[PATCH] SecurityResource should not segfault when client owning resource has exited
Eamon Walsh
ewalsh at tycho.nsa.gov
Fri Jun 4 12:33:33 PDT 2010
On 06/03/2010 11:13 PM, Alan Coopersmith wrote:
> From: Sam Lau <sam.lau at oracle.com>
>
> Fixes OpenSolaris bug 6949754:
> Xorg crashes when the magnifier is enabled at gdm login greeter window.
> http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6949754
>
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
> Xext/security.c | 8 +++++---
> 1 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/Xext/security.c b/Xext/security.c
> index e58ba10..4d496ad 100644
> --- a/Xext/security.c
> +++ b/Xext/security.c
> @@ -805,7 +805,6 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
> Mask allowed = SecurityResourceMask;
>
> subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
> - obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
>
> /* disable background None for untrusted windows */
> if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
> @@ -831,8 +830,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
> allowed |= DixReadAccess;
> }
>
> - if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
> - return;
> + if (clients[cid] != NULL) {
> + obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
> + if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
> + return;
> + }
>
> SecurityAudit("Security: denied client %d access %x to resource 0x%x "
> "of client %d on request %s\n", rec->client->index,
>
Reviewed-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
--
Eamon Walsh
National Security Agency
More information about the xorg-devel
mailing list