[med-svn] [Git][med-team/dcmtk][debian/bookworm] 4 commits: Revert "d/changelog: ready for proposed update to bookworm."
Étienne Mollier (@emollier)
gitlab at salsa.debian.org
Thu Feb 13 21:17:51 GMT 2025
Étienne Mollier pushed to branch debian/bookworm at Debian Med / dcmtk
Commits:
c248f2b2 by Étienne Mollier at 2025-02-13T17:42:28+01:00
Revert "d/changelog: ready for proposed update to bookworm."
This reverts commit 8781a6c9b19834138c320ac6a87304ffaf26c0b6.
Gbp-Dch: ignore
- - - - -
a650640c by Étienne Mollier at 2025-02-13T17:42:57+01:00
Revert "Introduce patch series to fix CVE-2024-28130."
This reverts commit 9fd765dbb85d1cd21e148502220226f786980606.
Gbp-Dch: ignore
- - - - -
eae4db7f by Étienne Mollier at 2025-02-13T17:44:47+01:00
Introduce patch series to fix CVE-2024-28130.
This change introduces the patches:
* 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
* 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
* 0003-Fixed-wrong-error-handling-previous-commit.patch
mapping to upstream commits:
* dc6a2446dc03c9db90f82ce17a597f2cd53776c5
* 601b227eecaab33a3a3a11dc256d84b1a62f63af
* 7d54f8efec995e5601d089fa17b0625c2b41af23
with the nuance that upstream check functions are inlined, in order to
avoid an ABI breakage.
Thanks: Adrian Bunk
Closes: #1070207
- - - - -
9197baff by Étienne Mollier at 2025-02-13T17:51:00+01:00
d/changelog: ready for bookworm proposed update.
- - - - -
5 changed files:
- debian/changelog
- debian/patches/0012-CVE-2024-28130_1.patch → debian/patches/0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
- debian/patches/0013-CVE-2024-28130_2.patch → debian/patches/0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
- debian/patches/0014-CVE-2024-28130_3.patch → debian/patches/0003-Fixed-wrong-error-handling-previous-commit.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -2,13 +2,19 @@ dcmtk (3.6.7-9~deb12u3) bookworm; urgency=medium
* Team upload.
* Introduce patch series to fix CVE-2024-28130.
- This change introduces the patches 0012-CVE-2024-28130_1.patch,
- 0013-CVE-2024-28130_2.patch and 0014-CVE-2024-28130_3.patch, mapping
- to upstream commits dc6a2446dc03c9db90f82ce17a597f2cd53776c5,
- 601b227eecaab33a3a3a11dc256d84b1a62f63af and
- 7d54f8efec995e5601d089fa17b0625c2b41af23. (Closes: #1070207)
-
- -- Étienne Mollier <emollier at debian.org> Tue, 11 Feb 2025 22:05:52 +0100
+ This change introduces the patches:
+ * 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
+ * 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
+ * 0003-Fixed-wrong-error-handling-previous-commit.patch
+ mapping to upstream commits:
+ * dc6a2446dc03c9db90f82ce17a597f2cd53776c5
+ * 601b227eecaab33a3a3a11dc256d84b1a62f63af
+ * 7d54f8efec995e5601d089fa17b0625c2b41af23
+ with the nuance that upstream check functions are inlined, in order to
+ avoid an ABI breakage.
+ Thanks to Adrian Bunk (Closes: #1070207)
+
+ -- Étienne Mollier <emollier at debian.org> Thu, 13 Feb 2025 17:48:57 +0100
dcmtk (3.6.7-9~deb12u2) bookworm; urgency=medium
=====================================
debian/patches/0012-CVE-2024-28130_1.patch → debian/patches/0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
=====================================
@@ -1,52 +1,51 @@
-Applied-Upstream: dc6a2446dc03c9db90f82ce17a597f2cd53776c5
-Author: Marco Eichelberg <dicom at offis.de>
-Reviewed-By: Étienne Mollier <emollier at debian.org>
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207
-Last-Update: 2025-02-11
-Description: Fixed unchecked typecasts of DcmItem::search results.
- DcmItem::search() returns a stack of DcmObject pointers as search results.
- These pointers in most instances need to be casted to DcmItem, DcmElement
- or a subclass of these. In many cases, the type of the object was not
- properly checked before the typecast. This could lead to segmentation faults
- when invalid DICOM datasets were processed where elements had the wrong
- value representation.
+>From b8e1d6f7a0e2fba1b0dd138c790751bf88220464 Mon Sep 17 00:00:00 2001
+From: Marco Eichelberg <dicom at offis.de>
+Date: Mon, 15 Apr 2024 12:12:51 +0200
+Subject: Fixed unchecked typecasts of DcmItem::search results.
+
+DcmItem::search() returns a stack of DcmObject pointers as search results.
+These pointers in most instances need to be casted to DcmItem, DcmElement
+or a subclass of these. In many cases, the type of the object was not
+properly checked before the typecast. This could lead to segmentation faults
+when invalid DICOM datasets were processed where elements had the wrong
+value representation.
