ebtables: Fix match_list insertion

Find the end of the match_list before inserting in case the list
contains more than one element.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index a88655ce4e2452351233ff7d27b04952b5222bef..e6a17a00cd5c7a51114a35e6f54291368a80c51d 100644 (file)
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -675,7 +675,7 @@ void ebt_add_match(struct xtables_match *m,
 {
        struct xtables_rule_match *i, **rule_matches = &cs->matches;
        struct xtables_match *newm;
-       struct ebt_match *newnode;
+       struct ebt_match *newnode, **matchp;
 
        /* match already in rule_matches, skip inclusion */
        for (i = *rule_matches; i; i = i->next) {
@@ -700,16 +700,15 @@ void ebt_add_match(struct xtables_match *m,
        newnode->ismatch = true;
        newnode->u.match = newm;
 
-       if (cs->match_list == NULL)
-               cs->match_list = newnode;
-       else
-               cs->match_list->next = newnode;
+       for (matchp = &cs->match_list; *matchp; matchp = &(*matchp)->next)
+               ;
+       *matchp = newnode;
 }
 
 void ebt_add_watcher(struct xtables_target *watcher,
                     struct iptables_command_state *cs)
 {
-       struct ebt_match *i, *newnode;
+       struct ebt_match *i, *newnode, **matchp;
 
        for (i = cs->match_list; i; i = i->next) {
                if (i->ismatch)
@@ -726,10 +725,9 @@ void ebt_add_watcher(struct xtables_target *watcher,
 
        newnode->u.watcher = watcher;
 
-       if (cs->match_list == NULL)
-               cs->match_list = newnode;
-       else
-               cs->match_list->next = newnode;
+       for (matchp = &cs->match_list; *matchp; matchp = &(*matchp)->next)
+               ;
+       *matchp = newnode;
 }
 
 int nft_init_eb(struct nft_handle *h, const char *pname)