From ddc70170989aeb226b19a48cbd1952f7d278ba28 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Tue, 23 Aug 2016 03:24:10 +0000
Subject: [PATCH] fix negated address matching where the address list consists
 of a single negated match, e.g. "Match addr !192.20.0.1"

Report and patch from Jakub Jelen. bz#2397 ok dtucker@
---
 usr.bin/ssh/addrmatch.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/usr.bin/ssh/addrmatch.c b/usr.bin/ssh/addrmatch.c
index 10c3fda4588..1b86f6fd0a0 100644
--- a/usr.bin/ssh/addrmatch.c
+++ b/usr.bin/ssh/addrmatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.10 2015/07/08 19:04:21 markus Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.11 2016/08/23 03:24:10 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -407,7 +407,8 @@ addr_match_list(const char *addr, const char *_list)
 					break;
 				}
 				ret = 1;
-			}
+			} else if (neg)
+				ret = 1;
 			continue;
 		} else {
 			/* If CIDR parse failed, try wildcard string match */
-- 
2.20.1