+---
+ dcmdata/libsrc/dcddirif.cc | 4 ++--
+ dcmdata/libsrc/dcdirrec.cc | 6 +++---
+ dcmdata/libsrc/dcfilefo.cc | 12 +++++------
+ dcmdata/libsrc/dcitem.cc | 14 ++++++-------
+ dcmimgle/libsrc/didocu.cc | 2 +-
+ dcmiod/libsrc/iodutil.cc | 4 ++--
+ dcmjpeg/libsrc/djcodece.cc | 8 ++++----
+ dcmnet/apps/storescu.cc | 6 ++++++
+ dcmnet/libsrc/dimcmd.cc | 38 ++++++++++++++++++++--------------
+ dcmnet/libsrc/diutil.cc | 28 ++++++++++++-------------
+ dcmnet/libsrc/dstorscu.cc | 2 +-
+ dcmpstat/apps/dcmmklut.cc | 4 ++--
+ dcmpstat/apps/dcmpschk.cc | 6 +++++-
+ dcmpstat/libsrc/dviface.cc | 10 ++++-----
+ dcmpstat/libsrc/dvpsabl.cc | 4 ++--
+ dcmpstat/libsrc/dvpscu.cc | 18 ++++++++--------
+ dcmpstat/libsrc/dvpsdal.cc | 4 ++--
+ dcmpstat/libsrc/dvpsfs.cc | 22 ++++++++++----------
+ dcmpstat/libsrc/dvpsgal.cc | 4 ++--
+ dcmpstat/libsrc/dvpsgll.cc | 4 ++--
+ dcmpstat/libsrc/dvpsgrl.cc | 4 ++--
+ dcmpstat/libsrc/dvpshlp.cc | 2 +-
+ dcmpstat/libsrc/dvpsib.cc | 42 +++++++++++++++++++-------------------
+ dcmpstat/libsrc/dvpsibl.cc | 4 ++--
+ dcmpstat/libsrc/dvpspll.cc | 4 ++--
+ dcmpstat/libsrc/dvpsril.cc | 2 +-
+ dcmpstat/libsrc/dvpsrsl.cc | 4 ++--
+ dcmpstat/libsrc/dvpssp.cc | 40 ++++++++++++++++++------------------
+ dcmpstat/libsrc/dvpstxl.cc | 4 ++--
+ dcmpstat/libsrc/dvpsvll.cc | 4 ++--
+ dcmrt/libsrc/drttypes.cc | 8 +++-----
+ dcmsign/libsrc/dcsignat.cc | 20 +++++++++---------
+ dcmsign/libsrc/sicert.cc | 4 ++--
+ dcmsr/libsrc/dsrtypes.cc | 4 ++--
+ 34 files changed, 180 insertions(+), 166 deletions(-)
---- dcmtk.orig/dcmdata/include/dcmtk/dcmdata/dcelem.h
-+++ dcmtk/dcmdata/include/dcmtk/dcmdata/dcelem.h
-@@ -143,6 +143,11 @@
- */
- virtual OFBool isLeaf() const { return OFTrue; }
-
-+ /** check if this element can be safely casted to DcmElement
-+ * @return true if DcmElement, false otherwise
-+ */
-+ virtual OFBool isElement() const { return OFTrue; }
-+
- /** check if value of this element is loaded into main memory
- * @return true if value is present in memory, false if value still resides in file
- */
---- dcmtk.orig/dcmdata/include/dcmtk/dcmdata/dcobject.h
-+++ dcmtk/dcmdata/include/dcmtk/dcmdata/dcobject.h
-@@ -1,6 +1,6 @@
- /*
- *
-- * Copyright (C) 1994-2020, OFFIS e.V.
-+ * Copyright (C) 1994-2024, OFFIS e.V.
- * All rights reserved. See COPYRIGHT file for details.
- *
- * This software and supporting documentation were developed by
-@@ -308,6 +308,11 @@
- */
- virtual OFBool isLeaf() const = 0;
-
-+ /** check if this element can be safely casted to DcmElement
-+ * @return true if DcmElement, false otherwise
-+ */
-+ virtual OFBool isElement() const { return OFFalse; }
-+
- /** check if this element is nested in a sequence of items, i.e.\ not a
- * top-level or stand-alone element
- * @return true if this element is nested, false otherwise
--- dcmtk.orig/dcmdata/libsrc/dcddirif.cc
+++ dcmtk/dcmdata/libsrc/dcddirif.cc
@@ -433,7 +433,7 @@
@@ -54,7 +53,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack1, stack2;
/* check whether attributes are equal */
- while (item1->nextObject(stack1, first).good() && item2->nextObject(stack2, first).good())
-+ while (item1->nextObject(stack1, first).good() && item2->nextObject(stack2, first).good() && stack1.top()->isElement() && stack2.top()->isElement())
++ while (item1->nextObject(stack1, first).good() && item2->nextObject(stack2, first).good() && (dynamic_cast<DcmElement*>(stack1.top()) != nullptr) && (dynamic_cast<DcmElement*>(stack2.top()) != nullptr))
{
if (!compareAttributes(OFstatic_cast(DcmElement *, stack1.top()), OFstatic_cast(DcmElement *, stack2.top()), fromSequence, i++, reason))
break;
@@ -63,7 +62,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmElement *delem = NULL;
/* iterate over all record elements */
- while (record->nextObject(stack, first).good() && (result || !abortCheck))
-+ while (record->nextObject(stack, first).good() && (result || !abortCheck) && stack.top()->isElement())
++ while (record->nextObject(stack, first).good() && (result || !abortCheck) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
delem = OFstatic_cast(DcmElement *, stack.top());
if ((delem != NULL) && (delem->getLength() > 0))
@@ -158,7 +157,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
OFBool result = OFFalse;
- if (search(key, stack, ESM_fromHere, searchIntoSub).good())
-+ if (search(key, stack, ESM_fromHere, searchIntoSub).good() && stack.top()->isElement())
++ if (search(key, stack, ESM_fromHere, searchIntoSub).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
DcmElement *elem = OFstatic_cast(DcmElement *, stack.top());
if (elem != NULL)
@@ -167,7 +166,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
/* find the element */
OFCondition status = search(tagKey, stack, ESM_fromHere, searchIntoSub);
- if (status.good())
-+ if (status.good() && stack.top()->isElement())
++ if (status.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
element = OFstatic_cast(DcmElement *, stack.top());
/* should never happen but ... */
@@ -176,7 +175,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
/* find the element */
OFCondition status = search(seqTagKey, stack, ESM_fromHere, searchIntoSub);
- if (status.good())
-+ if (status.good() && stack.top()->isElement())
++ if (status.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
/* should never happen but ... */
@@ -185,7 +184,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
/* find sequence */
OFCondition status = search(seqTagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (status.good())
-+ if (status.good() && stack.top()->isElement())
++ if (status.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* get element */
DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
@@ -194,7 +193,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmSequenceOfItems *sequence = NULL;
/* sequence found? */
- if (status.good())
