMS<br>To: <<a href="mailto:gedare@gwmail.gwu.edu">gedare@gwmail.gwu.edu</a>><br></div><br><br>Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan.<br>
<br>
11 new defect(s) introduced to RTEMS found with Coverity Scan.<br>
42 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.<br>
<br>
New defect(s) Reported-by: Coverity Scan<br>
Showing 11 of 11 defect(s)<br>
<br>
<br>
** CID 1472583: (STRING_NULL)<br>
/cpukit/libdl/rtl-archive.c: 796 in rtems_rtl_archives_refresh()<br>
/cpukit/libdl/rtl-archive.c: 796 in rtems_rtl_archives_refresh()<br>
/cpukit/libdl/rtl-archive.c: 796 in rtems_rtl_archives_refresh()<br>
/cpukit/libdl/rtl-archive.c: 798 in rtems_rtl_archives_refresh()<br>
/cpukit/libdl/rtl-archive.c: 798 in rtems_rtl_archives_refresh()<br>
/cpukit/libdl/rtl-archive.c: 798 in rtems_rtl_archives_refresh()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472583: (STRING_NULL)<br>
/cpukit/libdl/rtl-archive.c: 796 in rtems_rtl_archives_refresh()<br>
790 {<br>
791 ++config_path;<br>
792 continue;<br>
793 }<br>
794 <br>
795 if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))<br>
>>> CID 1472583: (STRING_NULL)<br>
>>> Passing unterminated string "dirname" to "printf".<br>
796 printf ("rtl: archive: refresh: %s\n", dirname);<br>
797 <br>
798 config_path += strlen (dirname);<br>
799 <br>
800 /*<br>
801 * Relative paths do not work in the config. Must be absolute.<br>
/cpukit/libdl/rtl-archive.c: 796 in rtems_rtl_archives_refresh()<br>
790 {<br>
791 ++config_path;<br>
792 continue;<br>
793 }<br>
794 <br>
795 if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))<br>
>>> CID 1472583: (STRING_NULL)<br>
>>> Passing unterminated string "dirname" to "printf".<br>
796 printf ("rtl: archive: refresh: %s\n", dirname);<br>
797 <br>
798 config_path += strlen (dirname);<br>
799 <br>
800 /*<br>
801 * Relative paths do not work in the config. Must be absolute.<br>
/cpukit/libdl/rtl-archive.c: 796 in rtems_rtl_archives_refresh()<br>
790 {<br>
791 ++config_path;<br>
792 continue;<br>
793 }<br>
794 <br>
795 if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))<br>
>>> CID 1472583: (STRING_NULL)<br>
>>> Passing unterminated string "dirname" to "printf".<br>
796 printf ("rtl: archive: refresh: %s\n", dirname);<br>
797 <br>
798 config_path += strlen (dirname);<br>
799 <br>
800 /*<br>
801 * Relative paths do not work in the config. Must be absolute.<br>
/cpukit/libdl/rtl-archive.c: 798 in rtems_rtl_archives_refresh()<br>
792 continue;<br>
793 }<br>
794 <br>
795 if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))<br>
796 printf ("rtl: archive: refresh: %s\n", dirname);<br>
797 <br>
>>> CID 1472583: (STRING_NULL)<br>
>>> Passing unterminated string "dirname" to "strlen", which expects a null-terminated string.<br>
798 config_path += strlen (dirname);<br>
799 <br>
800 /*<br>
801 * Relative paths do not work in the config. Must be absolute.<br>
802 */<br>
803 if (dirname[0] != '/')<br>
/cpukit/libdl/rtl-archive.c: 798 in rtems_rtl_archives_refresh()<br>
792 continue;<br>
