- djm@cvs.openbsd.org 2014/02/22 01:32:19

[readconf.c] when processing Match blocks, skip 'exec' clauses if previous predicates failed to match; ok markus@
2014-02-24 15:56:45 +11:00 · 2014-02-24 15:56:45 +11:00 · 0628780abe
parent 0890dc8191
commit 0628780abe
2 changed files with 25 additions and 13 deletions
--- a/7
+++ b/7
@ -8,9 +8,10 @@
     [channels.c]
     avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
     bz#2200, debian#738692 via Colin Watson; ok dtucker@
-
-20140221
- - (tim) [configure.ac]  Fix cut-and-paste error. Patch from Bryan Drewery.
+   - djm@cvs.openbsd.org 2014/02/22 01:32:19
+     [readconf.c]
+     when processing Match blocks, skip 'exec' clauses if previous predicates
+     failed to match; ok markus@

 20140213
 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]  Add compat
--- a/readconf.c
+++ b/readconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.216 2014/01/29 06:18:35 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.217 2014/02/22 01:32:19 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -537,16 +537,27 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 			    "r", ruser,
 			    "u", pw->pw_name,
 			    (char *)NULL);
-			r = execute_in_shell(cmd);
-			if (r == -1) {
-				fatal("%.200s line %d: match exec '%.100s' "
-				    "error", filename, linenum, cmd);
-			} else if (r == 0) {
-				debug("%.200s line %d: matched "
-				    "'exec \"%.100s\"' ",
+			if (result != 1) {
+				/* skip execution if prior predicate failed */
+				debug("%.200s line %d: skipped exec \"%.100s\"",
 				    filename, linenum, cmd);
-			} else
-				result = 0;
+			} else {
+				r = execute_in_shell(cmd);
+				if (r == -1) {
+					fatal("%.200s line %d: match exec "
+					    "'%.100s' error", filename,
+					    linenum, cmd);
+				} else if (r == 0) {
+					debug("%.200s line %d: matched "
+					    "'exec \"%.100s\"'", filename,
+					    linenum, cmd);
+				} else {
+					debug("%.200s line %d: no match "
+					    "'exec \"%.100s\"'", filename,
+					    linenum, cmd);
+					result = 0;
+				}
+			}
 			free(cmd);
 		} else {
 			error("Unsupported Match attribute %s", attrib);