shm: Also censor images returned by ShmGetImage

We currently censor images from dix's GetImage, but not from ShmGetImage. This is a method to bypass XACE, creating a potential leak. We should censor in both methods. Reviewed-by: Adam Jackson <ajax@redhat.com> Signed-off-by: Andrew Eikum <aeikum@codeweavers.com> (cherry picked from commit 4926845a57fa8b53e18ea7d3434bf5539e9b7782)
author: Andrew Eikum <aeikum@codeweavers.com> 2016-07-06 14:13:09 -0500
committer: Adam Jackson <ajax@redhat.com> 2016-07-19 13:14:16 -0400
commit: 8ff830d1ea4c3572b8fb770009c73c40007e132a (patch)
tree: e269d30ef66373b16d920c12d3a14413eb5e60dd /Xext
parent: d4cbb1155a79a3dc1dc74cc155dbcfc303273856 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/Xext/shm.c b/Xext/shm.c
index b359a9035..2a3448dbc 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -619,6 +619,7 @@ ProcShmGetImage(ClientPtr client)
     xShmGetImageReply xgi;
     ShmDescPtr shmdesc;
     VisualID visual = None;
+    RegionPtr pVisibleRegion = NULL;
     int rc;
 
     REQUEST(xShmGetImageReq);
@@ -650,6 +651,9 @@ ProcShmGetImage(ClientPtr client)
                wBorderWidth((WindowPtr) pDraw) + (int) pDraw->height)
             return BadMatch;
         visual = wVisual(((WindowPtr) pDraw));
+        pVisibleRegion = NotClippedByChildren((WindowPtr) pDraw);
+        if (pVisibleRegion)
+            RegionTranslate(pVisibleRegion, -pDraw->x, -pDraw->y);
     }
     else {
         if (stuff->x < 0 ||
@@ -686,6 +690,11 @@ ProcShmGetImage(ClientPtr client)
                                      stuff->width, stuff->height,
                                      stuff->format, stuff->planeMask,
                                      shmdesc->addr + stuff->offset);
+        if (pVisibleRegion)
+            XaceCensorImage(client, pVisibleRegion,
+                    PixmapBytePad(stuff->width, pDraw->depth), pDraw,
+                    stuff->x, stuff->y, stuff->width, stuff->height,
+                    stuff->format, shmdesc->addr + stuff->offset);
     }
     else {
 
@@ -697,11 +706,19 @@ ProcShmGetImage(ClientPtr client)
                                              stuff->width, stuff->height,
                                              stuff->format, plane,
                                              shmdesc->addr + length);
+                if (pVisibleRegion)
+                    XaceCensorImage(client, pVisibleRegion,
+                            BitmapBytePad(stuff->width), pDraw,
+                            stuff->x, stuff->y, stuff->width, stuff->height,
+                            stuff->format, shmdesc->addr + length);
                 length += lenPer;
             }
         }
     }
 
+    if (pVisibleRegion)
+        RegionDestroy(pVisibleRegion);
+
     if (client->swapped) {
         swaps(&xgi.sequenceNumber);
         swapl(&xgi.length);
author	Andrew Eikum <aeikum@codeweavers.com>	2016-07-06 14:13:09 -0500
committer	Adam Jackson <ajax@redhat.com>	2016-07-19 13:14:16 -0400
commit	8ff830d1ea4c3572b8fb770009c73c40007e132a (patch)
tree	e269d30ef66373b16d920c12d3a14413eb5e60dd /Xext
parent	d4cbb1155a79a3dc1dc74cc155dbcfc303273856 (diff)