src: BASECHAIN flag no longer implies presence of priority expression

The included bogon will crash nft because print side assumes that BASECHAIN
flag presence also means that priority expression is available.

Make the print side conditional.

Fixes: a66b5ad9540d ("src: allow for updating devices on existing netdev chain")
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 10 insertions, 6 deletions

diff --git a/src/rule.c b/src/rule.c
index 80315837..e2fe0979 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1047,8 +1047,10 @@ static void chain_print_declaration(const struct chain *chain,
 		nft_print(octx, "\n\t\tcomment \"%s\"", chain->comment);
 	nft_print(octx, "\n");
 	if (chain->flags & CHAIN_F_BASECHAIN) {
-		nft_print(octx, "\t\ttype %s hook %s", chain->type.str,
-			  hooknum2str(chain->handle.family, chain->hook.num));
+		if (chain->type.str)
+			nft_print(octx, "\t\ttype %s hook %s", chain->type.str,
+				  hooknum2str(chain->handle.family, chain->hook.num));
+
 		if (chain->dev_array_len == 1) {
 			nft_print(octx, " device \"%s\"", chain->dev_array[0]);
 		} else if (chain->dev_array_len > 1) {
@@ -1060,10 +1062,12 @@ static void chain_print_declaration(const struct chain *chain,
 			}
 			nft_print(octx, " }");
 		}
-		nft_print(octx, " priority %s;",
-			  prio2str(octx, priobuf, sizeof(priobuf),
-				   chain->handle.family, chain->hook.num,
-				   chain->priority.expr));
+
+		if (chain->priority.expr)
+			nft_print(octx, " priority %s;",
+				  prio2str(octx, priobuf, sizeof(priobuf),
+					   chain->handle.family, chain->hook.num,
+					   chain->priority.expr));
 		if (chain->policy) {
 			mpz_export_data(&policy, chain->policy->value,
 					BYTEORDER_HOST_ENDIAN, sizeof(int));