From 838dcc15ab2052711b732ead918a8e146b7c3451 Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>
Date: Sat, 11 Feb 2006 09:50:11 +0000
Subject: Make '-p all' a special case that is handled before calling
 getprotoent() (Closes: #446)

---
 iptables.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'iptables.c')

diff --git a/iptables.c b/iptables.c
index b66e5e1..c8ab71e 100644
--- a/iptables.c
+++ b/iptables.c
@@ -229,7 +229,6 @@ static const struct pprot chain_protos[] = {
 	{ "esp", IPPROTO_ESP },
 	{ "ah", IPPROTO_AH },
 	{ "sctp", IPPROTO_SCTP },
-	{ "all", 0 },
 };
 
 static char *
@@ -756,6 +755,13 @@ parse_protocol(const char *s)
 	if (string_to_number(s, 0, 255, &proto) == -1) {
 		struct protoent *pent;
 
+		/* first deal with the special case of 'all' to prevent
+		 * people from being able to redefine 'all' in nsswitch
+		 * and/or provoke expensive [not working] ldap/nis/... 
+		 * lookups */
+		if (!strcmp(s, "all"))
+			return 0;
+
 		if ((pent = getprotobyname(s)))
 			proto = pent->p_proto;
 		else {
-- 
cgit v1.2.3