fix a logic bug in ruleset matching that makes `from socket` rules possibly

crash depending on how the ruleset is crafted.

1 files changed, 6 insertions, 3 deletions

diff --git a/usr.sbin/smtpd/ruleset.c b/usr.sbin/smtpd/ruleset.c
index 0468ddb3dc7..db9d1aa57fe 100644
--- a/usr.sbin/smtpd/ruleset.c
+++ b/usr.sbin/smtpd/ruleset.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ruleset.c,v 1.45 2019/11/04 00:05:38 gilles Exp $ */
+/*	$OpenBSD: ruleset.c,v 1.46 2019/11/12 20:21:46 gilles Exp $ */
 
 /*
  * Copyright (c) 2009 Gilles Chehade <gilles@poolp.org>
@@ -84,9 +84,12 @@ ruleset_match_from(struct rule *r, const struct envelope *evp)
 	}
 	else {
 		key = ss_to_text(&evp->ss);
-		if (strcmp(key, "local") == 0)
-			if (r->flag_from_socket)
+		if (r->flag_from_socket) {
+			if (strcmp(key, "local") == 0)
 				return MATCH_RESULT(1, r->flag_from);
+			else
+				return r->flag_from < 0 ? 1 : 0;
+		}
 	}
 	if (r->flag_from_regex)
 		service = K_REGEX;