Mercurial > hg > orthanc

view Resources/Patches/dcmtk-3.6.0-dulparse-vulnerability.patch @ 2193:6ac6193a7935

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix a vulnerability in dcmtk 3.6.0
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 02 Dec 2016 16:04:00 +0100
parents
children
line wrap: on
line source

diff -urEb dcmtk-3.6.0.orig/dcmnet/libsrc/dulparse.cc dcmtk-3.6.0/dcmnet/libsrc/dulparse.cc
--- dcmtk-3.6.0.orig/dcmnet/libsrc/dulparse.cc	2010-12-01 09:26:36.000000000 +0100
+++ dcmtk-3.6.0/dcmnet/libsrc/dulparse.cc	2016-12-02 15:58:49.930540033 +0100
@@ -393,6 +393,8 @@
                     return cond;
 
                 buf += length;
+                if (presentationLength < length)
+                  return EC_MemoryExhausted;
                 presentationLength -= length;
                 DCMNET_TRACE("Successfully parsed Abstract Syntax");
                 break;
@@ -404,12 +406,16 @@
                 cond = LST_Enqueue(&context->transferSyntaxList, (LST_NODE*)subItem);
                 if (cond.bad()) return cond;
                 buf += length;
+                if (presentationLength < length)
+                  return EC_MemoryExhausted;
                 presentationLength -= length;
                 DCMNET_TRACE("Successfully parsed Transfer Syntax");
                 break;
             default:
                 cond = parseDummy(buf, &length, presentationLength);
                 buf += length;
+                if (presentationLength < length)
+                  return EC_MemoryExhausted;
                 presentationLength -= length;
                 break;
             }