BUG/MEDIUM: stick-table: properly check permissions on CLI's set/clear cmd

The "set stick-table" CLI command's permissions are checked a bit too
late in the I/O handler, because the lookups performed at parsing time
can already cause an entry to be created at level "user" even though the
user does not have the permission to go further and to fill the data in.

Note that the impact remains pretty low since the entry is created without
data being touchable, and all within the table's settings (max entries,
expire etc). In addition it cannot even be used to periodically refresh
an entry and prevent it from expiring because only a creation is handled
at this point.

Let's add the check in cli_parse_table_req() so that these privileged
commands are entirely denied past the table lookup. This way it remains
possible to know that the table doesn't exist, like for the "show" command
but not more.

This should be backported to all stable branches, because the bug right
now cannot result in an accidental use (entries are not properly created
and deletion does not work).

Thanks to Omkhar Arasaratnam for finding and reporting this.

diff --git a/src/stick_table.c b/src/stick_table.c
index db55a543b31b66d108b68af1ba2e08fbf86875c9..f94d674ba5494d471d798e3c6fd60e6ee3a00f5e 100644 (file)
--- a/src/stick_table.c
+++ b/src/stick_table.c
@@ -5702,6 +5702,10 @@ static int cli_parse_table_req(char **args, char *payload, struct appctx *appctx
                return 0;
        }
 
+       /* only "show" is permitted to level user, others (clear/set) require "oper" */
+       if (ctx->action != STK_CLI_ACT_SHOW && !cli_has_level(appctx, ACCESS_LVL_OPER))
+               return 1;
+
        if (strcmp(args[3], "key") == 0)
                return table_process_entry_per_key(appctx, args);
        if (strcmp(args[3], "ptr") == 0)