upstream: make "Match !final" not trigger a 2nd pass ssh_config

parsing pass (unless hostname canonicalisation or a separate "Match final"
does). bz3843

ok dtucker@

OpenBSD-Commit-ID: ce82b6034828888f0f3f1c812e08f5e87400d802

diff --git a/readconf.c b/readconf.c
index a56cbe0da7d04925d34099274acb88499bcf25fa..97f34abff1088186abf30c00af9d7b59d89c3f69 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.399 2025/05/06 05:40:56 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.400 2025/06/24 09:22:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -768,12 +768,13 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
                if (strcasecmp(attrib, "canonical") == 0 ||
                    strcasecmp(attrib, "final") == 0) {
                        /*
-                        * If the config requests "Match final" then remember
-                        * this so we can perform a second pass later.
+                        * If the config requests "Match final" without
+                        * negation then remember this so we can perform a
+                        * second pass later.
                         */
                        if (strcasecmp(attrib, "final") == 0 &&
                            want_final_pass != NULL)
-                               *want_final_pass = 1;
+                               *want_final_pass |= !negate;
                        r = !!final_pass;  /* force bitmask member to boolean */
                        if (r == (negate ? 1 : 0))
                                this_result = result = 0;