From ceb834db55268b5e8e607ffb8d0e9acfc7f76c8f Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Thu, 17 Apr 2025 17:54:33 +0200
Subject: [PATCH] Xres: XResQueryClientIds: enable security filtering

Pass each client we're considering to report through XaceHookClientAccess(),
so security extensions have a chance to filter them out.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/xres.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Xext/xres.c b/Xext/xres.c
index a16b748d9..3f5943d97 100644
--- a/Xext/xres.c
+++ b/Xext/xres.c
@@ -546,7 +546,9 @@ ConstructClientIds(ClientPtr client,
         if (specs[specIdx].client == 0) {
             int c;
             for (c = 0; c < currentMaxClients; ++c) {
-                if (clients[c]) {
+                if (clients[c] &&
+                    (XaceHookClientAccess(client, clients[c], DixReadAccess)
+                                          != Success)) {
                     if (!ConstructClientIdValue(client, clients[c],
                                                 specs[specIdx].mask, ctx)) {
                         return BadAlloc;
@@ -556,7 +558,9 @@ ConstructClientIds(ClientPtr client,
         } else {
             int clientID = CLIENT_ID(specs[specIdx].client);
 
-            if ((clientID < currentMaxClients) && clients[clientID]) {
+            if ((clientID < currentMaxClients) && clients[clientID] &&
+                (XaceHookClientAccess(client, clients[clientID], DixReadAccess)
+                                      != Success)) {
                 if (!ConstructClientIdValue(client, clients[clientID],
                                             specs[specIdx].mask, ctx)) {
                     return BadAlloc;