[xserver PATCH] shm: Also censor images returned by ShmGetImage
Andrew Eikum
aeikum at codeweavers.com
Wed Jul 6 19:13:09 UTC 2016
We currently censor images from dix's GetImage, but not from
ShmGetImage. This is a method to bypass XACE, creating a potential
leak. We should censor in both methods.
Signed-off-by: Andrew Eikum <aeikum at codeweavers.com>
---
Xext/shm.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/Xext/shm.c b/Xext/shm.c
index 0a44b76..0557538 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -618,6 +618,7 @@ ProcShmGetImage(ClientPtr client)
xShmGetImageReply xgi;
ShmDescPtr shmdesc;
VisualID visual = None;
+ RegionPtr pVisibleRegion = NULL;
int rc;
REQUEST(xShmGetImageReq);
@@ -649,6 +650,9 @@ ProcShmGetImage(ClientPtr client)
wBorderWidth((WindowPtr) pDraw) + (int) pDraw->height)
return BadMatch;
visual = wVisual(((WindowPtr) pDraw));
+ pVisibleRegion = NotClippedByChildren((WindowPtr) pDraw);
+ if (pVisibleRegion)
+ RegionTranslate(pVisibleRegion, -pDraw->x, -pDraw->y);
}
else {
if (stuff->x < 0 ||
@@ -685,6 +689,11 @@ ProcShmGetImage(ClientPtr client)
stuff->width, stuff->height,
stuff->format, stuff->planeMask,
shmdesc->addr + stuff->offset);
+ if (pVisibleRegion)
+ XaceCensorImage(client, pVisibleRegion,
+ PixmapBytePad(stuff->width, pDraw->depth), pDraw,
+ stuff->x, stuff->y, stuff->width, stuff->height,
+ stuff->format, shmdesc->addr + stuff->offset);
}
else {
@@ -696,11 +705,19 @@ ProcShmGetImage(ClientPtr client)
stuff->width, stuff->height,
stuff->format, plane,
shmdesc->addr + length);
+ if (pVisibleRegion)
+ XaceCensorImage(client, pVisibleRegion,
+ BitmapBytePad(stuff->width), pDraw,
+ stuff->x, stuff->y, stuff->width, stuff->height,
+ stuff->format, shmdesc->addr + length);
length += lenPer;
}
}
}
+ if (pVisibleRegion)
+ RegionDestroy(pVisibleRegion);
+
if (client->swapped) {
swaps(&xgi.sequenceNumber);
swapl(&xgi.length);
--
2.9.0
More information about the xorg-devel
mailing list