Mercurial > hg > orthanc

--- a/Resources/CMake/DcmtkConfiguration.cmake	Wed Nov 30 09:03:12 2016 +0100
+++ b/Resources/CMake/DcmtkConfiguration.cmake	Fri Dec 02 16:04:00 2016 +0100
@@ -50,6 +50,17 @@
     else()
       message("Using the dictionary of private tags from DCMTK 3.6.0")
     endif()
+
+    # Patches specific to DCMTK 3.6.0
+    execute_process(
+      COMMAND ${PATCH_EXECUTABLE} -p0 -N -i ${ORTHANC_ROOT}/Resources/Patches/dcmtk-3.6.0-dulparse-vulnerability.patch
+      WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
+      RESULT_VARIABLE Failure
+      )
+
+    if (Failure)
+      message(FATAL_ERROR "Error while patching a file")
+    endif()
   endif()
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Resources/Patches/dcmtk-3.6.0-dulparse-vulnerability.patch	Fri Dec 02 16:04:00 2016 +0100
@@ -0,0 +1,29 @@
+diff -urEb dcmtk-3.6.0.orig/dcmnet/libsrc/dulparse.cc dcmtk-3.6.0/dcmnet/libsrc/dulparse.cc
+--- dcmtk-3.6.0.orig/dcmnet/libsrc/dulparse.cc	2010-12-01 09:26:36.000000000 +0100
++++ dcmtk-3.6.0/dcmnet/libsrc/dulparse.cc	2016-12-02 15:58:49.930540033 +0100
+@@ -393,6 +393,8 @@
+                     return cond;
+
+                 buf += length;
++                if (presentationLength < length)
++                  return EC_MemoryExhausted;
+                 presentationLength -= length;
+                 DCMNET_TRACE("Successfully parsed Abstract Syntax");
+                 break;
+@@ -404,12 +406,16 @@
+                 cond = LST_Enqueue(&context->transferSyntaxList, (LST_NODE*)subItem);
+                 if (cond.bad()) return cond;
+                 buf += length;
++                if (presentationLength < length)
++                  return EC_MemoryExhausted;
+                 presentationLength -= length;
+                 DCMNET_TRACE("Successfully parsed Transfer Syntax");
+                 break;
+             default:
+                 cond = parseDummy(buf, &length, presentationLength);
+                 buf += length;
++                if (presentationLength < length)
++                  return EC_MemoryExhausted;
+                 presentationLength -= length;
+                 break;
+             }