yquake2/yquake2remaster
0
0
Fork 0
mirror of https://github.com/yquake2/yquake2remaster.git synced 2024-11-24 21:41:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'yquake2/master'

Browse source
This commit is contained in:
Denis Pauk 2024-06-30 23:06:16 +03:00
commit 96b8707825
4 changed files with 55 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
doc/040_cvarlist.md
View file

@ -146,9 +146,14 @@ it's `+set busywait 0` (setting the `busywait` cvar) and `-portable`
preview. `-1` - don't show animation. Defaults to `94` for show preview. `-1` - don't show animation. Defaults to `94` for show
salute animation. salute animation.
* **cl_nodownload_list**: Whitespace seperated list of strings, files * **cl_nodownload_list**: Whitespace separated list of substrings, files
having one these strings in their name are never downloaded. Set to having one these strings in their name are never downloaded. Empty by
`.dll .dylib .so` by default. default. Note that some substrings are always forbidden, for security
reasons these cannot be overridden: '.dll', '.dylib' and '.so' to
prevent downloading of libraries which could be injected into the
Yamagi Quake II process. '..' or ':' inside filenames and '/' or '.'
at the beginning of filenames to prevent downloading files into
arbitrary directories.
* **cl_r1q2_lightstyle**: Since the first release Yamagi Quake II used * **cl_r1q2_lightstyle**: Since the first release Yamagi Quake II used
the R1Q2 colors for the dynamic lights of rockets. Set to `0` to get the R1Q2 colors for the dynamic lights of rockets. Set to `0` to get

73
src/client/cl_download.c
View file

@ -540,6 +540,49 @@ CL_DownloadFileName(char *dest, int destlen, char *fn)
} }
} }
/*
* Returns true if a file is filtered and
* should not be downloaded, false otherwise.
*/
static qboolean
CL_DownloadFilter(const char *filename)
{
if (FS_LoadFile( (char *) filename, NULL) != -1)
{
/* it exists, no need to download */
return true;
}
if (strstr(filename, "..") || strchr(filename, ':') || (*filename == '.') || (*filename == '/'))
{
Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename);
return true;
}
if (strstr(filename, ".dll") || strstr(filename, ".dylib") || strstr(filename, ".so"))
{
Com_Printf("Refusing to download a path containing '.dll', '.dylib' or '.so': %s\n", filename);
return true;
}
char *nodownload = strdup(cl_nodownload_list->string);
char *nodownload_token = strtok(nodownload, " ");
while (nodownload_token != NULL)
{
Com_Printf("Token: %s\n", nodownload_token);
if (Q_strcasestr(filename, nodownload_token))
{
Com_Printf("Filename is filtered by cl_nodownload_list: %s\n", filename);
free(nodownload);
return true;
}
nodownload_token = strtok(NULL, " ");
}
free(nodownload);
return false;
}
/* /*
* Returns true if the file exists, otherwise it attempts * Returns true if the file exists, otherwise it attempts
* to start a download from the server. * to start a download from the server.
@ -557,29 +600,11 @@ CL_CheckOrDownloadFile(const char *filename)
*ptr = '/'; *ptr = '/';
} }
if (FS_LoadFile(filename, NULL) != -1) if (CL_DownloadFilter(filename))
{ {
/* it exists, no need to download */
return true; return true;
} }
if (strstr(filename, "..") || strstr(filename, ":") || (*filename == '.') || (*filename == '/'))
{
Com_Printf("Refusing to download a path with ..: %s\n", filename);
return true;
}
char *nodownload = strtok(cl_nodownload_list->string, " ");
while (nodownload != NULL)
{
if (Q_strcasestr(filename, nodownload))
{
Com_Printf("Filename is filtered by cl_nodownload_list: %s\n", filename);
return true;
}
nodownload = strtok(NULL, " ");
}
#ifdef USE_CURL #ifdef USE_CURL
if (!forceudp) if (!forceudp)
{ {
@ -683,16 +708,8 @@ CL_Download_f(void)
Com_sprintf(filename, sizeof(filename), "%s", Cmd_Argv(1)); Com_sprintf(filename, sizeof(filename), "%s", Cmd_Argv(1));
if (strstr(filename, "..")) if (CL_DownloadFilter(filename))
{ {
Com_Printf("Refusing to download a path with ..\n");
return;
}
if (FS_LoadFile(filename, NULL) != -1)
{
/* it exists, no need to download */
Com_Printf("File already exists.\n");
return; return;
} }

2
src/client/cl_main.c
View file

@ -520,7 +520,7 @@ CL_InitLocal(void)
cl_showfps = Cvar_Get("cl_showfps", "0", CVAR_ARCHIVE); cl_showfps = Cvar_Get("cl_showfps", "0", CVAR_ARCHIVE);
cl_showspeed = Cvar_Get("cl_showspeed", "0", CVAR_ARCHIVE); cl_showspeed = Cvar_Get("cl_showspeed", "0", CVAR_ARCHIVE);
cl_laseralpha = Cvar_Get("cl_laseralpha", "0.3", 0); cl_laseralpha = Cvar_Get("cl_laseralpha", "0.3", 0);
cl_nodownload_list = Cvar_Get("cl_nodownload_list", ".dll .dylib .so", 0); cl_nodownload_list = Cvar_Get("cl_nodownload_list", "", CVAR_ARCHIVE);
cl_upspeed = Cvar_Get("cl_upspeed", "200", 0); cl_upspeed = Cvar_Get("cl_upspeed", "200", 0);
cl_forwardspeed = Cvar_Get("cl_forwardspeed", "200", 0); cl_forwardspeed = Cvar_Get("cl_forwardspeed", "200", 0);

2
src/client/sound/qal.c
View file

@ -406,7 +406,7 @@ QAL_Init()
/* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */ /* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */
al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE); al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE);
if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string, "/") || strstr(al_driver->string, "\\")) if (strstr(al_driver->string, "..") || strchr(al_driver->string, ':') || strchr(al_driver->string, '/') || strchr(al_driver->string, '\\'))
{ {
Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string); Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string);
return false; return false;