-+ if (status.good() && stack.top()->isElement())
++ if (status.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* get element */
DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
@@ -203,7 +202,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
/* find sequence */
OFCondition status = search(seqTagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (status.good())
-+ if (status.good() && stack.top()->isElement())
++ if (status.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* get element */
DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
@@ -212,7 +211,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmSequenceOfItems *sequence = NULL;
/* sequence found? */
- if (status.good())
-+ if (status.good() && stack.top()->isElement())
++ if (status.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* get element */
DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
@@ -223,7 +222,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
// only search on main dataset level
if ((obj != NULL) && (obj->search(tag, stack, ESM_fromHere, OFFalse /* searchIntoSub */) == EC_Normal) &&
- (stack.top()->getLength(Xfer) > 0))
-+ (stack.top()->getLength(Xfer) > 0) && stack.top()->isElement())
++ (stack.top()->getLength(Xfer) > 0) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
return OFstatic_cast(DcmElement *, stack.top());
}
@@ -234,7 +233,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
const DcmTagKey tagKey = delem.getTag();
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* copy object from search stack */
result = delem.copyFrom(*stack.top());
@@ -243,7 +242,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack;
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* copy object from search stack */
delem = OFstatic_cast(DcmElement*, stack.top()->clone());
@@ -262,19 +261,19 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack;
- if ((dataset->search(DCM_WindowCenter, stack, ESM_fromHere, OFFalse)).good())
-+ if ((dataset->search(DCM_WindowCenter, stack, ESM_fromHere, OFFalse)).good() && stack.top()->isElement())
++ if ((dataset->search(DCM_WindowCenter, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
center = OFreinterpret_cast(DcmElement*, stack.top());
}
stack.clear();
- if ((dataset->search(DCM_WindowWidth, stack, ESM_fromHere, OFFalse)).good())
-+ if ((dataset->search(DCM_WindowWidth, stack, ESM_fromHere, OFFalse)).good() && stack.top()->isElement())
++ if ((dataset->search(DCM_WindowWidth, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
width = OFreinterpret_cast(DcmElement*, stack.top());
}
stack.clear();
- if ((dataset->search(DCM_WindowCenterWidthExplanation, stack, ESM_fromHere, OFFalse)).good())
-+ if ((dataset->search(DCM_WindowCenterWidthExplanation, stack, ESM_fromHere, OFFalse)).good() && stack.top()->isElement())
++ if ((dataset->search(DCM_WindowCenterWidthExplanation, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
explanation = OFreinterpret_cast(DcmElement*, stack.top());
}
@@ -284,7 +283,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
return OFFalse;
}
-+ if (! stack.top()->isElement())
++ if (! (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ {
+ OFLOG_ERROR(storescuLogger, "updateStringAttributeValue: not a DcmElement: " << tag.getTagName() << " " << key);
+ return OFFalse;
@@ -308,7 +307,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
ec = obj->search(t, stack);
- elem = (DcmElement*)stack.top();
- if (ec == EC_Normal && elem != NULL) {
-+ if (ec.good() && stack.top()->isElement())
++ if (ec.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ elem = (DcmElement*)stack.top();
+
+ if (elem != NULL) {
@@ -327,7 +326,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
ec = obj->search(t, stack);
- elem = (DcmElement*)stack.top();
- if (ec == EC_Normal && elem != NULL) {
-+ if (ec.good() && stack.top()->isElement())
++ if (ec.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ elem = (DcmElement*)stack.top();
+
+ if (elem != NULL) {
@@ -351,7 +350,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
ec = obj->search(t, stack);
- elem = (DcmElement*)stack.top();
- if (ec == EC_Normal && elem != NULL) {
-+ if (ec.good() && stack.top()->isElement())
++ if (ec.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ elem = (DcmElement*)stack.top();
+
+ if (elem != NULL) {
@@ -377,7 +376,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
ec = obj->search(t, stack);
- elem = (DcmElement*)stack.top();
- if (ec == EC_Normal && elem != NULL) {
-+ if (ec.good() && stack.top()->isElement())
++ if (ec.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ elem = (DcmElement*)stack.top();
+
+ if (elem) {
@@ -408,7 +407,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
- elem = (DcmByteString*) stack.top();
- if (ec == EC_Normal && elem != NULL) {
+ OFCondition ec = obj->search(t, stack);
-+ if (ec.good() && (stack.top() != NULL) && stack.top()->isElement()) {
++ if (ec.good() && (stack.top() != NULL) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr)) {
+ DcmElement *elem = (DcmElement *) stack.top();
if (elem->getLength() == 0) {
s[0] = '\0';
@@ -444,7 +443,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
- if (ec == EC_Normal && elem != NULL) {
- ec = elem->getUint16(*us, 0);
+ OFCondition ec = obj->search(t, stack);
-+ if (ec.good() && stack.top()->isElement())
++ if (ec.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ {
+ elem = (DcmElement*) stack.top();
+ if (elem) ec = elem->getUint16(*us, 0);
@@ -471,7 +470,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
OFStandard::getDirNameFromPath(dirName, filename, OFFalse /* assumeDirName */);
// iterate over all items (directory records) where ReferencedFileID is present
- while (dataset->search(DCM_ReferencedFileID, stack, ESM_afterStackTop, OFTrue).good())
-+ while (dataset->search(DCM_ReferencedFileID, stack, ESM_afterStackTop, OFTrue).good() && stack.top()->isElement())
