From dfd1da4bbc976a298cc9a4e065f59027e5e3a044 Mon Sep 17 00:00:00 2001
From: Olivier Fourdan <ofourdan@redhat.com>
Date: Mon, 23 Sep 2024 09:27:21 +0200
Subject: [PATCH] os: Fix NULL pointer dereference

RemoveHost() can be called from DisableLocalHost() with a NULL client,
but doesn't actually check whether the given client pointer is valid on
error and assigns the error value unconditionally, leading to a possible
NULL pointer dereference and a crash of the Xserver.

To avoid the issue, simply check whether the client pointer is not NULL
prior to assign the errorValue.

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1752
See-also: https://bugzilla.redhat.com/2313799
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1701>
---
 os/access.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/os/access.c b/os/access.c
index ee3e9731d..5ad36d68f 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1371,13 +1371,15 @@ RemoveHost(ClientPtr client, int family, unsigned length,       /* of bytes in p
     case FamilyChaos:
     case FamilyServerInterpreted:
         if ((len = CheckAddr(family, pAddr, length)) < 0) {
-            client->errorValue = length;
+            if (client)
+                client->errorValue = length;
             return BadValue;
         }
         break;
     case FamilyLocal:
     default:
-        client->errorValue = family;
+        if (client)
+            client->errorValue = family;
         return BadValue;
     }
     for (prev = &validhosts;