upstream commit

Revert two recent changes to negated address matching. The new behaviour offers unintuitive surprises. We'll find a better way to deal with single negated matches. match.c 1.31: > fix matching for pattern lists that contain a single negated match, > e.g. "Host !example" > > report and patch from Robin Becker. bz#1918 ok dtucker@ addrmatch.c 1.11: > fix negated address matching where the address list consists of a > single negated match, e.g. "Match addr !192.20.0.1" > > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6
author: djm@openbsd.org <djm@openbsd.org> 2016-09-21 18:55:42 +0200
committer: Damien Miller <djm@mindrot.org> 2016-09-21 19:14:59 +0200
commit: a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 (patch)
tree: 842a9d9504bbdb2b341019b52827656f7e34e3fc /addrmatch.c
parent: upstream commit (diff)
download: openssh-a5ad3a9db5a48f350f257a67b62fafd719ecb7e0.tar.xz
openssh-a5ad3a9db5a48f350f257a67b62fafd719ecb7e0.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/addrmatch.c b/addrmatch.c
index cba1854ec..8658e105a 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.12 2016/08/23 08:17:42 djm Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.13 2016/09/21 16:55:42 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -411,8 +411,7 @@ addr_match_list(const char *addr, const char *_list)
 					break;
 				}
 				ret = 1;
-			} else if (neg)
-				ret = 1;
+			}
 			continue;
 		} else {
 			/* If CIDR parse failed, try wildcard string match */
author	djm@openbsd.org <djm@openbsd.org>	2016-09-21 18:55:42 +0200
committer	Damien Miller <djm@mindrot.org>	2016-09-21 19:14:59 +0200
commit	a5ad3a9db5a48f350f257a67b62fafd719ecb7e0 (patch)
tree	842a9d9504bbdb2b341019b52827656f7e34e3fc /addrmatch.c
parent	upstream commit (diff)
download	openssh-a5ad3a9db5a48f350f257a67b62fafd719ecb7e0.tar.xz openssh-a5ad3a9db5a48f350f257a67b62fafd719ecb7e0.zip