aboutsummaryrefslogtreecommitdiffstats
path: root/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch')
-rw-r--r--main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch129
1 files changed, 129 insertions, 0 deletions
diff --git a/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch b/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch
new file mode 100644
index 0000000000..9205aa215d
--- /dev/null
+++ b/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch
@@ -0,0 +1,129 @@
+From 1f9113336e8eb4bd89ca040e90c5fdc79b0c567f Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 11 Jul 2017 18:25:13 +0200
+Subject: [PATCH] snd_user_file: avoid use wordexp
+
+As suggested in POSIX[1], wordexp might execute the shell. If the libc
+implementation does so, it will break the firefox sandbox which does
+not allow exec. This happened on Alpine Linux with musl libc[2].
+
+Since we cannot guarantee that the system wordexp implementation does
+not execute shell, we cannot really use it, and need to implement the
+~/ expansion ourselves.
+
+[1]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/wordexp.html#tag_16_684_08
+[2]: http://bugs.alpinelinux.org/issues/7454#note-2
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ src/userfile.c | 77 +++++++++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 47 insertions(+), 30 deletions(-)
+
+diff --git a/src/userfile.c b/src/userfile.c
+index 72779da4..0e3f5fae 100644
+--- a/src/userfile.c
++++ b/src/userfile.c
+@@ -21,6 +21,11 @@
+ #include <config.h>
+ #include <string.h>
+ #include <errno.h>
++#include <sys/types.h>
++#include <unistd.h>
++#include <pwd.h>
++#include <stdio.h>
++#include <stdlib.h>
+
+ /**
+ * \brief Get the full file name
+@@ -28,46 +33,58 @@
+ * \param result The pointer to store the resultant file name
+ * \return 0 if successful, or a negative error code
+ *
+- * Parses the given file name with POSIX-Shell-like expansion and
+- * stores the first matchine one. The returned string is strdup'ed.
++ * Parses the given file name with POSIX-Shell-like expansion for ~/.
++ * The returned string is strdup'ed.
+ */
+
+-#ifdef HAVE_WORDEXP_H
+-#include <wordexp.h>
+ #include <assert.h>
+ int snd_user_file(const char *file, char **result)
+ {
+- wordexp_t we;
+ int err;
+-
++ size_t len;
++ char *buf = NULL;
++
+ assert(file && result);
+- err = wordexp(file, &we, WRDE_NOCMD);
+- switch (err) {
+- case WRDE_NOSPACE:
+- wordfree(&we);
+- return -ENOMEM;
+- case 0:
+- if (we.we_wordc == 1)
+- break;
+- wordfree(&we);
+- /* fall thru */
+- default:
+- return -EINVAL;
++ *result = NULL;
++
++ /* expand ~/ if needed */
++ if (file[0] == '~' && file[1] == '/') {
++ const char *home = getenv("HOME");
++ if (home == NULL) {
++ struct passwd pwent, *p = NULL;
++ uid_t id = getuid();
++ size_t bufsize = 1024;
++
++ buf = malloc(bufsize);
++ if (buf == NULL)
++ goto out;
++
++ while ((err = getpwuid_r(id, &pwent, buf, bufsize, &p)) == ERANGE) {
++ char *newbuf;
++ bufsize += 1024;
++ if (bufsize < 1024)
++ break;
++ newbuf = realloc(buf, bufsize);
++ if (newbuf == NULL)
++ goto out;
++ buf = newbuf;
++ }
++ home = err ? "" : pwent.pw_dir;
++ }
++ len = strlen(home) + strlen(&file[2]) + 2;
++ *result = malloc(len);
++ if (*result)
++ snprintf(*result, len, "%s/%s", home, &file[2]);
++ } else {
++ *result = strdup(file);
+ }
+- *result = strdup(we.we_wordv[0]);
+- wordfree(&we);
++
++out:
++ if (buf)
++ free(buf);
++
+ if (*result == NULL)
+ return -ENOMEM;
+ return 0;
+ }
+
+-#else /* !HAVE_WORDEXP_H */
+-/* just copy the string - would be nicer to expand by ourselves, though... */
+-int snd_user_file(const char *file, char **result)
+-{
+- *result = strdup(file);
+- if (! *result)
+- return -ENOMEM;
+- return 0;
+-}
+-#endif /* HAVE_WORDEXP_H */
+--
+2.13.2
+