[netfilter-cvslog] r6466 - trunk/iptables
laforge at netfilter.org
laforge at netfilter.org
Sat Feb 11 10:50:11 CET 2006
Author: laforge at netfilter.org
Date: 2006-02-11 10:50:11 +0100 (Sat, 11 Feb 2006)
New Revision: 6466
Modified:
trunk/iptables/ip6tables.c
trunk/iptables/iptables.c
Log:
Make '-p all' a special case that is handled before calling getprotoent() (Closes: #446)
Modified: trunk/iptables/ip6tables.c
===================================================================
--- trunk/iptables/ip6tables.c 2006-02-11 09:34:16 UTC (rev 6465)
+++ trunk/iptables/ip6tables.c 2006-02-11 09:50:11 UTC (rev 6466)
@@ -224,7 +224,6 @@
{ "icmpv6", IPPROTO_ICMPV6 },
{ "esp", IPPROTO_ESP },
{ "ah", IPPROTO_AH },
- { "all", 0 },
};
static char *
@@ -808,6 +807,13 @@
if (string_to_number(s, 0, 255, &proto) == -1) {
struct protoent *pent;
+ /* first deal with the special case of 'all' to prevent
+ * people from being able to redefine 'all' in nsswitch
+ * and/or provoke expensive [not working] ldap/nis/...
+ * lookups */
+ if (!strcmp(s, "all"))
+ return 0;
+
if ((pent = getprotobyname(s)))
proto = pent->p_proto;
else {
Modified: trunk/iptables/iptables.c
===================================================================
--- trunk/iptables/iptables.c 2006-02-11 09:34:16 UTC (rev 6465)
+++ trunk/iptables/iptables.c 2006-02-11 09:50:11 UTC (rev 6466)
@@ -229,7 +229,6 @@
{ "esp", IPPROTO_ESP },
{ "ah", IPPROTO_AH },
{ "sctp", IPPROTO_SCTP },
- { "all", 0 },
};
static char *
@@ -756,6 +755,13 @@
if (string_to_number(s, 0, 255, &proto) == -1) {
struct protoent *pent;
+ /* first deal with the special case of 'all' to prevent
+ * people from being able to redefine 'all' in nsswitch
+ * and/or provoke expensive [not working] ldap/nis/...
+ * lookups */
+ if (!strcmp(s, "all"))
+ return 0;
+
if ((pent = getprotobyname(s)))
proto = pent->p_proto;
else {
More information about the netfilter-cvslog
mailing list