yquake2/yquake2remaster
0
0
Fork 0
mirror of https://github.com/yquake2/yquake2remaster.git synced 2024-11-28 15:21:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1116 from devnexen/prev_fix_sec_optim

Browse source 
micro optimisations for previous security mitigations.
This commit is contained in:
Yamagi 2024-06-30 20:54:08 +02:00 committed by GitHub
commit a315b15494
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/client/cl_download.c
View file

@ -555,7 +555,7 @@ CL_DownloadFilter(const char *filename)
return true; return true;
} }
if (strstr(filename, "..") || strstr(filename, ":") || (*filename == '.') || (*filename == '/')) if (strstr(filename, "..") || strchr(filename, ':') || (*filename == '.') || (*filename == '/'))
{ {
Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename); Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename);
return true; return true;

2
src/client/sound/qal.c
View file

@ -406,7 +406,7 @@ QAL_Init()
/* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */ /* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */
al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE); al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE);
if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string, "/") || strstr(al_driver->string, "\\")) if (strstr(al_driver->string, "..") || strchr(al_driver->string, ':') || strchr(al_driver->string, '/') || strchr(al_driver->string, '\\'))
{ {
Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string); Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string);
return false; return false;