shm: Also censor images returned by ShmGetImage

We currently censor images from dix's GetImage, but not from ShmGetImage. This is a method to bypass XACE, creating a potential leak. We should censor in both methods. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
author: Andrew Eikum <aeikum@codeweavers.com> 2016-07-06 14:13:09 -0500
committer: Adam Jackson <ajax@redhat.com> 2016-07-15 10:56:28 -0400
commit: 4926845a57fa8b53e18ea7d3434bf5539e9b7782 (patch)
tree: 45ce4a45862195bd5f1d48d2fa8273a53af25ccc
parent: 9fcb554e9bfdf3eed2c2250d89150e3e7b907f01 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/Xext/shm.c b/Xext/shm.c
index 0a44b7611..05575385b 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -618,6 +618,7 @@ ProcShmGetImage(ClientPtr client)
     xShmGetImageReply xgi;
     ShmDescPtr shmdesc;
     VisualID visual = None;
+    RegionPtr pVisibleRegion = NULL;
     int rc;
 
     REQUEST(xShmGetImageReq);
@@ -649,6 +650,9 @@ ProcShmGetImage(ClientPtr client)
                wBorderWidth((WindowPtr) pDraw) + (int) pDraw->height)
             return BadMatch;
         visual = wVisual(((WindowPtr) pDraw));
+        pVisibleRegion = NotClippedByChildren((WindowPtr) pDraw);
+        if (pVisibleRegion)
+            RegionTranslate(pVisibleRegion, -pDraw->x, -pDraw->y);
     }
     else {
         if (stuff->x < 0 ||
@@ -685,6 +689,11 @@ ProcShmGetImage(ClientPtr client)
                                      stuff->width, stuff->height,
                                      stuff->format, stuff->planeMask,
                                      shmdesc->addr + stuff->offset);
+        if (pVisibleRegion)
+            XaceCensorImage(client, pVisibleRegion,
+                    PixmapBytePad(stuff->width, pDraw->depth), pDraw,
+                    stuff->x, stuff->y, stuff->width, stuff->height,
+                    stuff->format, shmdesc->addr + stuff->offset);
     }
     else {
 
@@ -696,11 +705,19 @@ ProcShmGetImage(ClientPtr client)
                                              stuff->width, stuff->height,
                                              stuff->format, plane,
                                              shmdesc->addr + length);
+                if (pVisibleRegion)
+                    XaceCensorImage(client, pVisibleRegion,
+                            BitmapBytePad(stuff->width), pDraw,
+                            stuff->x, stuff->y, stuff->width, stuff->height,
+                            stuff->format, shmdesc->addr + length);
                 length += lenPer;
             }
         }
     }
 
+    if (pVisibleRegion)
+        RegionDestroy(pVisibleRegion);
+
     if (client->swapped) {
         swaps(&xgi.sequenceNumber);
         swapl(&xgi.length);
author	Andrew Eikum <aeikum@codeweavers.com>	2016-07-06 14:13:09 -0500
committer	Adam Jackson <ajax@redhat.com>	2016-07-15 10:56:28 -0400
commit	4926845a57fa8b53e18ea7d3434bf5539e9b7782 (patch)
tree	45ce4a45862195bd5f1d48d2fa8273a53af25ccc
parent	9fcb554e9bfdf3eed2c2250d89150e3e7b907f01 (diff)