++ while (dataset->search(DCM_ReferencedFileID, stack, ESM_afterStackTop, OFTrue).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
// make sure that the dataset and element pointer are there
if (stack.card() > 1)
@@ -502,7 +501,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
ec = dset->search(key, stack, ESM_fromHere, OFFalse);
- elem = (DcmElement*) stack.top();
-+ if (ec.good() && stack.top()->isElement())
++ if (ec.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ {
+ elem = (DcmElement*) stack.top();
+ }
@@ -534,13 +533,13 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
if (dset)
{
- if (EC_Normal == dset->search(DCM_SOPInstanceUID, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset->search(DCM_SOPInstanceUID, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset->search(DCM_SOPInstanceUID, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
OFstatic_cast(DcmElement *, stack.top())->getString(instanceUID);
}
stack.clear();
- if (EC_Normal == dset->search(DCM_SOPClassUID, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset->search(DCM_SOPClassUID, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset->search(DCM_SOPClassUID, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
OFstatic_cast(DcmElement *, stack.top())->getString(classUID);
}
@@ -587,7 +586,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
/* first we look for the Curve Data */
DcmTagKey key(0x5000 + group,0x3000);
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_curveData = (DcmElement *)(stack.top());
} else return EC_IllegalCall;
@@ -595,7 +594,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x0005); // Curve Dimensions
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_curveDimensions = (DcmElement *)(stack.top());
} else return EC_IllegalCall;
@@ -604,7 +603,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x0010); // Number of Points
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_numberOfPoints = (DcmElement *)(stack.top());
} else return EC_IllegalCall;
@@ -612,7 +611,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x0020); // Type of Data
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_typeOfData = (DcmElement *)(stack.top());
} else return EC_IllegalCall;
@@ -620,7 +619,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x0103); // Data Value Representation
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_dataVR = (DcmElement *)(stack.top());
} else return EC_IllegalCall;
@@ -628,7 +627,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x0022); // Curve Description
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_curveDescription = (DcmElement *)(stack.top());
}
@@ -636,7 +635,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x0030); // Axis Units
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_axisUnits = (DcmElement *)(stack.top());
}
@@ -644,7 +643,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
key.setElement(0x2500); // Curve Label
stack.clear();
- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
-+ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && stack.top()->isElement())
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
d_curveLabel = (DcmElement *)(stack.top());
}
@@ -1021,7 +1020,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
{
stack.clear();
- if (rqDataset && (EC_Normal == rqDataset->search(DCM_PixelData, stack, ESM_fromHere, OFFalse)))
-+ if (rqDataset && (EC_Normal == rqDataset->search(DCM_PixelData, stack, ESM_fromHere, OFFalse)) && stack.top()->isElement())
++ if (rqDataset && (EC_Normal == rqDataset->search(DCM_PixelData, stack, ESM_fromHere, OFFalse)) && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
pixelData = new DcmPixelData(DCM_PixelData);
if (pixelData)
@@ -1336,7 +1335,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack;
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
DcmElement *element = OFstatic_cast(DcmElement *, stack.top());
if (element != NULL)
@@ -1347,7 +1346,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack;
OFCondition result = item.search(DCM_MACIDNumber, stack, ESM_fromHere, OFFalse);
- if (result.good() && (stack.top()->isLeaf()))
-+ if (result.good() && (stack.top()->isElement()))
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
result = ((DcmElement *)(stack.top()))->getUint16(macid);
}
@@ -1356,7 +1355,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
if (result.good())
{
- if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
char *uid = NULL;
if ((((DcmElement *)(stack.top()))->getString(uid)).good())
@@ -1365,7 +1364,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
{
stack.clear();
- if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
OFString macidentifier;
if ((((DcmElement *)(stack.top()))->getOFString(macidentifier, 0)).good())
@@ -1383,7 +1382,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
// read MAC Calculation Transfer Syntax UID
- if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
char *uid = NULL;
if ((((DcmElement *)(stack.top()))->getString(uid)).good() && uid)
@@ -1392,7 +1391,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
// read MAC Algorithm
- if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
if ((((DcmElement *)(stack.top()))->getOFString(str, 0)).good()) result = EC_Normal;
}
@@ -1401,7 +1400,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
// read signature UID
- if ((selectedSignatureItem->search(DCM_DigitalSignatureUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedSignatureItem->search(DCM_DigitalSignatureUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedSignatureItem->search(DCM_DigitalSignatureUID, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
if ((((DcmElement *)(stack.top()))->getOFString(str, 0)).good()) result = EC_Normal;
}
