pam_login_access: Fix negative entry matching logic

PR: 252194 Approved by: so Security: CVE-2020-25580 Security: FreeBSD-SA-21:03.pam_login_access
2021-02-23 17:01:29 -05:00 · 2021-02-23 17:01:29 -05:00 · 6ab923cbca
commit 6ab923cbca
parent 6d67af5f8e
1 changed files with 3 additions and 3 deletions
--- a/lib/libpam/modules/pam_login_access/login_access.c
+++ b/lib/libpam/modules/pam_login_access/login_access.c
@ -137,10 +137,10 @@ list_match(char *list, const char *item,
    if (match != NO) {
 	while ((tok = strtok((char *) 0, listsep)) && strcmp(tok, "EXCEPT")) {
 	     /* VOID */ ;
-	    if (tok == NULL || list_match((char *) 0, item, match_fn,
-		login_access_opts) == NO) {
+	}
+	if (tok == NULL ||
+	    list_match((char *) 0, item, match_fn, login_access_opts) == NO) {
 		return (match);
-	    }
 	}
    }
    return (NO);