fix matching for pattern lists that contain a single negated match,

e.g. "Host !example"

report and patch from Robin Becker. bz#1918 ok dtucker@

diff --git a/usr.bin/ssh/match.c b/usr.bin/ssh/match.c
index cf4b2f4..1f0b018 100644 (file)
--- a/usr.bin/ssh/match.c
+++ b/usr.bin/ssh/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.30 2015/05/04 06:10:48 djm Exp $ */
+/* $OpenBSD: match.c,v 1.31 2016/08/23 03:22:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -156,7 +156,8 @@ match_pattern_list(const char *string, const char *pattern, int dolower)
                                return -1;              /* Negative */
                        else
                                got_positive = 1;       /* Positive */
-               }
+               } else if (negated)
+                       got_positive = 1;
        }
 
        /*