When processing the format flags for a given option consume thev4_0

flag indicating an optional value correctly.  A symptom of this
bug was an infinite loop when trying to parse the slp-service-scope
option.  Thanks to a patch from Marius Tomaschewski.
[ISC-Bugs #22055]

2 files changed, 27 insertions, 2 deletions

diff --git a/RELNOTES b/RELNOTES
index 2e8f290f..4bbdd1db 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -67,6 +67,12 @@ suggested fixes to <dhcp-users@isc.org>.
   This was a security issue in 4.2.0 but is not in  4.0.x.
   [ISC-Bugs #22679]
 
+- When processing the format flags for a given option consume the
+  flag indicating an optional value correctly.  A symptom of this
+  bug was an infinite loop when trying to parse the slp-service-scope
+  option.  Thanks to a patch from Marius Tomaschewski.
+  [ISC-Bugs #22055]
+
 			Changes since 4.0.3rc1
 
 ! Handle a relay forward message with an unspecified address in the
@@ -2497,7 +2503,6 @@ suggested fixes to <dhcp-users@isc.org>.
 - Fix a bug in the DHCP client initial startup backoff interval, which
   would cause two DHCPDISCOVERS to be sent back-to-back on startup.
 
-
 	        Changes since 3.0 Beta 2 Patchlevel 15
 
 - Some documentation tweaks.
diff --git a/common/parse.c b/common/parse.c
index 36380c4d..4608de5f 100644
--- a/common/parse.c
+++ b/common/parse.c
@@ -4898,8 +4898,28 @@ struct option *option;
 		do {
 			if ((*fmt == 'A') || (*fmt == 'a'))
 				break;
-			if (*fmt == 'o')
+			if (*fmt == 'o') {
+				/* consume the optional flag */
+				fmt++;
 				continue;
+			}
+
+			if (fmt[1] == 'o') {
+				/*
+				 * A value for the current format is
+				 * optional - check to see if the next
+				 * token is a semi-colon if so we don't
+				 * need to parse it and doing so would
+				 * consume the semi-colon which our
+				 * caller is expecting to parse
+				 */
+				token = peek_token(&val, (unsigned *)0,
+						   cfile);
+				if (token == SEMI) {
+					fmt++;
+					continue;
+				}
+			}
 
 			tmp = *expr;
 			*expr = NULL;