From f0efefec2f3e746f2d42600ec8e6f91cf9ce3396 Mon Sep 17 00:00:00 2001
From: Joshua Kwan <joshk@triplehelix.org>
Date: Mon, 2 Feb 2004 22:57:54 +0000
Subject: [PATCH] SECURITY: accept only argument following -f for
 dgamelaunch.conf path

git-svn-id: svn://katsu.triplehelix.org/dgamelaunch/trunk@218 db0b04b0-f4d1-0310-9a6d-de3e77497b0e
---
 README        |  7 +++++--
 dgamelaunch.c | 28 ++++++++++++----------------
 2 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/README b/README
index e24e229..6d64536 100644
--- a/README
+++ b/README
@@ -77,14 +77,14 @@ service telnet
   wait      = no
   user      = root
   server    = /usr/sbin/in.telnetd
-  server_args     = -h -L /opt/nethack/nethack.dtype.org/dgamelaunch -q /etc/dgamelaunch.conf
+  server_args     = -h -L /opt/nethack/nethack.dtype.org/dgamelaunch -q -f /etc/dgamelaunch.conf
   rlimit_cpu      = 3600
   bind      = 64.71.163.206
 }
 
 A classic inetd line would look like this:
 
-telnet stream tcp nowait root.root /usr/sbin/tcpd /usr/sbin/in.telnetd -h -L /usr/sbin/dgamelaunch -q /etc/dgamelaunch.conf
+telnet stream tcp nowait root.root /usr/sbin/tcpd /usr/sbin/in.telnetd -h -L /usr/sbin/dgamelaunch -q -f /etc/dgamelaunch.conf
 
 In both cases, the -L specifies an alternate login program (telnetlogin is
 invoked by default) and -h prevents revealing of a login banner (for 
@@ -100,6 +100,9 @@ telnetd uses -p instead, and you can't give arguments (arguments appropriate
 to standard login are used), so it's necessary to start a shell script from
 it.  Some other telnetds do not support anything like this at all.
 
+The -f option, followed by a filename, specifies the path to the config file
+to use for dgamelaunch.
+
 For dgamelaunch, the -q option will silence errors pertaining to the server
 configuration. This is recommended for use within inetd to prevent spamming
 the clients, but when testing and setting up we strongly suggest you leave it
diff --git a/dgamelaunch.c b/dgamelaunch.c
index 3408a32..e6074e4 100644
--- a/dgamelaunch.c
+++ b/dgamelaunch.c
@@ -1480,33 +1480,29 @@ main (int argc, char** argv)
   unsigned int len;
   int c;
 
-  while ((c = getopt(argc, argv, "qh:p")) != -1)
+  while ((c = getopt(argc, argv, "qh:p:f:")) != -1)
   {
     switch (c)
     {
       case 'q':
 	silent = 1; break;
 
+      case 'f':
+	if (config)
+	{
+	  if (!silent)
+	    fprintf(stderr, "warning: using %s\n", argv[optind]);
+	  free(config);
+	}
+	  
+	config = strdup(optarg);
+	break;
+	
       default:
 	break; /*ignore */
     }
   }
   
-  if (optind < argc)
-  {
-    while (optind < argc)
-    {
-      if (config)
-      {
-	if (!silent)
-	  fprintf(stderr, "warning: using %s\n", argv[optind]);
-	free(config);
-      }
-      config = strdup(argv[optind]);
-      optind++;
-    }
-  }
-
   create_config();
 
   /* signal handlers */