frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/glx
History
Olivier Fourdan 8d825f72da glx: Call XACE hooks on the GLX buffer 
The XSELINUX code will label resources at creation by checking the
access mode. When the access mode is DixCreateAccess, it will call the
function to label the new resource SELinuxLabelResource().

However, GLX buffers do not go through the XACE hooks when created,
hence leaving the resource actually unlabeled.

When, later, the client tries to create another resource using that
drawable (like a GC for example), the XSELINUX code would try to use
the security ID of that object which has never been labeled, get a NULL
pointer and crash when checking whether the requested permissions are
granted for subject security ID.

To avoid the issue, make sure to call the XACE hooks when creating the
GLX buffers.

Credit goes to Donn Seeley <donn@xmission.com> for providing the patch.

CVE-2024-0408

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit e5e8586a12)
 		2024-01-16 09:58:09 +01:00
..
Makefile.am configure: Build hashtable for Xres and glvnd 2020-11-09 09:38:46 +00:00
clientinfo.c glx: Can't mix declarations and code in X.org sources [CVE-2014-8098 pt. 9] 2014-12-09 11:27:26 -08:00
createcontext.c GLX: fix context render type queries 2020-11-26 20:07:55 +00:00
extension_string.c glx: Implement GLX_EXT_get_drawable_type 2020-09-28 17:16:24 +00:00
extension_string.h glx: Implement GLX_EXT_get_drawable_type 2020-09-28 17:16:24 +00:00
glxbyteorder.h Rewrite the byte swapping macros. 2017-04-25 15:01:23 -07:00
glxcmds.c glx: Call XACE hooks on the GLX buffer 2024-01-16 09:58:09 +01:00
glxcmdsswap.c glx: Use vnd layer for dispatch (v4) 2018-02-14 17:04:44 -05:00
glxcontext.h GLX: fix context render type queries 2020-11-26 20:07:55 +00:00
glxdrawable.h Add Windows-DRI extension 2016-09-15 20:10:29 +01:00
glxdri2.c Revert "dri2: Don't make reference to noClientException" 2020-01-28 13:26:41 -05:00
glxdricommon.c glx/dri: Filter out fbconfigs that don't have a supported pixmap format 2022-01-01 14:46:19 +02:00
glxdricommon.h glx: remove unused systemTimeExtension 2017-09-08 11:23:35 -07:00
glxdriswrast.c dix: Call SourceValidate before GetImage 2019-10-30 16:26:01 +00:00
glxext.c glx: Require depth > 12 for GLX visuals 2018-04-24 14:36:04 -04:00
glxext.h glx: Fix GLX_CONTEXT_RELEASE_BEHAVIOR_ARB handling 2019-05-01 14:38:09 +00:00
glxscreens.c glx: Do not call into Composite if it is disabled. 2018-04-10 14:37:47 -04:00
glxscreens.h glx: Use vnd layer for dispatch (v4) 2018-02-14 17:04:44 -05:00
glxserver.h glx: Enable GLX_ARB_create_context_no_error (v2) 2018-02-26 10:18:58 -05:00
glxutil.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
indirect_dispatch.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_dispatch.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_dispatch_swap.c glx: Remove unused bswap_CARD64 2020-11-30 16:22:26 +00:00
indirect_program.c glx: Remove True/False defines 2017-08-21 10:12:54 -04:00
indirect_reqsize.c glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8] 2014-12-08 18:09:50 -08:00
indirect_reqsize.h glx: Pass remaining request length into ->varsize (v2) [CVE-2014-8098 8/8] 2014-12-08 18:09:50 -08:00
indirect_size.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size_get.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_size_get.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_table.c Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_table.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
indirect_texture_compression.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
indirect_util.c Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
indirect_util.h Drop trailing whitespaces 2014-11-12 10:25:00 +10:00
meson.build meson: hide C API if Xorg is disabled (like autotools) 2021-03-11 00:22:36 +00:00
render2.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
render2swap.c glx: Convert non-generated function pointer thunking 2013-12-10 08:02:42 -08:00
renderpix.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
renderpixswap.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
rensize.c glx: Synchronize Xserver glx/rensize.c with mesa src/glx/compsize.c 2015-10-06 11:15:31 -04:00
single2.c glx: Remove some unused stuff from glxserver.h 2017-08-21 10:13:04 -04:00
single2swap.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
singlepix.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
singlepixswap.c glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
singlesize.c glx: convert to direct GL dispatch (v2) 2013-10-29 12:29:16 -04:00
singlesize.h Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
swap_interval.c glx: Length-checking for non-generated vendor private requests [CVE-2014-8098 6/8] 2014-12-08 18:09:50 -08:00
unpack.h glx: Remove __glXReply 2017-06-20 16:39:23 -04:00
vnd_dispatch_stubs.c glx: Import glxvnd server module (v2) 2018-02-14 17:04:35 -05:00
vndcmds.c glx: Check for byte-swapping in SetReplyHeader 2021-05-30 13:49:37 -07:00
vndext.c GLX: Set GlxServerExports::{major,minor}Version 2019-05-21 10:50:42 -07:00
vndserver.h GLX: Add a function to change a clients vendor list. 2019-05-17 08:25:28 -07:00
vndservermapping.c GLX: Add a function to change a clients vendor list. 2019-05-17 08:25:28 -07:00
vndservervendor.c glx: Import glxvnd server module (v2) 2018-02-14 17:04:35 -05:00
vndservervendor.h glx: Import glxvnd server module (v2) 2018-02-14 17:04:35 -05:00
xfont.c glx: Use vnd layer for dispatch (v4) 2018-02-14 17:04:44 -05:00