yquake2
/
yquake2remaster
mirror of https://github.com/yquake2/yquake2remaster.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Filter .., :, / and \\ from al_driver and cl_libcurl. 

This is a poor mans safeguard against malicious server trying to
download and inject libraries.
This commit is contained in:
Yamagi 2024-06-22 17:22:22 +02:00
parent 5e6a73dc3f
commit 852cec05e7
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/client/curl/qcurl.c
View File

@ -101,6 +101,11 @@ qboolean qcurlInit(void)
// Mkay, let's try to find a working libcurl. // Mkay, let's try to find a working libcurl.
cl_libcurl = Cvar_Get("cl_libcurl", (char *)libcurl[0], CVAR_ARCHIVE); cl_libcurl = Cvar_Get("cl_libcurl", (char *)libcurl[0], CVAR_ARCHIVE);
if (strstr(cl_libcurl->string, "..") || strstr(cl_libcurl->string, ":") || strstr(cl_libcurl->string, "/") || strstr(cl_libcurl->string, "\\"))
{
Com_Printf("cl_libcurl must not contain '..', ':', '/' or '\': %s\n", cl_libcurl->string);
goto error;
}
Com_Printf("Loading library: %s\n", cl_libcurl->string); Com_Printf("Loading library: %s\n", cl_libcurl->string);
Sys_LoadLibrary(cl_libcurl->string, NULL, &curlhandle); Sys_LoadLibrary(cl_libcurl->string, NULL, &curlhandle);

7
src/client/sound/qal.c
View File

@ -406,9 +406,14 @@ QAL_Init()
/* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */ /* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */
al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE); al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE);
Com_Printf("Loading library: %s\n", al_driver->string); if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string, "/") || strstr(al_driver->string, "\\"))
{
Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string);
return false;
}
/* Load the library */ /* Load the library */
Com_Printf("Loading library: %s\n", al_driver->string);
Sys_LoadLibrary(al_driver->string, NULL, &handle); Sys_LoadLibrary(al_driver->string, NULL, &handle);
if (!handle) if (!handle)