793 }<br>
794 <br>
795 if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))<br>
796 printf ("rtl: archive: refresh: %s\n", dirname);<br>
797 <br>
>>> CID 1472583: (STRING_NULL)<br>
>>> Passing unterminated string "dirname" to "strlen", which expects a null-terminated string.<br>
798 config_path += strlen (dirname);<br>
799 <br>
800 /*<br>
801 * Relative paths do not work in the config. Must be absolute.<br>
802 */<br>
803 if (dirname[0] != '/')<br>
/cpukit/libdl/rtl-archive.c: 798 in rtems_rtl_archives_refresh()<br>
792 continue;<br>
793 }<br>
794 <br>
795 if (rtems_rtl_trace (RTEMS_RTL_TRACE_ARCHIVES))<br>
796 printf ("rtl: archive: refresh: %s\n", dirname);<br>
797 <br>
>>> CID 1472583: (STRING_NULL)<br>
>>> Passing unterminated string "dirname" to "strlen", which expects a null-terminated string.<br>
798 config_path += strlen (dirname);<br>
799 <br>
800 /*<br>
801 * Relative paths do not work in the config. Must be absolute.<br>
802 */<br>
803 if (dirname[0] != '/')<br>
<br>
** CID 1472582: Insecure data handling (TAINTED_SCALAR)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472582: Insecure data handling (TAINTED_SCALAR)<br>
/cpukit/libdl/rtl-elf.c: 1328 in rtems_rtl_elf_parse_sections()<br>
1322 printf ("rtl: section header: %2d: offset=%d\n", section, (int) off);<br>
1323 <br>
1324 if (!rtems_rtl_obj_cache_read_byval (sects, fd, off, &shdr, sizeof (shdr)))<br>
1325 return false;<br>
1326 <br>
1327 len = RTEMS_RTL_ELF_STRING_MAX;<br>
>>> CID 1472582: Insecure data handling (TAINTED_SCALAR)<br>
>>> Passing tainted expression "sectstroff + shdr.sh_name" to "rtems_rtl_obj_cache_read", which uses it as an offset.<br>
1328 if (!rtems_rtl_obj_cache_read (strings, fd,<br>
1329 sectstroff + shdr.sh_name,<br>
1330 (void**) &name, &len))<br>
1331 return false;<br>
1332 <br>
1333 if (rtems_rtl_trace (RTEMS_RTL_TRACE_DETAIL))<br>
<br>
** CID 1472581: Null pointer dereferences (REVERSE_INULL)<br>
/cpukit/mghttpd/mongoose.c: 656 in cry()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472581: Null pointer dereferences (REVERSE_INULL)<br>
/cpukit/mghttpd/mongoose.c: 656 in cry()<br>
650 <br>
651 // Do not lock when getting the callback value, here and below.<br>
652 // I suppose this is fine, since function cannot disappear in the<br>
653 // same way string option can.<br>
654 if (conn->ctx->callbacks.log_message == NULL ||<br>
655 conn->ctx->callbacks.log_message(conn, buf) == 0) {<br>
>>> CID 1472581: Null pointer dereferences (REVERSE_INULL)<br>
>>> Null-checking "conn->ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.<br>
656 fp = conn->ctx == NULL || conn->ctx->config[ERROR_LOG_FILE] == NULL ? NULL :<br>
657 fopen(conn->ctx->config[ERROR_LOG_FILE], "a+");<br>
658 <br>
659 if (fp != NULL) {<br>
660 flockfile(fp);<br>
661 timestamp = time(NULL);<br>
<br>
** CID 1472580: (TAINTED_SCALAR)<br>
/cpukit/libdl/rtl-rap.c: 921 in rtems_rtl_rap_file_load()<br>
/cpukit/libdl/rtl-rap.c: 915 in rtems_rtl_rap_file_load()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472580: (TAINTED_SCALAR)<br>
