fw4: perform strict validation of zone and set names

The nft syntax grammar requires unquoted chain and set names which imposes
certain format restrictions. Introduce a new `identifier` datatype and use
it for validating set and zone names.

Fixes: https://github.com/openwrt/luci/issues/6633
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 033083505a03126505cc9123bb49d842cf12d975..d25afb7cdfbf1276277e47f7f00ff9c091926327 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -1573,6 +1573,10 @@ return {
                ]), "postpend", "append");
        },
 
+       parse_identifier: function(val) {
+               return match(val, /^[a-zA-Z_.][a-zA-Z0-9\/_.-]*$/)?.[0];
+       },
+
        parse_string: function(val) {
                return "" + val;
        },
@@ -1960,7 +1964,7 @@ return {
                let zone = this.parse_options(data, {
                        enabled: [ "bool", "1" ],
 
-                       name: [ "string", null, REQUIRED ],
+                       name: [ "identifier", null, REQUIRED ],
                        family: [ "family" ],
 
                        network: [ "device", null, PARSE_LIST ],
@@ -3185,7 +3189,7 @@ return {
                        reload: [ "bool", null, UNSUPPORTED ],
 
                        position: [ "includeposition" ],
-                       chain: [ "string" ]
+                       chain: [ "identifier" ]
                });
 
                if (!inc.enabled) {
@@ -3247,7 +3251,7 @@ return {
                        counters: [ "bool" ],
                        comment: [ "string" ],
 
-                       name: [ "string", null, REQUIRED ],
+                       name: [ "identifier", null, REQUIRED ],
                        family: [ "family", "4" ],
 
                        storage: [ "string", null, UNSUPPORTED ],