Don't load libraries with non-standard file extensions

Also don't allow writting files ending in a library extension such
as ".so.0" or ".dylib.0".

code/client/snd_openal.c

@@ -2517,12 +2517,6 @@ qboolean S_AL_Init( soundInterface_t *si )
 	s_alInputDevice = Cvar_Get( "s_alInputDevice", "", CVAR_ARCHIVE | CVAR_LATCH );
 	s_alDevice = Cvar_Get("s_alDevice", "", CVAR_ARCHIVE | CVAR_LATCH);
 
-	if ( COM_CompareExtension( s_alDriver->string, ".pk3" ) )
-	{
-		Com_Printf( "Rejecting DLL named \"%s\"", s_alDriver->string );
-		return qfalse;
-	}
-
 	// Load QAL
 	if( !QAL_Init( s_alDriver->string ) )
 	{

code/qcommon/files.c

@@ -566,7 +566,7 @@ static void FS_CheckFilenameIsMutable( const char *filename,
 		const char *function )
 {
 	// Check if the filename ends with the library, QVM, or pk3 extension
-	if( COM_CompareExtension( filename, DLL_EXT )
+	if( Sys_DllExtension( filename )
 		|| COM_CompareExtension( filename, ".qvm" )
 		|| COM_CompareExtension( filename, ".pk3" ) )
 	{

code/qcommon/qcommon.h

@@ -1072,6 +1072,8 @@ void	* QDECL Sys_LoadGameDll( const char *name, intptr_t (QDECL **entryPoint)(in
 				  intptr_t (QDECL *systemcalls)(intptr_t, ...) );
 void	Sys_UnloadDll( void *dllHandle );
 
+qboolean Sys_DllExtension( const char *name );
+
 char	*Sys_GetCurrentUser( void );
 
 void	QDECL Sys_Error( const char *error, ...) __attribute__ ((noreturn, format (printf, 1, 2)));

code/sys/sys_main.c

@@ -500,10 +500,9 @@ void *Sys_LoadDll(const char *name, qboolean useSystemLib)
 {
 	void *dllhandle;
 
-	// Don't load any DLLs that end with the pk3 extension
+	if(!Sys_DllExtension(name))
-	if (COM_CompareExtension(name, ".pk3"))
 	{
-		Com_Printf("Rejecting DLL named \"%s\"", name);
+		Com_Printf("Refusing to attempt to load library \"%s\": Extension not allowed.\n", name);
 		return NULL;
 	}
 
@@ -561,6 +560,12 @@ void *Sys_LoadGameDll(const char *name,
 
 	assert(name);
 
+	if(!Sys_DllExtension(name))
+	{
+		Com_Printf("Refusing to attempt to load library \"%s\": Extension not allowed.\n", name);
+		return NULL;
+	}
+
 	Com_Printf( "Loading DLL file: %s\n", name);
 	libHandle = Sys_LoadLibrary(name);
 

code/sys/sys_unix.c

@@ -912,3 +912,44 @@ qboolean Sys_PIDIsRunning( int pid )
 {
 	return kill( pid, 0 ) == 0;
 }
+
+/*
+=================
+Sys_DllExtension
+
+Check if filename should be allowed to be loaded as a DLL.
+=================
+*/
+qboolean Sys_DllExtension( const char *name ) {
+	const char *p;
+	char c = 0;
+
+	if ( COM_CompareExtension( name, DLL_EXT ) ) {
+		return qtrue;
+	}
+
+	// Check for format of filename.so.1.2.3
+	p = strstr( name, DLL_EXT "." );
+
+	if ( p ) {
+		p += strlen( DLL_EXT );
+
+		// Check if .so is only followed for periods and numbers.
+		while ( *p ) {
+			c = *p;
+
+			if ( !isdigit( c ) && c != '.' ) {
+				return qfalse;
+			}
+
+			p++;
+		}
+
+		// Don't allow filename to end in a period. file.so., file.so.0., etc
+		if ( c != '.' ) {
+			return qtrue;
+		}
+	}
+
+	return qfalse;
+}

code/sys/sys_win32.c

@@ -842,3 +842,14 @@ qboolean Sys_PIDIsRunning( int pid )
 
 	return qfalse;
 }
+
+/*
+=================
+Sys_DllExtension
+
+Check if filename should be allowed to be loaded as a DLL.
+=================
+*/
+qboolean Sys_DllExtension( const char *name ) {
+	return COM_CompareExtension( name, DLL_EXT );
+}