From d0dc3e992674a7b908b7be457093d890e0d6f98d Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 29 Jun 2024 17:33:26 +0100
Subject: [PATCH] micro optimisations for previous security mitigations.

also strtok_r uses its own provided buffer instead of the static one
even in a somewhat monothread context, it s still better.
---
 src/client/cl_download.c | 2 +-
 src/client/sound/qal.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/client/cl_download.c b/src/client/cl_download.c
index 29843e0e..e43923c2 100644
--- a/src/client/cl_download.c
+++ b/src/client/cl_download.c
@@ -555,7 +555,7 @@ CL_DownloadFilter(const char *filename)
 		return true;
 	}
 
-	if (strstr(filename, "..") || strstr(filename, ":") || (*filename == '.') || (*filename == '/'))
+	if (strstr(filename, "..") || strchr(filename, ':') || (*filename == '.') || (*filename == '/'))
 	{
 		Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename);
 		return true;
diff --git a/src/client/sound/qal.c b/src/client/sound/qal.c
index da8cb16c..02a074e0 100644
--- a/src/client/sound/qal.c
+++ b/src/client/sound/qal.c
@@ -406,7 +406,7 @@ QAL_Init()
 	/* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */
 	al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE);
 
-	if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string,         "/") || strstr(al_driver->string, "\\"))
+	if (strstr(al_driver->string, "..") || strchr(al_driver->string, ':') || strchr(al_driver->string,         '/') || strchr(al_driver->string, '\\'))
 	{
 		Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string);
 		return false;