===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- src/usr.bin/doas/doas.c	2022/12/22 19:53:22	1.98
+++ src/usr.bin/doas/doas.c	2024/02/15 18:57:58	1.99
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.98 2022/12/22 19:53:22 kn Exp $ */
+/* $OpenBSD: doas.c,v 1.99 2024/02/15 18:57:58 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -145,8 +145,10 @@
 			*lastr = rules[i];
 	}
 	if (!*lastr)
+		return -1;
+	if ((*lastr)->action == PERMIT)
 		return 0;
-	return (*lastr)->action == PERMIT;
+	return -1;
 }
 
 static void
@@ -181,6 +183,7 @@
     uid_t uid, gid_t *groups, int ngroups, uid_t target)
 {
 	const struct rule *rule;
+	int rv;
 
 	setresuid(uid, uid, uid);
 	if (pledge("stdio rpath getpw", NULL) == -1)
@@ -188,9 +191,9 @@
 	parseconfig(confpath, 0);
 	if (!argc)
 		exit(0);
-
-	if (permit(uid, groups, ngroups, &rule, target, argv[0],
-	    (const char **)argv + 1)) {
+	rv = permit(uid, groups, ngroups, &rule, target, argv[0],
+ 	    (const char **)argv + 1);
+	if (rv == 0) {
 		printf("permit%s\n", (rule->options & NOPASS) ? " nopass" : "");
 		exit(0);
 	} else {
@@ -412,8 +415,9 @@
 	}
 
 	cmd = argv[0];
-	if (!permit(uid, groups, ngroups, &rule, target, cmd,
-	    (const char **)argv + 1)) {
+	rv = permit(uid, groups, ngroups, &rule, target, cmd,
+	    (const char **)argv + 1);
+	if (rv != 0) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
 		    "command not permitted for %s: %s", mypw->pw_name, cmdline);
 		errc(1, EPERM, NULL);