From 852cec05e78a9bc3742b638188feb89b3e030547 Mon Sep 17 00:00:00 2001
From: Yamagi <yamagi@yamagi.org>
Date: Sat, 22 Jun 2024 17:22:22 +0200
Subject: [PATCH] Filter .., :, / and \\ from al_driver and cl_libcurl.

This is a poor mans safeguard against malicious server trying to
download and inject libraries.
---
 src/client/curl/qcurl.c | 5 +++++
 src/client/sound/qal.c  | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/client/curl/qcurl.c b/src/client/curl/qcurl.c
index d7800197..7916c332 100644
--- a/src/client/curl/qcurl.c
+++ b/src/client/curl/qcurl.c
@@ -101,6 +101,11 @@ qboolean qcurlInit(void)
 
 	// Mkay, let's try to find a working libcurl.
 	cl_libcurl = Cvar_Get("cl_libcurl", (char *)libcurl[0], CVAR_ARCHIVE);
+	if (strstr(cl_libcurl->string, "..") || strstr(cl_libcurl->string, ":") || strstr(cl_libcurl->string,         "/") || strstr(cl_libcurl->string, "\\"))
+	{
+		Com_Printf("cl_libcurl must not contain '..', ':', '/' or '\': %s\n", cl_libcurl->string);
+		goto error;
+	}
 
 	Com_Printf("Loading library: %s\n", cl_libcurl->string);
 	Sys_LoadLibrary(cl_libcurl->string, NULL, &curlhandle);
diff --git a/src/client/sound/qal.c b/src/client/sound/qal.c
index d856c342..da8cb16c 100644
--- a/src/client/sound/qal.c
+++ b/src/client/sound/qal.c
@@ -406,9 +406,14 @@ QAL_Init()
 	/* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */
 	al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE);
 
-	Com_Printf("Loading library: %s\n", al_driver->string);
+	if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string,         "/") || strstr(al_driver->string, "\\"))
+	{
+		Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string);
+		return false;
+	}
 
 	/* Load the library */
+	Com_Printf("Loading library: %s\n", al_driver->string);
 	Sys_LoadLibrary(al_driver->string, NULL, &handle);
 
 	if (!handle)