only dlopen from the defined search paths

Don't accept absolute library paths that are not in the search path,
skip the ../ in paths to avoid opening arbitrary libraries from
unexpected places.

src/modules/module-jack-tunnel/weakjack.h

@@ -158,34 +158,36 @@ static inline int weakjack_load_by_path(struct weakjack *jack, const char *path)
 static inline int weakjack_load(struct weakjack *jack, const char *lib)
 {
 	int res = -ENOENT;
+	const char *search_dirs, *p, *state = NULL;
+	char path[PATH_MAX];
+	size_t len;
 
-	if (lib[0] != '/') {
-		const char *search_dirs, *p, *state = NULL;
-		char path[PATH_MAX];
-		size_t len;
+	while ((p = strstr(lib, "../")) != NULL)
+		lib = p + 3;
 
-		search_dirs = getenv("LIBJACK_PATH");
-		if (!search_dirs)
-			search_dirs = PREFIX "/lib64/:" PREFIX "/lib/:"
-				"/usr/lib64/:/usr/lib/:" LIBDIR;
+	search_dirs = getenv("LIBJACK_PATH");
+	if (!search_dirs)
+		search_dirs = PREFIX "/lib64/:" PREFIX "/lib/:"
+			"/usr/lib64/:/usr/lib/:" LIBDIR;
 
-		while ((p = pw_split_walk(search_dirs, ":", &len, &state))) {
-			int pathlen;
+	res = -ENAMETOOLONG;
 
-			if (len >= sizeof(path)) {
-				res = -ENAMETOOLONG;
-				continue;
-			}
+	while ((p = pw_split_walk(search_dirs, ":", &len, &state))) {
+		int pathlen;
+
+		if (len >= sizeof(path))
+			continue;
+
+		if (strncmp(lib, p, len) == 0)
+			pathlen = snprintf(path, sizeof(path), "%s", lib);
+		else
 			pathlen = snprintf(path, sizeof(path), "%.*s/%s", (int) len, p, lib);
-			if (pathlen < 0 || (size_t) pathlen >= sizeof(path)) {
-				res = -ENAMETOOLONG;
-				continue;
-			}
-			if ((res = weakjack_load_by_path(jack, path)) == 0)
-				break;
-		}
-	} else {
-		res = weakjack_load_by_path(jack, lib);
+
+		if (pathlen < 0 || (size_t) pathlen >= sizeof(path))
+			continue;
+
+		if ((res = weakjack_load_by_path(jack, path)) == 0)
+			break;
 	}
 	return res;
 }