yquake2
/
yquake2remaster
mirror of https://github.com/yquake2/yquake2remaster.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

micro optimisations for previous security mitigations. 

also strtok_r uses its own provided buffer instead of the static one
even in a somewhat monothread context, it s still better.
This commit is contained in:
David Carlier 2024-06-29 17:33:26 +01:00
parent 1a1b32961b
commit d0dc3e9926
No known key found for this signature in database
GPG Key ID: D308BD11AB42D054
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/client/cl_download.c
View File

@ -555,7 +555,7 @@ CL_DownloadFilter(const char *filename)
return true; return true;
} }
if (strstr(filename, "..") || strstr(filename, ":") || (*filename == '.') || (*filename == '/')) if (strstr(filename, "..") || strchr(filename, ':') || (*filename == '.') || (*filename == '/'))
{ {
Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename); Com_Printf("Refusing to download a path containing '..' or ':' or starting with '.' or '/': %s\n", filename);
return true; return true;

2
src/client/sound/qal.c
View File

@ -406,7 +406,7 @@ QAL_Init()
/* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */ /* DEFAULT_OPENAL_DRIVER is defined at compile time via the compiler */
al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE); al_driver = Cvar_Get("al_driver", DEFAULT_OPENAL_DRIVER, CVAR_ARCHIVE);
if (strstr(al_driver->string, "..") || strstr(al_driver->string, ":") || strstr(al_driver->string, "/") || strstr(al_driver->string, "\\")) if (strstr(al_driver->string, "..") || strchr(al_driver->string, ':') || strchr(al_driver->string, '/') || strchr(al_driver->string, '\\'))
{ {
Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string); Com_Printf("al_driver must not contain '..', ':', '/' or '\': %s\n", al_driver->string);
return false; return false;