From: djm@openbsd.org Date: Wed, 21 Sep 2016 16:55:42 +0000 (+0000) Subject: upstream commit X-Git-Tag: V_7_4_P1~100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a5ad3a9db5a48f350f257a67b62fafd719ecb7e0;p=thirdparty%2Fopenssh-portable.git upstream commit Revert two recent changes to negated address matching. The new behaviour offers unintuitive surprises. We'll find a better way to deal with single negated matches. match.c 1.31: > fix matching for pattern lists that contain a single negated match, > e.g. "Host !example" > > report and patch from Robin Becker. bz#1918 ok dtucker@ addrmatch.c 1.11: > fix negated address matching where the address list consists of a > single negated match, e.g. "Match addr !192.20.0.1" > > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6 --- diff --git a/addrmatch.c b/addrmatch.c index cba1854ec..8658e105a 100644 --- a/addrmatch.c +++ b/addrmatch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.12 2016/08/23 08:17:42 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.13 2016/09/21 16:55:42 djm Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -411,8 +411,7 @@ addr_match_list(const char *addr, const char *_list) break; } ret = 1; - } else if (neg) - ret = 1; + } continue; } else { /* If CIDR parse failed, try wildcard string match */ diff --git a/match.c b/match.c index fd784ff14..b29a30e91 100644 --- a/match.c +++ b/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.31 2016/08/23 03:22:49 djm Exp $ */ +/* $OpenBSD: match.c,v 1.32 2016/09/21 16:55:42 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -158,8 +158,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower) return -1; /* Negative */ else got_positive = 1; /* Positive */ - } else if (negated) - got_positive = 1; + } } /*