From: djm@openbsd.org <djm@openbsd.org>
Date: Tue, 23 Aug 2016 03:24:10 +0000 (+0000)
Subject: upstream commit
X-Git-Tag: V_7_4_P1~143
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc182d01cef8ca35a1d25ea9bf4e2ff72e588208;p=thirdparty%2Fopenssh-portable.git

upstream commit

fix negated address matching where the address list
consists of a single negated match, e.g. "Match addr !192.20.0.1"

Report and patch from Jakub Jelen. bz#2397 ok dtucker@

Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8
---

diff --git a/addrmatch.c b/addrmatch.c
index 70b050e05..6a7ab7d41 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.11 2016/08/23 03:24:10 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -411,7 +411,8 @@ addr_match_list(const char *addr, const char *_list)
 					break;
 				}
 				ret = 1;
-			}
+			} else if (neg)
+				ret = 1;
 			continue;
 		} else {
 			/* If CIDR parse failed, try wildcard string match */