[master] efebc8f74 param: Move alias resolution before protected check

Dridi Boukelmoune dridi.boukelmoune at gmail.com
Thu May 15 16:22:05 UTC 2025 

commit efebc8f74a017fab87e39e72362342a6c754edde
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Fri May 2 15:13:00 2025 +0200

    param: Move alias resolution before protected check
    
    Instead of resolving tweaks when the function is called, this is now
    done in the MGT code performing the protected check. Since aliases may
    be used to reset a single bit of another parameter (namely vcc_feature)
    the default value is looked up before the alias resolution.
    
    Unfortunately, that also means resolving deprecated aliases before
    showing them to the user, adding a little bit of duplicated logic.
    
    Refs #4323

diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c
index 377ae18a4..f88dc4014 100644
--- a/bin/varnishd/mgt/mgt_param.c
+++ b/bin/varnishd/mgt/mgt_param.c
@@ -155,6 +155,18 @@ mcf_addpar(struct parspec *ps)
 	VTAILQ_INSERT_TAIL(&phead, pl, list);
 }
 
+static const struct parspec *
+mcf_alias(struct parspec *alias, const struct parspec *pp)
+{
+	const struct parspec *orig;
+
+	orig = TRUST_ME(pp->priv);
+	AN(orig);
+	memcpy(alias, orig, sizeof *alias);
+	alias->priv = TRUST_ME(orig);
+	return (alias);
+}
+
 /*--------------------------------------------------------------------
  * Wrap the text nicely.
  * Lines are allowed to contain two TABS and we render that as a table
@@ -253,6 +265,7 @@ mcf_param_show(struct cli *cli, const char * const *av, void *priv)
 {
 	struct plist *pl;
 	const struct parspec *pp, *pa;
+	struct parspec alias[1];
 	int n, lfmt = 0, chg = 0;
 	struct vsb *vsb;
 	const char *show = NULL;
@@ -285,9 +298,13 @@ mcf_param_show(struct cli *cli, const char * const *av, void *priv)
 		pp = pl->spec;
 		if (lfmt && show != NULL && strcmp(pp->name, show))
 			continue;
-		if (pp->func == tweak_alias &&
-		    (show == NULL || strcmp(pp->name, show)))
-			continue;
+		if (pp->func == tweak_alias) {
+			if (show == NULL)
+				continue;
+			if (strcmp(pp->name, show))
+				continue;
+			pp = mcf_alias(alias, pp);
+		}
 		n++;
 
 		VSB_clear(vsb);
@@ -385,6 +402,7 @@ mcf_param_show_json(struct cli *cli, const char * const *av, void *priv)
 	int n, comma = 0, chg = 0;
 	struct plist *pl;
 	const struct parspec *pp, *pa;
+	struct parspec alias[1];
 	struct vsb *vsb, *def;
 	const char *show = NULL, *sep;
 
@@ -422,9 +440,13 @@ mcf_param_show_json(struct cli *cli, const char * const *av, void *priv)
 		pp = pl->spec;
 		if (show != NULL && strcmp(pp->name, show) != 0)
 			continue;
-		if (pp->func == tweak_alias &&
-		    (show == NULL || strcmp(pp->name, show)))
-			continue;
+		if (pp->func == tweak_alias) {
+			if (show == NULL)
+				continue;
+			if (strcmp(pp->name, show))
+				continue;
+			pp = mcf_alias(alias, pp);
+		}
 		n++;
 
 		VSB_clear(vsb);
@@ -544,6 +566,7 @@ void
 MCF_ParamSet(struct cli *cli, const char *param, const char *val)
 {
 	const struct parspec *pp;
+	struct parspec alias[1];
 
 	pp = mcf_findpar(param);
 	if (pp == NULL) {
@@ -559,13 +582,17 @@ MCF_ParamSet(struct cli *cli, const char *param, const char *val)
 		);
 		return;
 	}
+	if (!val)
+		val = pp->def;
+	if (pp->func == tweak_alias) {
+		pp = mcf_alias(alias, pp);
+		alias->name = param;
+	}
 	if (pp->flags & PROTECTED) {
 		VCLI_SetResult(cli, CLIS_AUTH);
 		VCLI_Out(cli, "parameter \"%s\" is protected.", param);
 		return;
 	}
-	if (!val)
-		val = pp->def;
 	if (pp->func(cli->sb, pp, val))
 		VCLI_SetResult(cli, CLIS_PARAM);
 
diff --git a/bin/varnishd/mgt/mgt_param_tweak.c b/bin/varnishd/mgt/mgt_param_tweak.c
index d3e753f1f..be406bccc 100644
--- a/bin/varnishd/mgt/mgt_param_tweak.c
+++ b/bin/varnishd/mgt/mgt_param_tweak.c
@@ -614,15 +614,11 @@ tweak_storage(struct vsb *vsb, const struct parspec *par, const char *arg)
 int v_matchproto_(tweak_t)
 tweak_alias(struct vsb *vsb, const struct parspec *par, const char *arg)
 {
-	const struct parspec *orig;
-	struct parspec alias[1];
-
-	orig = TRUST_ME(par->priv);
-	AN(orig);
-	memcpy(alias, orig, sizeof *orig);
-	alias->name = par->name;
-	alias->priv = TRUST_ME(orig);
-	return (alias->func(vsb, alias, arg));
+
+	(void)vsb;
+	(void)par;
+	(void)arg;
+	WRONG("param tweak never called directly");
 }
 
 /*--------------------------------------------------------------------
diff --git a/bin/varnishtest/tests/r04323.vtc b/bin/varnishtest/tests/r04323.vtc
new file mode 100644
index 000000000..02365fe2b
--- /dev/null
+++ b/bin/varnishtest/tests/r04323.vtc
@@ -0,0 +1,6 @@
+varnishtest "parameter alias bypassing protection"
+
+varnish v1 -arg "-r vcc_feature"
+
+varnish v1 -clierr 107 "param.set vcc_feature all"
+varnish v1 -clierr 107 "param.set vcc_allow_inline_c on"

More information about the varnish-commit mailing list