/cpukit/libdl/rtl-rap.c: 933 in rtems_rtl_rap_file_load()<br>
927 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &rap.strtable_size))<br>
928 return false;<br>
929 <br>
930 if (rtems_rtl_trace (RTEMS_RTL_TRACE_DETAIL))<br>
931 printf ("rtl: rap: details: obj_num=%" PRIu32 "\n", obj->obj_num);<br>
932 <br>
>>> CID 1472580: (TAINTED_SCALAR)<br>
>>> Passing tainted expression "rap.rpathlen" to "rtems_rtl_rap_load_linkmap", which uses it as a loop boundary.<br>
933 if (!rtems_rtl_rap_load_linkmap (&rap, obj))<br>
934 return false;<br>
935 }<br>
936 <br>
937 /*<br>
938 * uint32_t: text_size<br>
/cpukit/libdl/rtl-rap.c: 921 in rtems_rtl_rap_file_load()<br>
915 obj->sec_num = (uint32_t*) malloc (sizeof (uint32_t) * obj->obj_num);<br>
916 <br>
917 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &rap.rpathlen))<br>
918 return false;<br>
919 <br>
920 uint32_t i;<br>
>>> CID 1472580: (TAINTED_SCALAR)<br>
>>> Using tainted variable "obj->obj_num" as a loop boundary.<br>
921 for (i = 0; i < obj->obj_num; ++i)<br>
922 {<br>
923 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &(obj->sec_num[i])))<br>
924 return false;<br>
925 }<br>
926 <br>
/cpukit/libdl/rtl-rap.c: 915 in rtems_rtl_rap_file_load()<br>
909 */<br>
910 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &obj->obj_num))<br>
911 return false;<br>
912 <br>
913 if (obj->obj_num > 0)<br>
914 {<br>
>>> CID 1472580: (TAINTED_SCALAR)<br>
>>> Passing tainted expression "4U * obj->obj_num" to "malloc", which uses it as an allocation size. [Note: The source code implementation of the function has been overridden by a builtin model.]<br>
915 obj->sec_num = (uint32_t*) malloc (sizeof (uint32_t) * obj->obj_num);<br>
916 <br>
917 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &rap.rpathlen))<br>
918 return false;<br>
919 <br>
920 uint32_t i;<br>
/cpukit/libdl/rtl-rap.c: 933 in rtems_rtl_rap_file_load()<br>
927 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &rap.strtable_size))<br>
928 return false;<br>
929 <br>
930 if (rtems_rtl_trace (RTEMS_RTL_TRACE_DETAIL))<br>
931 printf ("rtl: rap: details: obj_num=%" PRIu32 "\n", obj->obj_num);<br>
932 <br>
>>> CID 1472580: (TAINTED_SCALAR)<br>
>>> Passing tainted expression "rap.strtable_size" to "rtems_rtl_rap_load_linkmap", which uses it as an offset.<br>
933 if (!rtems_rtl_rap_load_linkmap (&rap, obj))<br>
934 return false;<br>
935 }<br>
936 <br>
937 /*<br>
938 * uint32_t: text_size<br>
/cpukit/libdl/rtl-rap.c: 933 in rtems_rtl_rap_file_load()<br>
927 if (!rtems_rtl_rap_read_uint32 (rap.decomp, &rap.strtable_size))<br>
928 return false;<br>
929 <br>
930 if (rtems_rtl_trace (RTEMS_RTL_TRACE_DETAIL))<br>
931 printf ("rtl: rap: details: obj_num=%" PRIu32 "\n", obj->obj_num);<br>
932 <br>
>>> CID 1472580: (TAINTED_SCALAR)<br>
>>> Passing tainted expression "*obj->sec_num" to "rtems_rtl_rap_load_linkmap", which uses it as an offset.<br>
933 if (!rtems_rtl_rap_load_linkmap (&rap, obj))<br>
934 return false;<br>
935 }<br>
936 <br>
937 /*<br>
