Add a command line argument for disabling indirect GLX.

The attack surface for indirect GLX is huge, and it's of no use to
most people (if you get an indirect GL context, you're better served
by a immediate X error than actually trying to use an indirect GL
context and finding out that it doesn't support doing anything you
want, slowly).  This flag gives you a chance to disable indirect GLX
in environments where you just don't need it.

I put in both the '+' and '-' arguments right now, so that it's easy
to patch the value to change the default policy.

Signed-off-by: Eric Anholt <eric@anholt.net>
Acked-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/glx/glxcmds.c b/glx/glxcmds.c
index fb236b65e..2fc3f4cc8 100644
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@@ -275,6 +275,17 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId,
      ** Allocate memory for the new context
      */
     if (!isDirect) {
+        /* Only allow creating indirect GLX contexts if allowed by
+         * server command line.  Indirect GLX is of limited use (since
+         * it's only GL 1.4), it's slower than direct contexts, and
+         * it's a massive attack surface for buffer overflow type
+         * errors.
+         */
+        if (!enableIndirectGLX) {
+            client->errorValue = isDirect;
+            return BadValue;
+        }
+
         /* Without any attributes, the only error that the driver should be
          * able to generate is BadAlloc.  As result, just drop the error
          * returned from the driver on the floor.