rule: do not crash if to-be-printed flowtable lacks priority

Print an empty flowtable rather than crashing when dereferencing
flowtable->priority.expr (its NULL).

Signed-off-by: Florian Westphal <fw@strlen.de>

2 files changed, 15 insertions, 6 deletions

diff --git a/src/rule.c b/src/rule.c
index 65ff0fbb..545f9b2b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2107,12 +2107,15 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
 	if (nft_output_handle(octx))
 		nft_print(octx, " # handle %" PRIu64, flowtable->handle.handle.id);
 	nft_print(octx, "%s", opts->nl);
-	nft_print(octx, "%s%shook %s priority %s%s",
-		  opts->tab, opts->tab,
-		  hooknum2str(NFPROTO_NETDEV, flowtable->hook.num),
-		  prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
-			   flowtable->hook.num, flowtable->priority.expr),
-		  opts->stmt_separator);
+
+	if (flowtable->priority.expr) {
+		nft_print(octx, "%s%shook %s priority %s%s",
+			  opts->tab, opts->tab,
+			  hooknum2str(NFPROTO_NETDEV, flowtable->hook.num),
+			  prio2str(octx, priobuf, sizeof(priobuf), NFPROTO_NETDEV,
+				   flowtable->hook.num, flowtable->priority.expr),
+			  opts->stmt_separator);
+	}
 
 	if (flowtable->dev_array_len > 0) {
 		nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);
diff --git a/tests/shell/testcases/bogons/flowtable-no-priority-crash b/tests/shell/testcases/bogons/flowtable-no-priority-crash
new file mode 100644
index 00000000..b327a2bd
--- /dev/null
+++ b/tests/shell/testcases/bogons/flowtable-no-priority-crash
@@ -0,0 +1,6 @@
+reset rules
+table inet filter {
+	flowtable f {
+		devices = { lo }
+	}
+}