From: Willy Tarreau <w@1wt.eu>
Date: Thu, 26 Nov 2015 17:32:39 +0000 (+0100)
Subject: BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
X-Git-Tag: v1.7-dev1~34
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=a1c2b2c4f3e65d198a0a4b25a4f655f7b307a855;p=haproxy.git

BUG/MEDIUM: cli: changing compression rate-limiting must require admin level

Right now it's possible to change the global compression rate limiting
without the CLI being at the admin level.

This fix must be backported to 1.6 and 1.5.
---

diff --git a/src/dumpstats.c b/src/dumpstats.c
index 67686d3d4..3518e2ac2 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -1836,6 +1836,12 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line)
 				if (strcmp(args[3], "global") == 0) {
 					int v;
 
+					if (strm_li(s)->bind_conf->level < ACCESS_LVL_ADMIN) {
+						appctx->ctx.cli.msg = stats_permission_denied_msg;
+						appctx->st0 = STAT_CLI_PRINT;
+						return 1;
+					}
+
 					if (!*args[4]) {
 						appctx->ctx.cli.msg = "Expects a maximum input byte rate in kB/s.\n";
 						appctx->st0 = STAT_CLI_PRINT;