view Resources/Patches/dcmtk-3.6.0-dulparse-vulnerability.patch @ 3841:be7df7fe3d80

avoid one memcpy of the DICOM buffer on "POST /instances"
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 16 Apr 2020 16:58:37 +0200
parents 6ac6193a7935
children
line wrap: on
line source

diff -urEb dcmtk-3.6.0.orig/dcmnet/libsrc/dulparse.cc dcmtk-3.6.0/dcmnet/libsrc/dulparse.cc
--- dcmtk-3.6.0.orig/dcmnet/libsrc/dulparse.cc	2010-12-01 09:26:36.000000000 +0100
+++ dcmtk-3.6.0/dcmnet/libsrc/dulparse.cc	2016-12-02 15:58:49.930540033 +0100
@@ -393,6 +393,8 @@
                     return cond;
 
                 buf += length;
+                if (presentationLength < length)
+                  return EC_MemoryExhausted;
                 presentationLength -= length;
                 DCMNET_TRACE("Successfully parsed Abstract Syntax");
                 break;
@@ -404,12 +406,16 @@
                 cond = LST_Enqueue(&context->transferSyntaxList, (LST_NODE*)subItem);
                 if (cond.bad()) return cond;
                 buf += length;
+                if (presentationLength < length)
+                  return EC_MemoryExhausted;
                 presentationLength -= length;
                 DCMNET_TRACE("Successfully parsed Transfer Syntax");
                 break;
             default:
                 cond = parseDummy(buf, &length, presentationLength);
                 buf += length;
+                if (presentationLength < length)
+                  return EC_MemoryExhausted;
                 presentationLength -= length;
                 break;
             }