ebtables-compat: fix segfault in rules w/o target

This patch fixes a segfault in rules without target.

Now, these two rules are allowed:

% ebtables-compat -A FORWARD -p 0x0600 -j CONTINUE
% ebtables-compat -A FORWARD -p 0x0600

And both are printed:

Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-p 0x600 -j CONTINUE

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 8 insertions, 3 deletions

diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 90bcd63d..fd9554eb 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -114,6 +114,9 @@ static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs)
 {
 	int ret = 0;
 
+	if (cs->jumpto == NULL || strcmp(cs->jumpto, "CONTINUE") == 0)
+		return 0;
+
 	/* If no target at all, add nothing (default to continue) */
 	if (cs->target != NULL) {
 		/* Standard target? */
@@ -452,14 +455,16 @@ static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num,
 	}
 
 	printf("-j ");
-	if (!(format & FMT_NOTARGET))
-		printf("%s", cs.jumpto);
-
 	if (cs.target != NULL) {
 		if (cs.target->print != NULL) {
 			cs.target->print(&cs.fw, cs.target->t,
 					    format & FMT_NUMERIC);
 		}
+	} else {
+		if (strcmp(cs.jumpto, "") == 0)
+			printf("CONTINUE");
+		else
+			printf("%s", cs.jumpto);
 	}
 
 	if (!(format & FMT_NOCOUNTS))