@@ -1410,7 +1409,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
// read signature date/time
- if ((selectedSignatureItem->search(DCM_DigitalSignatureDateTime, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedSignatureItem->search(DCM_DigitalSignatureDateTime, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedSignatureItem->search(DCM_DigitalSignatureDateTime, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
if ((((DcmElement *)(stack.top()))->getOFString(str, 0)).good()) result = EC_Normal;
}
@@ -1419,7 +1418,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
if (result.good())
{
- if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
char *uid = NULL;
if ((((DcmElement *)(stack.top()))->getString(uid)).good())
@@ -1428,7 +1427,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
E_MACType mac = EMT_RIPEMD160;
stack.clear();
- if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
-+ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
++ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack, ESM_fromHere, OFFalse)).good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
OFString macidentifier;
if ((((DcmElement *)(stack.top()))->getOFString(macidentifier, 0)).good())
@@ -1439,7 +1438,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack;
result = item.search(DCM_CertificateType, stack, ESM_fromHere, OFFalse);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
result = ((DcmElement *)(stack.top()))->getOFString(aString, 0);
if (result.good())
@@ -1448,7 +1447,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
stack.clear();
result = item.search(DCM_CertificateOfSigner, stack, ESM_fromHere, OFFalse);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
DcmElement *cert = (DcmElement *)stack.top();
Uint8 *data = NULL;
@@ -1459,7 +1458,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
const DcmTagKey tagKey = delem.getTag();
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
/* copy object from search stack */
result = delem.copyFrom(*stack.top());
@@ -1468,7 +1467,7 @@ Description: Fixed unchecked typecasts of DcmItem::search results.
DcmStack stack;
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
- if (result.good())
-+ if (result.good() && stack.top()->isElement())
++ if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
{
DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
/* we need a reference to the original element in order to determine the SpecificCharacterSet */
=====================================
debian/patches/0013-CVE-2024-28130_2.patch → debian/patches/0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
=====================================
@@ -1,26 +1,35 @@
-Applied-Upstream: 601b227eecaab33a3a3a11dc256d84b1a62f63af
-Author: Marco Eichelberg <dicom at offis.de>
-Reviewed-By: Étienne Mollier <emollier at debian.org>
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207
-Last-Update: 2025-02-11
-Description: Fixed unchecked typecasts and fixed LUT handling.
- This commit adds further fixes for unchecked typecasts of DcmItem::search()
- results (see description of previous commit). Furthermore, this commit
- specifically addresses the handling of look-up tables (LUTs) in module
- dcmpstat, where attribute (0028,3006) LUTData may use either US or OW
- value representation, and (0028,3002) LUTDescriptor may be either US or SS.
- The code should now properly handle all permitted value representations.
- LUTData is now always written as OW in order to avoid the 64k size limit
- for US in explicit VR encoding.
- .
- Thanks to Martin Zeiser from the Cisco Talos team
- <vulndiscovery at external.cisco.com> for the bug report (TALOS-2024-1957).
- .
- Together with the previous commit, this closes DCMTK issue #1120.
+>From 6cf0bc5d1cad4288d53d3a63207cd58d98300975 Mon Sep 17 00:00:00 2001
+From: Marco Eichelberg <dicom at offis.de>
+Date: Mon, 15 Apr 2024 12:19:33 +0200
+Subject: Fixed unchecked typecasts and fixed LUT handling.
---- dcmtk.orig/dcmpstat/libsrc/dcmpstat.cc
-+++ dcmtk/dcmpstat/libsrc/dcmpstat.cc
-@@ -384,12 +384,16 @@
+This commit adds further fixes for unchecked typecasts of DcmItem::search()
+results (see description of previous commit). Furthermore, this commit
+specifically addresses the handling of look-up tables (LUTs) in module
+dcmpstat, where attribute (0028,3006) LUTData may use either US or OW
+value representation, and (0028,3002) LUTDescriptor may be either US or SS.
+The code should now properly handle all permitted value representations.
+LUTData is now always written as OW in order to avoid the 64k size limit
+for US in explicit VR encoding.
+
+Thanks to Martin Zeiser from the Cisco Talos team
+<vulndiscovery at external.cisco.com> for the bug report (TALOS-2024-1957).
+
+Together with the previous commit, this closes DCMTK issue #1120.
+---
+ dcmpstat/libsrc/dcmpstat.cc | 40 ++++++++++++++++-------
+ dcmpstat/libsrc/dvpspl.cc | 34 ++++++++++++++------
+ dcmpstat/libsrc/dvpssv.cc | 34 ++++++++++++++------
+ dcmpstat/libsrc/dvpssvl.cc | 29 ++++++++++-------
+ dcmpstat/libsrc/dvpstat.cc | 63 +++++++++++++++++--------------------
+ dcmpstat/libsrc/dvpsvl.cc | 19 +++++++++--
+ 6 files changed, 140 insertions(+), 79 deletions(-)
+
+diff --git a/dcmpstat/libsrc/dcmpstat.cc b/dcmpstat/libsrc/dcmpstat.cc
+index f35ca16cd..c1acad5ff 100644
+--- a/dcmpstat/libsrc/dcmpstat.cc
++++ b/dcmpstat/libsrc/dcmpstat.cc
+@@ -384,12 +384,16 @@ OFCondition DcmPresentationState::read(DcmItem &dset)
{
item = seq->getItem(0);
stack.clear();
@@ -40,7 +49,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
stack.clear();
if ((EC_Normal == item->search((DcmTagKey &)modalityLUTExplanation.getTag(),
stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_LO))
-@@ -400,9 +404,11 @@
+@@ -400,9 +404,11 @@ OFCondition DcmPresentationState::read(DcmItem &dset)
// LUTData can be OW, US or SS. For now we only handle US.
