upstream commit

Revert two recent changes to negated address matching. The new behaviour offers unintuitive surprises. We'll find a better way to deal with single negated matches. match.c 1.31: > fix matching for pattern lists that contain a single negated match, > e.g. "Host !example" > > report and patch from Robin Becker. bz#1918 ok dtucker@ addrmatch.c 1.11: > fix negated address matching where the address list consists of a > single negated match, e.g. "Match addr !192.20.0.1" > > Report and patch from Jakub Jelen. bz#2397 ok dtucker@ Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6
openssh · Sep 21, 2016 · a5ad3a9 · a5ad3a9
1 parent 119b7a2
commit a5ad3a9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/addrmatch.c b/addrmatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.12 2016/08/23 08:17:42 djm Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.13 2016/09/21 16:55:42 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -411,8 +411,7 @@ addr_match_list(const char *addr, const char *_list)
 					break;
 				}
 				ret = 1;
-			} else if (neg)
-				ret = 1;
+			}
 			continue;
 		} else {
 			/* If CIDR parse failed, try wildcard string match */

diff --git a/match.c b/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.31 2016/08/23 03:22:49 djm Exp $ */
+/* $OpenBSD: match.c,v 1.32 2016/09/21 16:55:42 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -158,8 +158,7 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
 				return -1;		/* Negative */
 			else
 				got_positive = 1;	/* Positive */
-		} else if (negated)
-			got_positive = 1;
+		}
 	}
 
 	/*