Fix limits on reading user policy files.

[yaid] / yaid.c

diff --git a/yaid.c b/yaid.c
index 1dfa947..232a779 100644 (file)
--- a/yaid.c
+++ b/yaid.c
@@ -629,7 +629,7 @@ static void client_line(char *line, size_t len, void *p)
   struct policy upol = POLICY_INIT(A_LIMIT);
   struct policy_file pf;
   char buf[16];
-  int i;
+  int i, t;
 
   /* If the connection has closed, then tidy stuff away. */
   c->q.s[L].port = c->q.s[R].port = 0;
@@ -707,11 +707,11 @@ static void client_line(char *line, size_t len, void *p)
     dstr_putf(&d, "%s/.yaid.policy", pw->pw_dir);
     if (open_policy_file(&pf, d.buf, "user policy file", &c->q, OPF_NOENTOK))
       continue;
-    while (!read_policy_file(&pf)) {
+    while ((t = read_policy_file(&pf)) < T_ERROR) {
 
-      /* Give up after 100 lines.  If the user's policy is that complicated,
-       * something's gone very wrong.  Or there's too much commentary or
-       * something.
+      /* Give up after 100 lines or if there's an error.  If the user's
+       * policy is that complicated, something's gone very wrong.  Or there's
+       * too much commentary or something.
        */
       if (pf.lno > 100) {
        logmsg(&c->q, LOG_ERR, "%s:%d: user policy file too long",
@@ -719,6 +719,9 @@ static void client_line(char *line, size_t len, void *p)
        break;
       }
 
+      /* If this was a blank line, just go around again. */
+      if (t != T_OK) continue;
+
       /* If this isn't a match, go around for the next rule. */
       if (!match_policy(&pf.p, &c->q)) continue;