fw4: substitute double quotes in strings

The nftables parser has no concept of escape characters in quoted strings,
nor does it support alternative quoting styles so it is currently
impossible to emit double quoted strings containing double quotes.

This could cause nftables to choke on generated rulesets that contain
strings with embedded quotes, e.g. within firewall rule comments.

Since firewall3 (iptables based) historically allowed arbitrary characters
in comments and since we want to stay backwards compatible with existing
uci configurations we can not restrict the allowed input values either.

Work around the issue by substituting all double quotes with single quotes
when quoting strings for interpolation into the ruleset.

Fixes: https://github.com/openwrt/luci/issues/7091
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 551811a0b2c892904c3cc0dbf0922927aec6d2db..a59eb41f8e08a62aee5d28616becee1d2ec22ad7 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -1643,7 +1643,7 @@ return {
 
        quote: function(s, force) {
                if (force === true || !match(s, /^([0-9A-Fa-f:.\/-]+)( \. [0-9A-Fa-f:.\/-]+)*$/))
-                       return `"${replace(s + "", /(["\\])/g, '\\$1')}"`;
+                       return `"${replace(s, '"', "'")}"`;
 
                return s;
        },