if ((EC_Normal == item->search((DcmTagKey &)modalityLUTData.getTag(),
@@ -54,7 +63,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
stack.clear();
if ((EC_Normal == item->search((DcmTagKey &)modalityLUTType.getTag(),
-@@ -879,11 +885,13 @@
+@@ -879,11 +885,13 @@ OFCondition DcmPresentationState::createFromImage(
{
item = seq->getItem(0);
stack.clear();
@@ -71,7 +80,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
stack.clear();
if ((EC_Normal == item->search((DcmTagKey &)modalityLUTExplanation.getTag(),
-@@ -895,9 +903,11 @@
+@@ -895,9 +903,11 @@ OFCondition DcmPresentationState::createFromImage(
// LUTData can be OW, US or SS. For now we only handle US.
if ((EC_Normal == item->search((DcmTagKey &)modalityLUTData.getTag(),
@@ -85,7 +94,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
stack.clear();
if ((EC_Normal == item->search((DcmTagKey &)modalityLUTType.getTag(),
-@@ -1247,10 +1257,16 @@
+@@ -1247,10 +1257,16 @@ OFCondition DcmPresentationState::write(DcmItem &dset, OFBool replaceSOPInstance
dseq = new DcmSequenceOfItems(DCM_ModalityLUTSequence);
if (dseq)
{
@@ -104,8 +113,10 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
delem = new DcmLongString(modalityLUTType);
if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else result=EC_MemoryExhausted;
if (modalityLUTExplanation.getLength() >0)
---- dcmtk.orig/dcmpstat/libsrc/dvpspl.cc
-+++ dcmtk/dcmpstat/libsrc/dvpspl.cc
+diff --git a/dcmpstat/libsrc/dvpspl.cc b/dcmpstat/libsrc/dvpspl.cc
+index ec4cccf97..f5574ab33 100644
+--- a/dcmpstat/libsrc/dvpspl.cc
++++ b/dcmpstat/libsrc/dvpspl.cc
@@ -1,6 +1,6 @@
/*
*
@@ -122,7 +133,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
#include "dcmtk/dcmpstat/dvpspl.h"
#include "dcmtk/dcmpstat/dvpsdef.h" /* for constants and macros */
#include "dcmtk/dcmnet/dimse.h"
-@@ -79,29 +80,36 @@
+@@ -79,29 +80,36 @@ OFCondition DVPSPresentationLUT::read(DcmItem &dset, OFBool withSOPInstance)
if (result==EC_Normal)
{
stack.clear();
@@ -166,7 +177,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
} else {
result=EC_TagNotFound;
-@@ -187,10 +195,16 @@
+@@ -187,10 +195,16 @@ OFCondition DVPSPresentationLUT::write(DcmItem &dset, OFBool withSOPInstance)
dseq = new DcmSequenceOfItems(DCM_PresentationLUTSequence);
if (dseq)
{
@@ -185,8 +196,10 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
if (presentationLUTExplanation.getLength() >0)
{
delem = new DcmLongString(presentationLUTExplanation);
---- dcmtk.orig/dcmpstat/libsrc/dvpssv.cc
-+++ dcmtk/dcmpstat/libsrc/dvpssv.cc
+diff --git a/dcmpstat/libsrc/dvpssv.cc b/dcmpstat/libsrc/dvpssv.cc
+index 8e3d49bd4..4a7fd0e30 100644
+--- a/dcmpstat/libsrc/dvpssv.cc
++++ b/dcmpstat/libsrc/dvpssv.cc
@@ -1,6 +1,6 @@
/*
*
@@ -203,7 +216,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
#include "dcmtk/dcmpstat/dvpssv.h"
#include "dcmtk/dcmpstat/dvpsri.h" /* for DVPSReferencedImage */
#include "dcmtk/dcmpstat/dvpsrsl.h" /* DVPSReferencedSeries_PList */
-@@ -75,29 +76,36 @@
+@@ -75,29 +76,36 @@ OFCondition DVPSSoftcopyVOI::read(DcmItem &dset)
if (result==EC_Normal)
{
stack.clear();
@@ -247,7 +260,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
} else {
result=EC_TagNotFound;
-@@ -177,10 +185,16 @@
+@@ -177,10 +185,16 @@ OFCondition DVPSSoftcopyVOI::write(DcmItem &dset)
dseq = new DcmSequenceOfItems(DCM_VOILUTSequence);
if (dseq)
{
@@ -266,18 +279,22 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
if (voiLUTExplanation.getLength() >0)
{
delem = new DcmLongString(voiLUTExplanation);
---- dcmtk.orig/dcmpstat/libsrc/dvpssvl.cc
-+++ dcmtk/dcmpstat/libsrc/dvpssvl.cc
-@@ -72,7 +72,7 @@
+diff --git a/dcmpstat/libsrc/dvpssvl.cc b/dcmpstat/libsrc/dvpssvl.cc
+index 79a239438..27a40f587 100644
+--- a/dcmpstat/libsrc/dvpssvl.cc
++++ b/dcmpstat/libsrc/dvpssvl.cc
+@@ -71,8 +71,8 @@ OFCondition DVPSSoftcopyVOI_PList::read(DcmItem &dset)
+ DVPSSoftcopyVOI *newImage = NULL;
DcmSequenceOfItems *dseq=NULL;
DcmItem *ditem=NULL;
-
+-
- if (EC_Normal == dset.search(DCM_SoftcopyVOILUTSequence, stack, ESM_fromHere, OFFalse))
++
+ if (EC_Normal == dset.search(DCM_SoftcopyVOILUTSequence, stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
