From 7980f6171cc96350a39fbede20dc8688bc1fa066 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andy=20Teijelo=20P=C3=A9rez?= <ateijelo@gmail.com>
Date: Fri, 30 Sep 2016 09:04:38 -0400
Subject: [PATCH] Security fix: sendhup could be exploited

---
 sendhup.cpp | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/sendhup.cpp b/sendhup.cpp
index aceb10f..d8ed13d 100644
--- a/sendhup.cpp
+++ b/sendhup.cpp
@@ -2,12 +2,29 @@
 #include <sstream>
 #include <stdlib.h>
 
+using namespace std;
+
+void usage(const string& argv0)
+{
+    cout << "Usage: " << argv0 << " (freeradius|dnsmasq)" << endl;
+}
+
 int main(int argc, char *argv[])
 {
-    if (argc < 2)
+    if (argc < 2) {
+        usage(argv[0]);
         return 0;
-    std::ostringstream s;
-    s << "pkill -HUP " << argv[1];
-    //system("/etc/init.d/freeradius reload");
+    }
+
+    string argv1 { argv[1] };
+
+    // We're setuid, prevent people from abusing this
+    if (argv1 != "freeradius" && argv1 != "dnsmasq") {
+        usage(argv[0]);
+        return 1;
+    }
+
+    ostringstream s;
+    s << "pkill -HUP " << argv1;
     system(s.str().c_str());
 }