938 * uint32_t: text_size<br>
<br>
** CID 1472579: Error handling issues (CHECKED_RETURN)<br>
/cpukit/mghttpd/mongoose.c: 3716 in put_file()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472579: Error handling issues (CHECKED_RETURN)<br>
/cpukit/mghttpd/mongoose.c: 3716 in put_file()<br>
3710 } else {<br>
3711 fclose_on_exec(&file);<br>
3712 range = mg_get_header(conn, "Content-Range");<br>
3713 r1 = r2 = 0;<br>
3714 if (range != NULL && parse_range_header(range, &r1, &r2) > 0) {<br>
3715 conn->status_code = 206;<br>
>>> CID 1472579: Error handling issues (CHECKED_RETURN)<br>
>>> Calling "fseeko(file.fp, r1, 0)" without checking return value. This library function may fail and return an error code.<br>
3716 fseeko(file.fp, r1, SEEK_SET);<br>
3717 }<br>
3718 if (!forward_body_data(conn, file.fp, INVALID_SOCKET, NULL)) {<br>
3719 conn->status_code = 500;<br>
3720 }<br>
3721 mg_printf(conn, "HTTP/1.1 %d OK\r\nContent-Length: 0\r\n\r\n",<br>
<br>
** CID 1472578: Uninitialized variables (UNINIT)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472578: Uninitialized variables (UNINIT)<br>
/cpukit/libfs/src/jffs2/src/scan.c: 759 in jffs2_scan_eraseblock()<br>
753 continue;<br>
754 }<br>
755 /* We seem to have a node of sorts. Check the CRC */<br>
756 crcnode.magic = node->magic;<br>
757 crcnode.nodetype = cpu_to_je16( je16_to_cpu(node->nodetype) | JFFS2_NODE_ACCURATE);<br>
758 crcnode.totlen = node->totlen;<br>
>>> CID 1472578: Uninitialized variables (UNINIT)<br>
>>> Using uninitialized value "crcnode". Field "crcnode.hdr_crc" is uninitialized when calling "cyg_crc32_accumulate".<br>
759 hdr_crc = crc32(0, &crcnode, sizeof(crcnode)-4);<br>
760 <br>
761 if (hdr_crc != je32_to_cpu(node->hdr_crc)) {<br>
762 noisy_printk(&noise, "%s(): Node at 0x%08x {0x%04x, 0x%04x, 0x%08x) has invalid CRC 0x%08x (calculated 0x%08x)\n",<br>
763 __func__,<br>
764 ofs, je16_to_cpu(node->magic),<br>
<br>
** CID 1472577: (PATH_MANIPULATION)<br>
/cpukit/mghttpd/mongoose.c: 4432 in mg_upload()<br>
/cpukit/mghttpd/mongoose.c: 4432 in mg_upload()<br>
/cpukit/mghttpd/mongoose.c: 4432 in mg_upload()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472577: (PATH_MANIPULATION)<br>
/cpukit/mghttpd/mongoose.c: 4432 in mg_upload()<br>
4426 (s = strrchr(fname, '\\')) == NULL) {<br>
4427 s = fname;<br>
4428 }<br>
4429 <br>
4430 // Open file in binary mode. TODO: set an exclusive lock.<br>
4431 snprintf(path, sizeof(path), "%s/%s", destination_dir, s);<br>
>>> CID 1472577: (PATH_MANIPULATION)<br>
>>> Constructing a path or URI using the tainted value "path" and passing it to "fopen". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.<br>
4432 if ((fp = fopen(path, "wb")) == NULL) {<br>
4433 break;<br>
4434 }<br>
4435 <br>
4436 // Read POST data, write into file until boundary is found.<br>
4437 eof = n = 0;<br>
/cpukit/mghttpd/mongoose.c: 4432 in mg_upload()<br>
4426 (s = strrchr(fname, '\\')) == NULL) {<br>
4427 s = fname;<br>
4428 }<br>
4429 <br>
4430 // Open file in binary mode. TODO: set an exclusive lock.<br>
