BUG/MEDIUM: cli: changing compression rate-limiting must require admin level

Right now it's possible to change the global compression rate limiting
without the CLI being at the admin level.

This fix must be backported to 1.6 and 1.5.

diff --git a/src/dumpstats.c b/src/dumpstats.c
index 67686d3d461690244a0ec40a82be174010abd33f..3518e2ac2d7eeaedcacf236afea1e713ce1920f2 100644 (file)
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -1836,6 +1836,12 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line)
                                if (strcmp(args[3], "global") == 0) {
                                        int v;
 
+                                       if (strm_li(s)->bind_conf->level < ACCESS_LVL_ADMIN) {
+                                               appctx->ctx.cli.msg = stats_permission_denied_msg;
+                                               appctx->st0 = STAT_CLI_PRINT;
+                                               return 1;
+                                       }
+
                                        if (!*args[4]) {
                                                appctx->ctx.cli.msg = "Expects a maximum input byte rate in kB/s.\n";
                                                appctx->st0 = STAT_CLI_PRINT;