1 files changed, 36 insertions, 22 deletions

diff --git a/dix/gc.c b/dix/gc.c
index e7c48492f..ccd586bdd 100644
--- a/dix/gc.c
+++ b/dix/gc.c
@@ -63,6 +63,7 @@ SOFTWARE.
 
 #include "privates.h"
 #include "dix.h"
+#include "xace.h"
 #include <assert.h>
 
 extern XID clientErrorValue;
@@ -148,7 +149,7 @@ _X_EXPORT int
 dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr pUnion)
 {
     BITS32 	index2;
-    int 	error = 0;
+    int 	rc, error = 0;
     PixmapPtr 	pPixmap;
     BITS32	maskQ;
 
@@ -267,14 +268,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		if (pUnion)
 		{
 		    NEXT_PTR(PixmapPtr, pPixmap);
+		    rc = Success;
 		}
 		else
 		{
 		    NEXTVAL(XID, newpix);
-		    pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-					newpix, RT_PIXMAP, DixReadAccess);
+		    rc = dixLookupResource((pointer *)&pPixmap, newpix,
+					   RT_PIXMAP, client, DixReadAccess);
 		}
-		if (pPixmap)
+		if (rc == Success)
 		{
 		    if ((pPixmap->drawable.depth != pGC->depth) ||
 			(pPixmap->drawable.pScreen != pGC->pScreen))
@@ -293,7 +295,7 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		else
 		{
 		    clientErrorValue = newpix;
-		    error = BadPixmap;
+		    error = (rc == BadValue) ? BadPixmap : rc;
 		}
 		break;
 	    }
@@ -303,14 +305,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		if (pUnion)
 		{
 		    NEXT_PTR(PixmapPtr, pPixmap);
+		    rc = Success;
 		}
 		else
 		{
 		    NEXTVAL(XID, newstipple)
-		    pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-				newstipple, RT_PIXMAP, DixReadAccess);
+		    rc = dixLookupResource((pointer *)&pPixmap, newstipple,
+					   RT_PIXMAP, client, DixReadAccess);
 		}
-		if (pPixmap)
+		if (rc == Success)
 		{
 		    if ((pPixmap->drawable.depth != 1) ||
 			(pPixmap->drawable.pScreen != pGC->pScreen))
@@ -328,7 +331,7 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		else
 		{
 		    clientErrorValue = newstipple;
-		    error = BadPixmap;
+		    error = (rc == BadValue) ? BadPixmap : rc;
 		}
 		break;
 	    }
@@ -345,14 +348,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		if (pUnion)
 		{
 		    NEXT_PTR(FontPtr, pFont);
+		    rc = Success;
 		}
 		else
 		{
 		    NEXTVAL(XID, newfont)
-		    pFont = (FontPtr)SecurityLookupIDByType(client, newfont,
-						RT_FONT, DixReadAccess);
+		    rc = dixLookupResource((pointer *)&pFont, newfont,
+					   RT_FONT, client, DixUseAccess);
 		}
-		if (pFont)
+		if (rc == Success)
 		{
 		    pFont->refcnt++;
 		    if (pGC->font)
@@ -362,7 +366,7 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		else
 		{
 		    clientErrorValue = newfont;
-		    error = BadFont;
+		    error = (rc == BadValue) ? BadFont : rc;
 		}
 		break;
 	    }
@@ -415,9 +419,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 			clipType = CT_NONE;
 			pPixmap = NullPixmap;
 		    }
-		    else
-		        pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-					pid, RT_PIXMAP, DixReadAccess);
+		    else {
+			rc = dixLookupResource((pointer *)&pPixmap, pid,
+					       RT_PIXMAP, client,
+					       DixReadAccess);
+			if (rc != Success) {
+			    clientErrorValue = pid;
+			    error = (rc == BadValue) ? BadPixmap : rc;
+			}
+		    }
 		}
 
 		if (pPixmap)
@@ -433,11 +443,6 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 			pPixmap->refcnt++;
 		    }
 		}
-		else if (!pUnion && (pid != None))
-		{
-		    clientErrorValue = pid;
-		    error = BadPixmap;
-		}
 		if(error == Success)
 		{
 		    (*pGC->funcs->ChangeClip)(pGC, clipType,
@@ -601,7 +606,8 @@ AllocateGC(ScreenPtr pScreen)
 }
 
 _X_EXPORT GCPtr
-CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
+CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus,
+	 XID gcid, ClientPtr client)
 {
     GCPtr pGC;
 
@@ -663,6 +669,12 @@ CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
     pGC->stipple = pGC->pScreen->PixmapPerDepth[0];
     pGC->stipple->refcnt++;
 
+    /* security creation/labeling check */
+    *pStatus = XaceHook(XACE_RESOURCE_ACCESS, client, gcid, RT_GC,
+			DixCreateAccess|DixSetAttrAccess, pGC);
+    if (*pStatus != Success)
+	goto out;
+
     pGC->stateChanges = (1 << (GCLastBit+1)) - 1;
     if (!(*pGC->pScreen->CreateGC)(pGC))
 	*pStatus = BadAlloc;
@@ -670,6 +682,8 @@ CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
         *pStatus = ChangeGC(pGC, mask, pval);
     else
 	*pStatus = Success;
+
+out:
     if (*pStatus != Success)
     {
 	if (!pGC->tileIsPixel && !pGC->tile.pixmap)