17 lines
532 B
Text
17 lines
532 B
Text
Security fix for CVE-2009-3994: buffer overflow in DICOM reader
|
|
|
|
--- src-IL/src/il_dicom.c.orig Tue Mar 29 19:39:24 2011
|
|
+++ src-IL/src/il_dicom.c Tue Mar 29 19:40:05 2011
|
|
@@ -427,9 +427,11 @@ ILboolean GetUID(ILubyte *UID)
|
|
return IL_FALSE;
|
|
|
|
ValLen = GetLittleUShort();
|
|
+ if (ValLen > 64)
|
|
+ return IL_FALSE;
|
|
if (iread(UID, ValLen, 1) != 1)
|
|
return IL_FALSE;
|
|
- UID[64] = 0; // Just to make sure that our string is terminated.
|
|
+ UID[ValLen] = 0; // Just to make sure that our string is terminated.
|
|
|
|
return IL_TRUE;
|
|
}
|