From b741059549e4fad68431d45c1bdf9a200b6a8d66 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 20 Jul 2021 23:49:38 +0100
Subject: [PATCH] Detect malformed --dhcp-relay option.

Spotted by Max Julian Hofmann and the Advanced Research Team at CrowdStrike
---
 src/option.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/option.c b/src/option.c
index e52c880..4c3df8a 100644
--- a/src/option.c
+++ b/src/option.c
@@ -4183,13 +4183,13 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	comma = split(arg);
 	new->interface = opt_string_alloc(split(comma));
 	new->iface_index = 0;
-	if (inet_pton(AF_INET, arg, &new->local) && inet_pton(AF_INET, comma, &new->server))
+	if (comma && inet_pton(AF_INET, arg, &new->local) && inet_pton(AF_INET, comma, &new->server))
 	  {
 	    new->next = daemon->relay4;
 	    daemon->relay4 = new;
 	  }
 #ifdef HAVE_DHCP6
-	else if (inet_pton(AF_INET6, arg, &new->local) && inet_pton(AF_INET6, comma, &new->server))
+	else if (comma && inet_pton(AF_INET6, arg, &new->local) && inet_pton(AF_INET6, comma, &new->server))
 	  {
 	    new->next = daemon->relay6;
 	    daemon->relay6 = new;