main/alsa-lib: avoid using wordexp

wordexp implementation will execute /bin/sh (as suggested in posix).
This breaks firefox sandbox. We also need to expand ~/ so that alsa uses
~/.asoundrc so we cannot just trick the configurescript to think that we
dont have wordexp since the fallback code would not expand anything at
all.

ref #7454

2 files changed, 133 insertions, 6 deletions

diff --git a/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch b/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch
new file mode 100644
index 0000000000..9205aa215d
--- /dev/null
+++ b/main/alsa-lib/0001-snd_user_file-avoid-use-wordexp.patch
@@ -0,0 +1,129 @@
+From 1f9113336e8eb4bd89ca040e90c5fdc79b0c567f Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 11 Jul 2017 18:25:13 +0200
+Subject: [PATCH] snd_user_file: avoid use wordexp
+
+As suggested in POSIX[1], wordexp might execute the shell. If the libc
+implementation does so, it will break the firefox sandbox which does
+not allow exec. This happened on Alpine Linux with musl libc[2].
+
+Since we cannot guarantee that the system wordexp implementation does
+not execute shell, we cannot really use it, and need to implement the
+~/ expansion ourselves.
+
+[1]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/wordexp.html#tag_16_684_08
+[2]: http://bugs.alpinelinux.org/issues/7454#note-2
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ src/userfile.c | 77 +++++++++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 47 insertions(+), 30 deletions(-)
+
+diff --git a/src/userfile.c b/src/userfile.c
+index 72779da4..0e3f5fae 100644
+--- a/src/userfile.c
++++ b/src/userfile.c
+@@ -21,6 +21,11 @@
+ #include <config.h>
+ #include <string.h>
+ #include <errno.h>
++#include <sys/types.h>
++#include <unistd.h>
++#include <pwd.h>
++#include <stdio.h>
++#include <stdlib.h>
+ 
+ /**
+  * \brief Get the full file name
+@@ -28,46 +33,58 @@
+  * \param result The pointer to store the resultant file name
+  * \return 0 if successful, or a negative error code
+  *
+- * Parses the given file name with POSIX-Shell-like expansion and
+- * stores the first matchine one.  The returned string is strdup'ed.
++ * Parses the given file name with POSIX-Shell-like expansion for ~/.
++ * The returned string is strdup'ed.
+  */
+ 
+-#ifdef HAVE_WORDEXP_H
+-#include <wordexp.h>
+ #include <assert.h>
+ int snd_user_file(const char *file, char **result)
+ {
+-	wordexp_t we;
+ 	int err;
+-	
++	size_t len;
++	char *buf = NULL;
++
+ 	assert(file && result);
+-	err = wordexp(file, &we, WRDE_NOCMD);
+-	switch (err) {
+-	case WRDE_NOSPACE:
+-		wordfree(&we);
+-		return -ENOMEM;
+-	case 0:
+-		if (we.we_wordc == 1)
+-			break;
+-		wordfree(&we);
+-		/* fall thru */
+-	default:
+-		return -EINVAL;
++	*result = NULL;
++
++	/* expand ~/ if needed */
++	if (file[0] == '~' && file[1] == '/') {
++		const char *home = getenv("HOME");
++		if (home == NULL) {
++			struct passwd pwent, *p = NULL;
++			uid_t id = getuid();
++			size_t bufsize = 1024;
++
++			buf = malloc(bufsize);
++			if (buf == NULL)
++				goto out;
++
++			while ((err = getpwuid_r(id, &pwent, buf, bufsize, &p)) == ERANGE) {
++				char *newbuf;
++				bufsize += 1024;
++				if (bufsize < 1024)
++					break;
++				newbuf = realloc(buf, bufsize);
++				if (newbuf == NULL)
++					goto out;
++				buf = newbuf;
++			}
++			home = err ? "" : pwent.pw_dir;
++		}
++		len = strlen(home) + strlen(&file[2]) + 2;
++		*result = malloc(len);
++		if (*result)
++			snprintf(*result, len, "%s/%s", home, &file[2]);
++	} else {
++		*result = strdup(file);
+ 	}
+-	*result = strdup(we.we_wordv[0]);
+-	wordfree(&we);
++
++out:
++	if (buf)
++		free(buf);
++
+ 	if (*result == NULL)
+ 		return -ENOMEM;
+ 	return 0;
+ }
+ 
+-#else /* !HAVE_WORDEXP_H */
+-/* just copy the string - would be nicer to expand by ourselves, though... */
+-int snd_user_file(const char *file, char **result)
+-{
+-	*result = strdup(file);
+-	if (! *result)
+-		return -ENOMEM;
+-	return 0;
+-}
+-#endif /* HAVE_WORDEXP_H */
+-- 
+2.13.2
+
diff --git a/main/alsa-lib/APKBUILD b/main/alsa-lib/APKBUILD
index a901778c15..3f9695ef20 100644
--- a/main/alsa-lib/APKBUILD
+++ b/main/alsa-lib/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=alsa-lib
 pkgver=1.1.4.1
-pkgrel=1
+pkgrel=2
 pkgdesc="An alternative implementation of Linux sound support"
 url="http://www.alsa-project.org"
 arch="all"
@@ -12,6 +12,7 @@ source="ftp://ftp.alsa-project.org/pub/lib/$pkgname-$pkgver.tar.bz2
 	alsa-lib-poll.patch
 	alsa-lib-stdint.patch
 	ucm_add_limits_h.patch
+	0001-snd_user_file-avoid-use-wordexp.patch
 	"
 
 builddir="$srcdir/$pkgname-$pkgver"
@@ -24,10 +25,6 @@ prepare() {
 
 build() {
 	cd "$builddir"
-	# musl does support wordexp but we don't want alsa to use it since it will
-	# execute /bin/sh and break things like firefox sandbox
-	# https://bugs.alpinelinux.org/issues/7454
-	ac_cv_header_wordexp_h=no \
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -51,4 +48,5 @@ package() {
 sha512sums="7b548c4ee29c4a1230a0edcd5d19219831290f96a214180a6530628acc05278d1348376195287d188f4f44d6be1914391c63994f1b50985c3eee74352da26b0b  alsa-lib-1.1.4.1.tar.bz2
 bdf86a1b76b2e6e9b43af33989fe51e4900fa0c6f317d8d746f30c540df647dbe0f6d41ec35b36b1cf7e46cc5e910e0a62bc39c765f849356ecd6e98d1de5885  alsa-lib-poll.patch
 2351262dade9a3c1a3de1b7d1a3a53a634a438b9b8aae7cc69e2b981500051f039e6381359b81392114ec6236e3d513b577bd4bf12c3d2ce1f871cd7651b2cab  alsa-lib-stdint.patch
-3b37652d50809443b5f8e80f8d447108195b0cd66fd917805bb393fc091584b6f3dad4414f568742b61745617e7a695862058a0a0f93dcc31e4c97177a520352  ucm_add_limits_h.patch"
+3b37652d50809443b5f8e80f8d447108195b0cd66fd917805bb393fc091584b6f3dad4414f568742b61745617e7a695862058a0a0f93dcc31e4c97177a520352  ucm_add_limits_h.patch
+e6baeee549533ea4b113bacfa772c183456ce51e6c84b378b82a6735159e43a11ff30c0a4a15207110c42dbd7be5e67bc5e2f593cdc99bd8b079204df7498ceb  0001-snd_user_file-avoid-use-wordexp.patch"