(!1920) Xres: XResQueryClientIds: enable security filtering

Pass each client we're considering to report through XaceHookClientAccess(), so security extensions have a chance to filter them out. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2025-04-17 17:54:33 +02:00 · 2025-04-17 17:54:33 +02:00 · 5db667b63c
parent 43bf6b5594
commit 5db667b63c
1 changed files with 6 additions and 2 deletions
--- a/Xext/xres.c
+++ b/Xext/xres.c
@ -546,7 +546,9 @@ ConstructClientIds(ClientPtr client,
        if (specs[specIdx].client == 0) {
            int c;
            for (c = 0; c < currentMaxClients; ++c) {
-                if (clients[c]) {
+                if (clients[c] &&
+                    (XaceHookClientAccess(client, clients[c], DixReadAccess)
+                                          != Success)) {
                    if (!ConstructClientIdValue(client, clients[c],
                                                specs[specIdx].mask, ctx)) {
                        return BadAlloc;
@ -556,7 +558,9 @@ ConstructClientIds(ClientPtr client,
        } else {
            int clientID = CLIENT_ID(specs[specIdx].client);

-            if ((clientID < currentMaxClients) && clients[clientID]) {
+            if ((clientID < currentMaxClients) && clients[clientID] &&
+                (XaceHookClientAccess(client, clients[clientID], DixReadAccess)
+                                      != Success)) {
                if (!ConstructClientIdValue(client, clients[clientID],
                                            specs[specIdx].mask, ctx)) {
                    return BadAlloc;