{
dseq=(DcmSequenceOfItems *)stack.top();
if (dseq)
-@@ -248,29 +248,36 @@
+@@ -248,29 +248,36 @@ OFCondition DVPSSoftcopyVOI_PList::createFromImage(
if (result==EC_Normal)
{
stack.clear();
@@ -303,15 +320,17 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
+
stack.clear();
- if (EC_Normal == item->search((DcmTagKey &)voiLUTExplanation.getTag(),
+- if (EC_Normal == item->search((DcmTagKey &)voiLUTExplanation.getTag(),
- stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == item->search((DcmTagKey &)voiLUTExplanation.getTag(),
+ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_LO))
{
voiLUTExplanation = *((DcmLongString *)(stack.top()));
}
stack.clear();
- if (EC_Normal == item->search((DcmTagKey &)voiLUTData.getTag(),
+- if (EC_Normal == item->search((DcmTagKey &)voiLUTData.getTag(),
- stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == item->search((DcmTagKey &)voiLUTData.getTag(),
+ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_US || stack.top()->ident() == EVR_OW))
{
- voiLUTData = *((DcmUnsignedShort *)(stack.top()));
@@ -321,17 +340,11 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
}
} else result=EC_TagNotFound;
}
---- dcmtk.orig/dcmpstat/libsrc/dvpstat.cc
-+++ dcmtk/dcmpstat/libsrc/dvpstat.cc
-@@ -1,6 +1,6 @@
- /*
- *
-- * Copyright (C) 1998-2021, OFFIS e.V.
-+ * Copyright (C) 1998-2024, OFFIS e.V.
- * All rights reserved. See COPYRIGHT file for details.
- *
- * This software and supporting documentation were developed by
-@@ -578,14 +578,14 @@
+diff --git a/dcmpstat/libsrc/dvpstat.cc b/dcmpstat/libsrc/dvpstat.cc
+index ce2f5ad5f..d1a45aded 100644
+--- a/dcmpstat/libsrc/dvpstat.cc
++++ b/dcmpstat/libsrc/dvpstat.cc
+@@ -578,14 +578,14 @@ OFCondition DVPresentationState::attachImage(DcmDataset *dataset, OFBool transfe
currentImageSelectedFrame = 1; // default: first frame
// get Modality
@@ -348,7 +361,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
{
DcmCodeString *photometricInterpretation = (DcmCodeString *)(stack.top());
if (photometricInterpretation->getVM() == 1)
-@@ -598,12 +598,12 @@
+@@ -598,12 +598,12 @@ OFCondition DVPresentationState::attachImage(DcmDataset *dataset, OFBool transfe
stack.clear();
// get SOP class UID and SOP instance UID.
@@ -363,7 +376,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
{
result = ((DcmUniqueIdentifier *)(stack.top()))->getString(currentImageSOPInstanceUID);
}
-@@ -1124,40 +1124,36 @@
+@@ -1124,40 +1124,36 @@ OFCondition DVPresentationState::setGammaVOILUT(double gammaValue, DVPSObjectApp
numEntries16 = (Uint16)numberOfEntries;
/* LUT Descriptor */
@@ -427,7 +440,7 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
if (lutData != NULL)
status = lutData->putUint16Array(data, numberOfEntries);
else
-@@ -1186,15 +1182,14 @@
+@@ -1186,15 +1182,14 @@ OFCondition DVPresentationState::setGammaVOILUT(double gammaValue, DVPSObjectApp
if (status == EC_Normal)
{
if ((lutDescriptor != NULL) && (lutData != NULL) && (lutExplanation != NULL))
@@ -445,9 +458,11 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
delete[] data;
}
return status;
---- dcmtk.orig/dcmpstat/libsrc/dvpsvl.cc
-+++ dcmtk/dcmpstat/libsrc/dvpsvl.cc
-@@ -59,9 +59,24 @@
+diff --git a/dcmpstat/libsrc/dvpsvl.cc b/dcmpstat/libsrc/dvpsvl.cc
+index b10b83f20..fdba0a0e0 100644
+--- a/dcmpstat/libsrc/dvpsvl.cc
++++ b/dcmpstat/libsrc/dvpsvl.cc
+@@ -59,9 +59,24 @@ OFCondition DVPSVOILUT::read(DcmItem &dset)
OFCondition result = EC_Normal;
DcmStack stack;
@@ -474,3 +489,6 @@ Description: Fixed unchecked typecasts and fixed LUT handling.
if (EC_Normal == result)
{
+--
+2.30.2
+
=====================================
debian/patches/0014-CVE-2024-28130_3.patch → debian/patches/0003-Fixed-wrong-error-handling-previous-commit.patch
=====================================
@@ -1,35 +1,42 @@
-Applied-Upstream: 7d54f8efec995e5601d089fa17b0625c2b41af23
-Author: Joerg Riesmeier <dicom at jriesmeier.com>
-Reviewed-By: Étienne Mollier <emollier at debian.org>
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070207
-Last-Update: 2025-02-11
-Description: Fixed wrong error handling (previous commit).
