[openssh-commits] [openssh] 04/04: upstream: make "Match !final" not trigger a 2nd pass ssh_config

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 688fa02728f2efbf18388bc1a8e94e7ba7ee4f11
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Tue Jun 24 09:22:03 2025 +0000

    upstream: make "Match !final" not trigger a 2nd pass ssh_config
    
    parsing pass (unless hostname canonicalisation or a separate "Match final"
    does). bz3843
    
    ok dtucker@
    
    OpenBSD-Commit-ID: ce82b6034828888f0f3f1c812e08f5e87400d802
---
 readconf.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/readconf.c b/readconf.c
index a56cbe0da..97f34abff 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.399 2025/05/06 05:40:56 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.400 2025/06/24 09:22:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -768,12 +768,13 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
 		if (strcasecmp(attrib, "canonical") == 0 ||
 		    strcasecmp(attrib, "final") == 0) {
 			/*
-			 * If the config requests "Match final" then remember
-			 * this so we can perform a second pass later.
+			 * If the config requests "Match final" without
+			 * negation then remember this so we can perform a
+			 * second pass later.
 			 */
 			if (strcasecmp(attrib, "final") == 0 &&
 			    want_final_pass != NULL)
-				*want_final_pass = 1;
+				*want_final_pass |= !negate;
 			r = !!final_pass;  /* force bitmask member to boolean */
 			if (r == (negate ? 1 : 0))
 				this_result = result = 0;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.