From 146b04f4e2c63398a0b4b472f3ba053865f4d367 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Thu, 17 Apr 2025 17:42:59 +0200
Subject: [PATCH] Xres: XResQueryClientResources: enable security filtering

Pass each client we're considering to report through XaceHookClientAccess(),
so security extensions have a chance to filter them out.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/xres.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Xext/xres.c b/Xext/xres.c
index b5d8ee826..4ebd8fafe 100644
--- a/Xext/xres.c
+++ b/Xext/xres.c
@@ -308,7 +308,9 @@ ProcXResQueryClientResources(ClientPtr client)
 
     clientID = CLIENT_ID(stuff->xid);
 
-    if ((clientID >= currentMaxClients) || !clients[clientID]) {
+    if ((clientID >= currentMaxClients) || !clients[clientID] ||
+        (XaceHookClientAccess(client, clients[clientID], DixReadAccess)
+                              != Success)) {
         client->errorValue = stuff->xid;
         return BadValue;
     }