Properly check the return status of sock_check_hostlist().

It's not a boolean with 0 meaning "host not authorized" and 1 meaning
"host authorized"; it's negative if we shouldn't let them connect, with
-1 meaning "not in the host list" and -2 meaning "an error occurred in
the process of checking", and non-negative if we should let them
connect, with 0 meaning "they're in the host list" and 1 meaning "the
host list is empty, so we're letting everybody in".

1 files changed, 4 insertions, 4 deletions

diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 75d4ccca..b6e1de7c 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -149,7 +149,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
 	struct daemon_slpars pars;		// service loop parameters
 	char errbuf[PCAP_ERRBUF_SIZE + 1];	// keeps the error string, prior to be printed
 	char errmsgbuf[PCAP_ERRBUF_SIZE + 1];	// buffer for errors to send to the client
-	int host_port_ok;
+	int host_port_check_status;
 	SSL *ssl = NULL;
 	int nrecv;
 	struct rpcap_header header;		// RPCAP message general header
@@ -258,13 +258,13 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
 		//
 		// Are they in the list of host/port combinations we allow?
 		//
-		host_port_ok = (sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE) == 0);
+		host_port_check_status = sock_check_hostlist(passiveClients, RPCAP_HOSTLIST_SEP, &from, errmsgbuf, PCAP_ERRBUF_SIZE);
 		free(passiveClients);
 		passiveClients = NULL;
-		if (!host_port_ok)
+		if (host_port_check_status < 0)
 		{
 			//
-			// Sorry, you're not on the guest list.
+			// Sorry, we can't let you in.
 			//
 			if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_HOSTNOAUTH, errmsgbuf, errbuf) == -1)
 				rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);