json: prevent null deref if chain->policy is not set

The two commits mentioned below resolved null dererence crashes when the
policy resp. priority keyword was missing in the chain/flowtable
specification.

Same issue exists in the json output path, so apply similar fix there
and extend the existing test cases.

Fixes: 5b37479b42b3 ("nftables: don't crash in 'list ruleset' if policy is not set")
Fixes: b40bebbcee36 ("rule: do not crash if to-be-printed flowtable lacks priority")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Phil Sutter <phil@nwl.cc>

2 files changed, 12 insertions, 1 deletions

diff --git a/tests/shell/testcases/bogons/nft-j-f/flowtable-no-priority-crash b/tests/shell/testcases/bogons/nft-j-f/flowtable-no-priority-crash
new file mode 100644
index 00000000..f348da90
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-j-f/flowtable-no-priority-crash
@@ -0,0 +1,6 @@
+table ip filter {
+	flowtable ft1 {
+		devices = { lo }
+	}
+}
+list ruleset
diff --git a/tests/shell/testcases/nft-f/0021list_ruleset_0 b/tests/shell/testcases/nft-f/0021list_ruleset_0
index 37729b4f..f3c3749b 100755
--- a/tests/shell/testcases/nft-f/0021list_ruleset_0
+++ b/tests/shell/testcases/nft-f/0021list_ruleset_0
@@ -12,4 +12,9 @@ RULESET="table filter {
 list  ruleset
 "
 
-exec $NFT -f - <<< "$RULESET"
+$NFT -f - <<< "$RULESET"
+
+if [ "$NFT_TEST_HAVE_json" != n ]; then
+	$NFT flush ruleset
+	$NFT -j -f - <<< "$RULESET"
+fi