From cbd984287f11eddb77a58bd4e07eb1b7c1e3edf3 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Tue, 20 Jul 2021 23:45:36 +0100
Subject: [PATCH] Fix argument checking for --dhcp-match.

Spotted by Max Julian Hofmann and the Advanced Research Team at CrowdStrike
---
 src/option.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/option.c b/src/option.c
index ca8563a..e52c880 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1188,11 +1188,15 @@ static int parse_dhcp_opt(char *errstr, char *arg, int flags)
 	{
 	  new->u.vendor_class = (unsigned char *)opt_string_alloc(arg+7);
 	  new->flags |= DHOPT_VENDOR;
+	  if ((new->flags & DHOPT_ENCAPSULATE) || flags == DHOPT_MATCH)
+	    goto_err(_("inappropriate vendor:"));
 	}
       else if (strstr(arg, "encap:") == arg)
 	{
 	  new->u.encap = atoi(arg+6);
 	  new->flags |= DHOPT_ENCAPSULATE;
+	  if ((new->flags & DHOPT_VENDOR) || flags == DHOPT_MATCH)
+	    goto_err(_("inappropriate encap:"));
 	}
       else if (strstr(arg, "vi-encap:") == arg)
 	{