From a8866de32cbfec57cde417b924798469ed72cae4 Mon Sep 17 00:00:00 2001
From: Walid Boudebouda <walid.boudebouda@gmail.com>
Date: Mon, 6 Nov 2023 11:14:10 +0100
Subject: [PATCH] mgt_cli: Don't pass unknown commands to the child

Since mgt is aware of all known cli commands, unknown commands should
be blocked by mgt and not forwarded to the child process to prevent
any malicious command smuggling (using quotes for example).
---
 bin/varnishd/mgt/mgt_cli.c       | 2 +-
 bin/varnishtest/tests/b00008.vtc | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c
index e6393f7f386..cc09ebdf73f 100644
--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -184,7 +184,7 @@ mcf_askchild(struct cli *cli, const char * const *av, void *priv)
 	}
 
 	cmd = mgt_cmd_lookup(av[1]);
-	if (cmd != NULL && VCLS_CMD_IS(cmd, INTERNAL)) {
+	if (cmd == NULL || VCLS_CMD_IS(cmd, INTERNAL)) {
 		VCLI_Out(cli, "Unknown request.\nType 'help' for more info.\n");
 		VCLI_SetResult(cli, CLIS_UNKNOWN);
 		return;
diff --git a/bin/varnishtest/tests/b00008.vtc b/bin/varnishtest/tests/b00008.vtc
index 49d54b37511..cd50d6ba2db 100644
--- a/bin/varnishtest/tests/b00008.vtc
+++ b/bin/varnishtest/tests/b00008.vtc
@@ -51,3 +51,5 @@ varnish v1 -cliok "param.set cli_limit 128"
 varnish v1 -clierr 201 "param.show"
 
 varnish v1 -cliok "\"help\" \"help\""
+
+varnish v1 -clierr 101 "\"vcl.use foo\""