[PATCH] Add a command line argument for disabling indirect GLX.

[Eric Anholt]

The attack surface for indirect GLX is huge, and it's of no use to
most people (if you get an indirect GL context, you're better served
by a immediate X error than actually trying to use an indirect GL
context and finding out that it doesn't support doing anything you
want, slowly).  This flag gives you a chance to disable indirect GLX
in environments where you just don't need it.

I put in both the '+' and '-' arguments right now, so that it's easy
to patch the value to change the default policy.

Signed-off-by: Eric Anholt <eric at anholt.net>
Acked-by: Julien Cristau <jcristau at debian.org>
---
 glx/glxcmds.c    | 10 ++++++++++
 include/opaque.h |  1 +
 os/utils.c       |  8 ++++++++
 3 files changed, 19 insertions(+)

diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index 187e426..ded7aca 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -232,6 +232,16 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId,
 
     LEGAL_NEW_RESOURCE(gcId, client);
 
+    /* Only allow creating indirect GLX contexts if allowed by server
+     * command line.  Indirect GLX is of limited use (since it's only
+     * GL 1.4), it's slower than direct contexts, and it's a massive
+     * attack surface for buffer overflow type errors.
+     */
+    if (!enableIndirectGLX && !isDirect) {
+        client->errorValue = isDirect;
+        return BadMatch;
+    }
+
     /*
      ** Find the display list space that we want to share.  
      **
diff --git a/include/opaque.h b/include/opaque.h
index 6b8071c..a2c54aa 100644
--- a/include/opaque.h
+++ b/include/opaque.h
@@ -56,6 +56,7 @@ extern _X_EXPORT Bool explicit_display;
 extern _X_EXPORT int defaultBackingStore;
 extern _X_EXPORT Bool disableBackingStore;
 extern _X_EXPORT Bool enableBackingStore;
+extern _X_EXPORT Bool enableIndirectGLX;
 extern _X_EXPORT Bool PartialNetwork;
 extern _X_EXPORT Bool RunFromSigStopParent;
 
diff --git a/os/utils.c b/os/utils.c
index 83d85cd..bc5e7df 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -194,6 +194,8 @@ Bool noGEExtension = FALSE;
 
 Bool CoreDump;
 
+Bool enableIndirectGLX = TRUE;
+
 #ifdef PANORAMIX
 Bool PanoramiXExtensionDisabledHack = FALSE;
 #endif
@@ -538,6 +540,8 @@ UseMsg(void)
     ErrorF("-fn string             default font name\n");
     ErrorF("-fp string             default font path\n");
     ErrorF("-help                  prints message with these options\n");
+    ErrorF("+iglx                  Allow creating indirect GLX contexts (default)\n");
+    ErrorF("-iglx                  Prohibit creating indirect GLX contexts\n");
     ErrorF("-I                     ignore all remaining arguments\n");
 #ifdef RLIMIT_DATA
     ErrorF("-ld int                limit data space to N Kb\n");
@@ -784,6 +788,10 @@ ProcessCommandLine(int argc, char *argv[])
             UseMsg();
             exit(0);
         }
+        else if (strcmp(argv[i], "+iglx") == 0)
+            enableIndirectGLX = TRUE;
+        else if (strcmp(argv[i], "-iglx") == 0)
+            enableIndirectGLX = FALSE;
         else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) {
             if (skip > 0)
                 i += skip - 1;
-- 
1.9.2