The "wtap_block_foreach_option" function on wiretap/file_access.c:2693 has a SEGV vulnerability.

Hi, we found one crash in Editcap (Wireshark) 4.2.4 which is the latest version. To assist in diagnosing and resolving these issues, we have attached the POC files along with the asan logs.

Environment: Linux 4f6b99b5cf37 6.2.0-35-generic #35~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Oct 6 10:23:26 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

Command and args: ./editcap --inject-secrets tls,./secrets.txt -E 0.01 -c 100 poc3 /tmp/outfile_00000.pcapng

asan log:

==229685==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7ffff7402605 bp 0x611000001d00 sp 0x7fffffffd650 T0)
==229685==The signal is caused by a READ memory access.
==229685==Hint: address points to the zero page.
    #0 0x7ffff7402604 in wtap_block_foreach_option /root/wireshark-4.2.4/wiretap/wtap_opttypes.c:604
    #1 0x7ffff73d1a7c in compute_options_size /root/wireshark-4.2.4/wiretap/pcapng.c:4501
    #2 0x7ffff73d72f9 in pcapng_write_enhanced_packet_block /root/wireshark-4.2.4/wiretap/pcapng.c:5275
    #3 0x7ffff73d72f9 in pcapng_dump /root/wireshark-4.2.4/wiretap/pcapng.c:6496
    #4 0x7ffff73d72f9 in pcapng_dump /root/wireshark-4.2.4/wiretap/pcapng.c:6471
    #5 0x555555563215 in main /root/wireshark-4.2.4/editcap.c:2393
    #6 0x7ffff6e20082 in __libc_start_main ../csu/libc-start.c:308
    #7 0x5555555674dd in _start (/root/wireshark-4.2.4/build_asan/bin/editcap+0x134dd)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/wireshark-4.2.4/wiretap/wtap_opttypes.c:604 in wtap_block_foreach_option

poc3.zip

Credit by: Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.