From 76e70ad6816f1f9cac392102dfc1ba93d9c8a09a Mon Sep 17 00:00:00 2001
From: aled-ua <bugbuster.cc@gmail.com>
Date: Tue, 24 Dec 2024 07:58:48 +0000
Subject: [PATCH] Fix vuln OSV-2024-352

---
 3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c b/3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c
index bb8fdc2919..e4a6e8f511 100644
--- a/3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c
+++ b/3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng.c
@@ -55,6 +55,10 @@ static struct _light_option *__parse_options(uint32_t **memory, const int32_t ma
 
       if (actual_length > 0) {
          opt->data = calloc(1, actual_length);
+          if (opt->data == NULL || actual_length > max_len) {
+              free(opt);
+              return NULL;
+          }
          memcpy(opt->data, local_memory, actual_length);
          local_memory += (sizeof(**memory) / sizeof(*local_memory)) * (actual_length / alignment);
       }
@@ -330,6 +334,10 @@ void light_read_record(light_file fd, light_pcapng *record)
 
    //Pull out the block contents from the file
    const uint32_t bytesToRead = current->block_total_length - 2 * sizeof(blockSize) - sizeof(blockType);
+    if (bytesToRead > current->block_total_length || bytesToRead > 65536) {
+        free(current);
+        return;
+    }
    uint32_t *local_data = calloc(bytesToRead, 1);
    bytesRead = light_read(fd, local_data, bytesToRead);
    if (bytesRead != bytesToRead || (bytesRead == EOF && feof(fd->file)))