Hi OFFIS team,
It is possible to get "read access violation" exception in DT_2_IndicatePData when server returns incorrect/malicious data in PDV length field.
The problem seems to be related to non-consistent variable types that allows to overfloat length variable when pdvLength is set by a server to a value greater then LONG_MAX + pduLength.
I created PR that addresses this issue: https://github.com/DCMTK/dcmtk/pull/87
Please have a look, and let me know what do you think.
Thanks,
Vasyl
Exception in DT_2_IndicatePData
Moderator: Moderator Team
-
Michael Onken
- DCMTK Developer
- Posts: 2051
- Joined: Fri, 2004-11-05, 13:47
- Location: Oldenburg, Germany
- Contact:
Re: Exception in DT_2_IndicatePData
Hi Vasyl,
thank you for the investigation and proposed patch. I roughly looked over it a few days ago and it looks good. We will discuss the patch on Friday and I provide final feedback then.
Best regards,
Michael
thank you for the investigation and proposed patch. I roughly looked over it a few days ago and it looks good. We will discuss the patch on Friday and I provide final feedback then.
Best regards,
Michael
Who is online
Users browsing this forum: Semrush [Bot] and 1 guest