Skip to content

Commit

Permalink
Fixed two segmentation faults.
Browse files Browse the repository at this point in the history
Fixed two segmentations faults that could occur while processing an
invalid incoming DIMSE message due to insufficient error handling
causing a de-referenced NULL pointer.

Thanks to Nils Bars <nils.bars@rub.de> for the bug report and sample files.

This closes DCMTK issue #1114.
  • Loading branch information
Marco Eichelberg committed Mar 13, 2024
1 parent d831366 commit c78e434
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 16 deletions.
9 changes: 8 additions & 1 deletion dcmdata/libsrc/dcelem.cc
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
*
* Copyright (C) 1994-2023, OFFIS e.V.
* Copyright (C) 1994-2024, OFFIS e.V.
* All rights reserved. See COPYRIGHT file for details.
*
* This software and supporting documentation were developed by
Expand Down Expand Up @@ -717,6 +717,13 @@ OFCondition DcmElement::loadValue(DcmInputStream *inStream)
if (isStreamNew)
delete readStream;
}
else
{
errorFlag = EC_InvalidStream; // incomplete dataset read from stream
DCMDATA_ERROR("DcmElement: " << getTagName() << " " << getTag()
<< " larger (" << getLengthField() << ") than remaining bytes ("
<< getTransferredBytes() << ") in file, premature end of stream");
}
}
/* return result value */
return errorFlag;
Expand Down
33 changes: 18 additions & 15 deletions dcmnet/libsrc/dimcmd.cc
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
/*
*
* Copyright (C) 1994-2022, OFFIS e.V.
* Copyright (C) 1994-2024, OFFIS e.V.
* All rights reserved. See COPYRIGHT file for details.
*
* This software and supporting documentation were partly developed by
Expand Down Expand Up @@ -205,22 +205,25 @@ getString(DcmDataset *obj, DcmTagKey t, char *s, int maxlen, OFBool *spacePadded
return parseErrorWithMsg("dimcmd:getString: string too small", t);
} else {
ec = elem->getString(aString);
strncpy(s, aString, maxlen);
if (spacePadded)
if (ec.good())
{
/* before we remove leading and tailing spaces we want to know
* whether the string is actually space padded. Required to communicate
* with dumb peers which send space padded UIDs and fail if they
* receive correct UIDs back.
*
* This test can only detect space padded strings if
* dcmEnableAutomaticInputDataCorrection is false; otherwise the padding
* has already been removed by dcmdata at this stage.
*/
size_t s_len = strlen(s);
if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse;
strncpy(s, aString, maxlen);
if (spacePadded)
{
/* before we remove leading and tailing spaces we want to know
* whether the string is actually space padded. Required to communicate
* with dumb peers which send space padded UIDs and fail if they
* receive correct UIDs back.
*
* This test can only detect space padded strings if
* dcmEnableAutomaticInputDataCorrection is false; otherwise the padding
* has already been removed by dcmdata at this stage.
*/
size_t s_len = strlen(s);
if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse;
}
DU_stripLeadingAndTrailingSpaces(s);
}
DU_stripLeadingAndTrailingSpaces(s);
}
}
return (ec.good())? ec : DIMSE_PARSEFAILED;
Expand Down

0 comments on commit c78e434

Please sign in to comment.