only dlopen from the defined search paths

Don't accept absolute library paths that are not in the search path,
skip the ../ in paths to avoid opening arbitrary libraries from
unexpected places.

src/daemon/filter-chain/source-rnnoise.conf

@@ -21,7 +21,6 @@ context.modules = [
 			# listed in the environment variable LADSPA_PATH or 
 			# /usr/lib64/ladspa, /usr/lib/ladspa or the system library directory
 			# as a fallback.
-			# You might want to use an absolute path here to avoid problems.
                         plugin = "librnnoise_ladspa"
                         label  = noise_suppressor_stereo
                         control = {

src/modules/module-filter-chain.c

@@ -128,7 +128,7 @@ extern struct spa_handle_factory spa_filter_graph_factory;
  *             # an example ladspa plugin
  *             type = ladspa
  *             name = pitch
- *             plugin = "/usr/lib64/ladspa/ladspa-rubberband.so"
+ *             plugin = "ladspa-rubberband"
  *             label = "rubberband-r3-pitchshifter-mono"
  *             control = {
  *                 # controls are using the ladspa port names as seen in analyseplugin

src/modules/module-jack-tunnel.c

@@ -50,7 +50,6 @@
  *
  * - `jack.library`: the libjack to load, by default libjack.so.0 is searched in
  *			LIBJACK_PATH directories and then some standard library paths.
- *			Can be an absolute path.
  * - `jack.server`: the name of the JACK server to tunnel to.
  * - `jack.client-name`: the name of the JACK client.
  * - `jack.connect`: if jack ports should be connected automatically. Can also be

src/modules/module-jack-tunnel/weakjack.h

@@ -158,34 +158,36 @@ static inline int weakjack_load_by_path(struct weakjack *jack, const char *path)
 static inline int weakjack_load(struct weakjack *jack, const char *lib)
 {
 	int res = -ENOENT;
+	const char *search_dirs, *p, *state = NULL;
+	char path[PATH_MAX];
+	size_t len;
 
-	if (lib[0] != '/') {
-		const char *search_dirs, *p, *state = NULL;
-		char path[PATH_MAX];
-		size_t len;
+	while ((p = strstr(lib, "../")) != NULL)
+		lib = p + 3;
 
-		search_dirs = getenv("LIBJACK_PATH");
-		if (!search_dirs)
-			search_dirs = PREFIX "/lib64/:" PREFIX "/lib/:"
-				"/usr/lib64/:/usr/lib/:" LIBDIR;
+	search_dirs = getenv("LIBJACK_PATH");
+	if (!search_dirs)
+		search_dirs = PREFIX "/lib64/:" PREFIX "/lib/:"
+			"/usr/lib64/:/usr/lib/:" LIBDIR;
 
-		while ((p = pw_split_walk(search_dirs, ":", &len, &state))) {
-			int pathlen;
+	res = -ENAMETOOLONG;
 
-			if (len >= sizeof(path)) {
-				res = -ENAMETOOLONG;
-				continue;
-			}
+	while ((p = pw_split_walk(search_dirs, ":", &len, &state))) {
+		int pathlen;
+
+		if (len >= sizeof(path))
+			continue;
+
+		if (strncmp(lib, p, len) == 0)
+			pathlen = snprintf(path, sizeof(path), "%s", lib);
+		else
 			pathlen = snprintf(path, sizeof(path), "%.*s/%s", (int) len, p, lib);
-			if (pathlen < 0 || (size_t) pathlen >= sizeof(path)) {
-				res = -ENAMETOOLONG;
-				continue;
-			}
-			if ((res = weakjack_load_by_path(jack, path)) == 0)
-				break;
-		}
-	} else {
-		res = weakjack_load_by_path(jack, lib);
+
+		if (pathlen < 0 || (size_t) pathlen >= sizeof(path))
+			continue;
+
+		if ((res = weakjack_load_by_path(jack, path)) == 0)
+			break;
 	}
 	return res;
 }

src/pipewire/impl-module.c

@@ -154,6 +154,9 @@ pw_context_load_module(struct pw_context *context,
 		NULL
 	};
 
+	while ((p = strstr(name, "../")) != NULL)
+		name = p + 3;
+
 	pw_log_info("%p: name:%s args:%s", context, name, args);
 
 	module_dir = getenv("PIPEWIRE_MODULE_DIR");

src/pipewire/pipewire.c

@@ -232,6 +232,9 @@ static struct spa_handle *load_spa_handle(const char *lib,
 	if (lib == NULL)
 		lib = sup->support_lib;
 
+	while ((p = strstr(lib, "../")) != NULL)
+		lib = p + 3;
+
 	pw_log_debug("load lib:'%s' factory-name:'%s'", lib, factory_name);
 
 	plugin = NULL;