json: prevent null deref if chain->policy is not set

The two commits mentioned below resolved null dererence crashes when the
policy resp. priority keyword was missing in the chain/flowtable
specification.

Same issue exists in the json output path, so apply similar fix there
and extend the existing test cases.

Fixes: 5b37479b42b3 ("nftables: don't crash in 'list ruleset' if policy is not set")
Fixes: b40bebbcee36 ("rule: do not crash if to-be-printed flowtable lacks priority")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Phil Sutter <phil@nwl.cc>

1 files changed, 14 insertions, 5 deletions

diff --git a/src/json.c b/src/json.c
index cbed9ce9..e64bbf57 100644
--- a/src/json.c
+++ b/src/json.c
@@ -300,8 +300,14 @@ static json_t *chain_print_json(const struct chain *chain)
 	if (chain->flags & CHAIN_F_BASECHAIN) {
 		mpz_export_data(&priority, chain->priority.expr->value,
 				BYTEORDER_HOST_ENDIAN, sizeof(int));
-		mpz_export_data(&policy, chain->policy->value,
-				BYTEORDER_HOST_ENDIAN, sizeof(int));
+
+		if (chain->policy) {
+			mpz_export_data(&policy, chain->policy->value,
+					BYTEORDER_HOST_ENDIAN, sizeof(int));
+		} else {
+			policy = NF_ACCEPT;
+		}
+
 		tmp = json_pack("{s:s, s:s, s:i, s:s}",
 				"type", chain->type.str,
 				"hook", hooknum2str(chain->handle.family,
@@ -476,10 +482,13 @@ static json_t *obj_print_json(const struct obj *obj)
 static json_t *flowtable_print_json(const struct flowtable *ftable)
 {
 	json_t *root, *devs = NULL;
-	int i, priority;
+	int i, priority = 0;
+
+	if (ftable->priority.expr) {
+		mpz_export_data(&priority, ftable->priority.expr->value,
+				BYTEORDER_HOST_ENDIAN, sizeof(int));
+	}
 
-	mpz_export_data(&priority, ftable->priority.expr->value,
-			BYTEORDER_HOST_ENDIAN, sizeof(int));
 	root = json_pack("{s:s, s:s, s:s, s:I, s:s, s:i}",
 			"family", family2str(ftable->handle.family),
 			"name", ftable->handle.flowtable.name,