From cc182d01cef8ca35a1d25ea9bf4e2ff72e588208 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 23 Aug 2016 03:24:10 +0000
Subject: upstream commit

fix negated address matching where the address list
consists of a single negated match, e.g. "Match addr !192.20.0.1"

Report and patch from Jakub Jelen. bz#2397 ok dtucker@

Upstream-ID: 01dcac3f3e6ca47518cf293e31c73597a4bb40d8
---
 addrmatch.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'addrmatch.c')

diff --git a/addrmatch.c b/addrmatch.c
index 70b050e05..6a7ab7d41 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.11 2016/08/23 03:24:10 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -411,7 +411,8 @@ addr_match_list(const char *addr, const char *_list)
 					break;
 				}
 				ret = 1;
-			}
+			} else if (neg)
+				ret = 1;
 			continue;
 		} else {
 			/* If CIDR parse failed, try wildcard string match */
-- 
cgit v1.2.3