4431 snprintf(path, sizeof(path), "%s/%s", destination_dir, s);<br>
>>> CID 1472577: (PATH_MANIPULATION)<br>
>>> Constructing a path or URI using the tainted value "path" and passing it to "fopen". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.<br>
4432 if ((fp = fopen(path, "wb")) == NULL) {<br>
4433 break;<br>
4434 }<br>
4435 <br>
4436 // Read POST data, write into file until boundary is found.<br>
4437 eof = n = 0;<br>
/cpukit/mghttpd/mongoose.c: 4432 in mg_upload()<br>
4426 (s = strrchr(fname, '\\')) == NULL) {<br>
4427 s = fname;<br>
4428 }<br>
4429 <br>
4430 // Open file in binary mode. TODO: set an exclusive lock.<br>
4431 snprintf(path, sizeof(path), "%s/%s", destination_dir, s);<br>
>>> CID 1472577: (PATH_MANIPULATION)<br>
>>> Constructing a path or URI using the tainted value "path" and passing it to "fopen". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.<br>
4432 if ((fp = fopen(path, "wb")) == NULL) {<br>
4433 break;<br>
4434 }<br>
4435 <br>
4436 // Read POST data, write into file until boundary is found.<br>
4437 eof = n = 0;<br>
<br>
** CID 1472576: Null pointer dereferences (FORWARD_NULL)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472576: Null pointer dereferences (FORWARD_NULL)<br>
/cpukit/libblock/src/bdbuf.c: 2632 in rtems_bdbuf_swapout_worker_task()<br>
2626 rtems_bdbuf_swapout_worker* worker = (rtems_bdbuf_swapout_worker*) arg;<br>
2627 <br>
2628 while (worker->enabled)<br>
2629 {<br>
2630 rtems_bdbuf_wait_for_event (RTEMS_BDBUF_SWAPOUT_SYNC);<br>
2631 <br>
>>> CID 1472576: Null pointer dereferences (FORWARD_NULL)<br>
>>> Passing "&worker->transfer" to "rtems_bdbuf_swapout_write", which dereferences null "worker->transfer.dd".<br>
2632 rtems_bdbuf_swapout_write (&worker->transfer);<br>
2633 <br>
2634 rtems_bdbuf_lock_cache ();<br>
2635 <br>
2636 rtems_chain_initialize_empty (&worker->transfer.bds);<br>
2637 worker->transfer.dd = BDBUF_INVALID_DEV;<br>
<br>
** CID 1472575: Memory - illegal accesses (UNINIT)<br>
/cpukit/libmisc/shell/main_rtrace.c: 229 in rtems_trace_buffering_print_arg()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472575: Memory - illegal accesses (UNINIT)<br>
/cpukit/libmisc/shell/main_rtrace.c: 229 in rtems_trace_buffering_print_arg()<br>
223 memcpy (&variable.bytes[0], argv, arg->size);<br>
224 <br>
225 printf ("(%s) ", arg->type);<br>
226 <br>
227 if (strchr (arg->type, '*') != NULL)<br>
228 {<br>
>>> CID 1472575: Memory - illegal accesses (UNINIT)<br>
>>> Using uninitialized value "variable.pointer" when calling "printf".<br>
229 printf ("%p", variable.pointer);<br>
230 }<br>
231 else<br>
232 {<br>
233 size_t b;<br>
234 switch (arg->size)<br>
<br>
** CID 1472574: Error handling issues (CHECKED_RETURN)<br>
/cpukit/libfs/src/dosfs/msdos_format.c: 131 in msdos_format_read_sec()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472574: Error handling issues (CHECKED_RETURN)<br>
/cpukit/libfs/src/dosfs/msdos_format.c: 131 in msdos_format_read_sec()<br>
125 int ret_val = 0;<br>
126 <br>
