Fix vuln crash-7d18f37e1f05e0ff4aa4dfa2f67dd738340ad9cf

oss-patch · oss-patch · commit 8d546b1f6698 · 2024-12-24T07:57:53.000Z
diff --git a/3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c b/3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c
@@ -49,13 +49,24 @@ static struct _light_option *__parse_options(uint32_t **memory, const int32_t ma
       opt->custom_option_code = *local_memory++;
       opt->option_length = *local_memory++;
 
+      // Validate option_length
+      if (opt->option_length > max_len - 2 * sizeof(*local_memory)) {
+          free(opt);
+          return NULL;
+      }
+
       actual_length = (opt->option_length % alignment) == 0 ?
             opt->option_length :
             (opt->option_length / alignment + 1) * alignment;
 
       if (actual_length > 0) {
          opt->data = calloc(1, actual_length);
-         memcpy(opt->data, local_memory, actual_length);
+         if (actual_length <= max_len - 2 * sizeof(*local_memory)) {
+             memcpy(opt->data, local_memory, actual_length);
+         } else {
+             free(opt->data);
+             opt->data = NULL;
+         }
          local_memory += (sizeof(**memory) / sizeof(*local_memory)) * (actual_length / alignment);
       }
 
