From ec7e2b54c5b4a34b2a077082967bc3ead30e227e Mon Sep 17 00:00:00 2001 From: Alexander Volkov Date: Tue, 5 Jun 2018 13:05:39 +0300 Subject: [PATCH] Xext/shm: Refuse to work for remote clients Avoid access to System V shared memory segment on the X server side for clients forwarded via SSH. Also prevent them from hanging while waiting for the reply from the ShmCreateSegment request. v2: Allow ShmQueryVersion request even for remote clients Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=11080 Signed-off-by: Alexander Volkov Reviewed-by: Adam Jackson --- Xext/shm.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/Xext/shm.c b/Xext/shm.c index fc8441c43..896a966e3 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -1302,9 +1302,14 @@ static int ProcShmDispatch(ClientPtr client) { REQUEST(xReq); - switch (stuff->data) { - case X_ShmQueryVersion: + + if (stuff->data == X_ShmQueryVersion) return ProcShmQueryVersion(client); + + if (!client->local) + return BadRequest; + + switch (stuff->data) { case X_ShmAttach: return ProcShmAttach(client); case X_ShmDetach: @@ -1461,9 +1466,14 @@ static int _X_COLD SProcShmDispatch(ClientPtr client) { REQUEST(xReq); - switch (stuff->data) { - case X_ShmQueryVersion: + + if (stuff->data == X_ShmQueryVersion) return SProcShmQueryVersion(client); + + if (!client->local) + return BadRequest; + + switch (stuff->data) { case X_ShmAttach: return SProcShmAttach(client); case X_ShmDetach: -- 2.16.3