127 if (0 > lseek(fd,((off_t)start_sector)*sector_size,SEEK_SET)) {<br>
128 ret_val = -1;<br>
129 }<br>
130 if (ret_val == 0) {<br>
>>> CID 1472574: Error handling issues (CHECKED_RETURN)<br>
>>> "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.<br>
131 if (0 > read(fd,buffer,sector_size)) {<br>
132 ret_val = -1;<br>
133 }<br>
134 }<br>
135 <br>
136 return ret_val;<br>
<br>
** CID 1472573: Insecure data handling (TAINTED_SCALAR)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1472573: Insecure data handling (TAINTED_SCALAR)<br>
/cpukit/libdl/rtl-elf.c: 1706 in rtems_rtl_elf_file_load()<br>
1700 <br>
1701 /*<br>
1702 * Parse the section information first so we have the memory map of the object<br>
1703 * file and the memory allocated. Any further allocations we make to complete<br>
1704 * the load will not fragment the memory.<br>
1705 */<br>
>>> CID 1472573: Insecure data handling (TAINTED_SCALAR)<br>
>>> Passing tainted expression "ehdr.e_shnum" to "rtems_rtl_elf_parse_sections", which uses it as a loop boundary.<br>
1706 if (!rtems_rtl_elf_parse_sections (obj, fd, &ehdr))<br>
1707 return false;<br>
1708 <br>
1709 /*<br>
1710 * Set the entry point if there is one.<br>
1711 */<br>
<br>
<br>
________________________________________________________________________________________________________<br>
To view the defects in Coverity Scan visit, <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DHaSx_NXfCUf1CLFYLbjXajJIgHlbL5qYn95oel6MvjPauKOZWRAeoPfG9R5Ut-2B0l1A5CBYN8H1u2OvYHQK1lhr4Zh6SDh2S5PCPFmmyp-2BCuliFxJzj1S7OgK9z2cMZjSTabCeURWJhVg1EI1bNhOt7aXFw3Vp5t2pGj4mbLRlTtRMHZ6hxDQXicJzm8pwnsWJaDgwdb8CD96vfoF8CM8XgA81RPZ7mfvWd3hfqlGbYPYac3I-3D" rel="noreferrer noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DHaSx_NXfCUf1CLFYLbjXajJIgHlbL5qYn95oel6MvjPauKOZWRAeoPfG9R5Ut-2B0l1A5CBYN8H1u2OvYHQK1lhr4Zh6SDh2S5PCPFmmyp-2BCuliFxJzj1S7OgK9z2cMZjSTabCeURWJhVg1EI1bNhOt7aXFw3Vp5t2pGj4mbLRlTtRMHZ6hxDQXicJzm8pwnsWJaDgwdb8CD96vfoF8CM8XgA81RPZ7mfvWd3hfqlGbYPYac3I-3D</a><br>
<br>
To manage Coverity Scan email notifications for "<a href="mailto:gedare@gwmail.gwu.edu" target="_blank" rel="noreferrer">gedare@gwmail.gwu.edu</a>", click <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxkxN7gn3yK5ofbuH1ptBFYw9YgpazuIaA-2BBUVKiHj8oUDwYWUynp42iaapm4KJU8XqWU01jaV7ANE1ZK33b9AxrNSft0QTNSkD2bLN6ho-2BnY-3DE-ws_NXfCUf1CLFYLbjXajJIgHlbL5qYn95oel6MvjPauKOZWRAeoPfG9R5Ut-2B0l1A5CB2NlyTs8n9wN-2FSyicx0tEXvXYGaGlLArYwAKrk-2B9Jr66dphmYP41ATiju2UCnJoYnvc2ZTjo8dyOLJxCeQsHoCOP862aab9fl1B0ammZrfyNIUSx8tg05QJP9bJRsN6zngYUWsWkGMJv3twh07snfhrXqd0NMPJLhSvujwj6My6A-3D" rel="noreferrer noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxkxN7gn3yK5ofbuH1ptBFYw9YgpazuIaA-2BBUVKiHj8oUDwYWUynp42iaapm4KJU8XqWU01jaV7ANE1ZK33b9AxrNSft0QTNSkD2bLN6ho-2BnY-3DE-ws_NXfCUf1CLFYLbjXajJIgHlbL5qYn95oel6MvjPauKOZWRAeoPfG9R5Ut-2B0l1A5CB2NlyTs8n9wN-2FSyicx0tEXvXYGaGlLArYwAKrk-2B9Jr66dphmYP41ATiju2UCnJoYnvc2ZTjo8dyOLJxCeQsHoCOP862aab9fl1B0ammZrfyNIUSx8tg05QJP9bJRsN6zngYUWsWkGMJv3twh07snfhrXqd0NMPJLhSvujwj6My6A-3D</a><br>
<br>
</div>