[Debian-med-packaging] conquest-dicom-server_1.14.16-1_amd64.changes REJECTED
Luca Falavigna
ftpmaster at debian.org
Fri Jul 27 18:54:13 UTC 2012
Hi,
some issues discovered by one of our tireless trainees:
- Short description merely repeats the package name.
- License file: license for debian/* mentions "same as above", which is
confusing, and I don't think you mean the libjpeg license.
- Everything is installed in /usr/lib, which appears to be wrong. The binary
called dgate should go to /usr/lib/cgi-bin (even upstream installs it there),
the configuration file dicom.ini should go to /etc, sample.cq should go to
/usr/share/doc/conquest-dicom-server/examples, and the rest to /usr/share.
- conquest-dicom-server-1.14.16/jpeg_encoder.cpp has different authors and
different coding style than other source files in that directory. No mention
of a license. Authors not mentioned in debian/copyright.
- Cppcheck shows a number of errors, including buffer overruns, mismatched
new[]/delete, dangerous use of strncpy(). Since this is run as a CGI server,
these things could be exploited by remote users.
[./device.cpp:778]: (error) Dangerous usage of 's' (strncpy doesn't always 0-terminate it)
[./dgate.cpp:16228]: (error) Uninitialized variable: format
[./dgate.cpp:5306]: (error) Array 'items[4]' index 4 out of bounds
[./dgate.cpp:5560]: (error) Uninitialized variable: owned
[./nkiqrsop.cpp:5406]: (error) Uninitialized variable: buffer
[./rtc.cxx:608]: (error) Mismatching allocation and deallocation: StringTable
[./rtc.cxx:673]: (error) Mismatching allocation and deallocation: StringTable
[./rtc.cxx:774]: (error) Mismatching allocation and deallocation: StringTable
[buffer.cxx:433]: (error) Mismatching allocation and deallocation: Data
[device.cpp:247]: (error) Array 'PID[255]' index 255 out of bounds
[device.cpp:2748]: (error) Array 'PatientID[255]' index 255 out of bounds
[device.cpp:778]: (error) Dangerous usage of 's' (strncpy doesn't always 0-terminate it)
[dgate.cpp:10309]: (error) Possible null pointer dereference: IPCBlockPtrInstance
[dgate.cpp:16228]: (error) Uninitialized variable: format
[dgate.cpp:5306]: (error) Array 'items[4]' index 4 out of bounds
[dgate.cpp:5560]: (error) Uninitialized variable: owned
[rtc.cxx:608]: (error) Mismatching allocation and deallocation: StringTable
[rtc.cxx:673]: (error) Mismatching allocation and deallocation: StringTable
[rtc.cxx:774]: (error) Mismatching allocation and deallocation: StringTable
Cheers,
Luca
===
Please feel free to respond to this email if you don't understand why
your files were rejected, or if you upload new files which address our
concerns.
More information about the Debian-med-packaging
mailing list