- Fixed wrong error handling introduced with the previous commit.
+>From 9ecec7671ded01648354e617972d0f1f9a9576b9 Mon Sep 17 00:00:00 2001
+From: Joerg Riesmeier <dicom at jriesmeier.com>
+Date: Mon, 22 Apr 2024 12:11:11 +0200
+Subject: Fixed wrong error handling (previous commit).
---- dcmtk.orig/dcmrt/libsrc/drttypes.cc
-+++ dcmtk/dcmrt/libsrc/drttypes.cc
-@@ -210,11 +210,11 @@
+Fixed wrong error handling introduced with the previous commit.
+---
+ dcmrt/libsrc/drttypes.cc | 6 +++---
+ dcmsr/libsrc/dsrtypes.cc | 32 ++++++++++++++++++++------------
+ 2 files changed, 23 insertions(+), 15 deletions(-)
+
+diff --git a/dcmrt/libsrc/drttypes.cc b/dcmrt/libsrc/drttypes.cc
+index 456378a3a..d8d2860b4 100644
+--- a/dcmrt/libsrc/drttypes.cc
++++ b/dcmrt/libsrc/drttypes.cc
+@@ -210,11 +210,11 @@ OFCondition DRTTypes::getAndCheckStringValueFromDataset(DcmItem &dataset,
{
DcmStack stack;
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
-- if (result.good() && stack.top()->isElement())
+- if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ if (result.good())
{
- DcmElement *element = OFstatic_cast(DcmElement *, stack.top());
- if (element != NULL)
-+ if (stack.top()->isElement())
++ if (dynamic_cast<DcmElement*>(stack.top()) != nullptr)
{
+ DcmElement *element = OFstatic_cast(DcmElement *, stack.top());
if (checkElementValue(*element, vm, type, result, moduleName))
result = element->getOFString(stringValue, 0);
else
---- dcmtk.orig/dcmsr/libsrc/dsrtypes.cc
-+++ dcmtk/dcmsr/libsrc/dsrtypes.cc
-@@ -1176,13 +1176,17 @@
+diff --git a/dcmsr/libsrc/dsrtypes.cc b/dcmsr/libsrc/dsrtypes.cc
+index da92280ff..9b4e50ff8 100644
+--- a/dcmsr/libsrc/dsrtypes.cc
++++ b/dcmsr/libsrc/dsrtypes.cc
+@@ -1176,13 +1176,17 @@ OFCondition DSRTypes::getAndCheckElementFromDataset(DcmItem &dataset,
DcmStack stack;
const DcmTagKey tagKey = delem.getTag();
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
-- if (result.good() && stack.top()->isElement())
+- if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ if (result.good())
{
- /* copy object from search stack */
@@ -37,7 +44,7 @@ Description: Fixed wrong error handling (previous commit).
- /* we need a reference to the original element in order to determine the SpecificCharacterSet */
- if (!checkElementValue(OFstatic_cast(DcmElement *, stack.top()), tagKey, vm, type, result, moduleName, acceptViolation))
- result = SR_EC_InvalidValue;
-+ if (stack.top()->isElement())
++ if (dynamic_cast<DcmElement*>(stack.top()) != nullptr)
+ {
+ /* copy object from search stack */
+ result = delem.copyFrom(*stack.top());
@@ -49,11 +56,11 @@ Description: Fixed wrong error handling (previous commit).
}
/* the element could not be found in the dataset */
else if (!checkElementValue(delem, vm, type, result, moduleName, acceptViolation))
-@@ -1201,13 +1205,17 @@
+@@ -1201,13 +1205,17 @@ OFCondition DSRTypes::getAndCheckStringValueFromDataset(DcmItem &dataset,
{
DcmStack stack;
OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse /*searchIntoSub*/);
-- if (result.good() && stack.top()->isElement())
+- if (result.good() && (dynamic_cast<DcmElement*>(stack.top()) != nullptr))
+ if (result.good())
{
- DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
@@ -61,7 +68,7 @@ Description: Fixed wrong error handling (previous commit).
- if (!checkElementValue(delem, tagKey, vm, type, result, moduleName, acceptViolation))
- result = SR_EC_InvalidValue;
- delem->getOFString(stringValue, 0);
-+ if (stack.top()->isElement())
++ if (dynamic_cast<DcmElement*>(stack.top()) != nullptr)
+ {
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+ /* we need a reference to the original element in order to determine the SpecificCharacterSet */
@@ -73,3 +80,6 @@ Description: Fixed wrong error handling (previous commit).
} else {
if ((type == "1") || (type == "2"))
{
+--
+2.30.2
+
=====================================
debian/patches/series
=====================================
@@ -15,6 +15,6 @@ c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch
0009-CVE-2024-27628.patch
0010-CVE-2024-34508-34509.patch
0011-CVE-2024-34508-34509_bis.patch
-0012-CVE-2024-28130_1.patch
-0013-CVE-2024-28130_2.patch
-0014-CVE-2024-28130_3.patch
+0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
+0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
+0003-Fixed-wrong-error-handling-previous-commit.patch
View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/8781a6c9b19834138c320ac6a87304ffaf26c0b6...9197baff3767c4a91ff16e30dafdcf09d7001ceb
--
View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/8781a6c9b19834138c320ac6a87304ffaf26c0b6...9197baff3767c4a91ff16e30dafdcf09d7001ceb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20250213/a0608ec9/attachment-0001.htm>
More information about the debian-med-commit
mailing list