We currently censor images from dix's GetImage, but not from ShmGetImage. This is a method to bypass XACE, creating a potential leak. We should censor in both methods.
Signed-off-by: Andrew Eikum <[email protected]> --- Xext/shm.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Xext/shm.c b/Xext/shm.c index 0a44b76..0557538 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -618,6 +618,7 @@ ProcShmGetImage(ClientPtr client) xShmGetImageReply xgi; ShmDescPtr shmdesc; VisualID visual = None; + RegionPtr pVisibleRegion = NULL; int rc; REQUEST(xShmGetImageReq); @@ -649,6 +650,9 @@ ProcShmGetImage(ClientPtr client) wBorderWidth((WindowPtr) pDraw) + (int) pDraw->height) return BadMatch; visual = wVisual(((WindowPtr) pDraw)); + pVisibleRegion = NotClippedByChildren((WindowPtr) pDraw); + if (pVisibleRegion) + RegionTranslate(pVisibleRegion, -pDraw->x, -pDraw->y); } else { if (stuff->x < 0 || @@ -685,6 +689,11 @@ ProcShmGetImage(ClientPtr client) stuff->width, stuff->height, stuff->format, stuff->planeMask, shmdesc->addr + stuff->offset); + if (pVisibleRegion) + XaceCensorImage(client, pVisibleRegion, + PixmapBytePad(stuff->width, pDraw->depth), pDraw, + stuff->x, stuff->y, stuff->width, stuff->height, + stuff->format, shmdesc->addr + stuff->offset); } else { @@ -696,11 +705,19 @@ ProcShmGetImage(ClientPtr client) stuff->width, stuff->height, stuff->format, plane, shmdesc->addr + length); + if (pVisibleRegion) + XaceCensorImage(client, pVisibleRegion, + BitmapBytePad(stuff->width), pDraw, + stuff->x, stuff->y, stuff->width, stuff->height, + stuff->format, shmdesc->addr + length); length += lenPer; } } } + if (pVisibleRegion) + RegionDestroy(pVisibleRegion); + if (client->swapped) { swaps(&xgi.sequenceNumber); swapl(&xgi.length); -- 2.9.0 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
