xorg-x11-server-Xwayland/0003-Disallow-byte-swapped-clients-by-default.patch

118 lines
4.4 KiB
Diff
Raw Normal View History

From 068862767ef95ebc54977e1df49ab700c20ae347 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 20 Dec 2022 10:42:03 +1000
Subject: [PATCH xserver 3/3] Disallow byte-swapped clients by default
The X server swapping code is a huge attack surface, much of this code
is untested and prone to security issues. The use-case of byte-swapped
clients is very niche, so let's disable this by default and allow it
only when the respective config option or commandline flag is given.
For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on".
For all DDX, this adds the commandline options +byteswappedclients and
-byteswappedclients to enable or disable, respectively.
Fixes #1201
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1029
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 412777664a20dd3561b936c02c96571a756fe9b2)
---
dix/dispatch.c | 4 +++-
hw/xwayland/xwayland.pc.in | 1 +
include/opaque.h | 2 ++
man/Xserver.man | 6 ++++++
os/utils.c | 9 +++++++++
5 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 2efa2dcf1..0570ec07c 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -3777,7 +3777,9 @@ ProcEstablishConnection(ClientPtr client)
prefix = (xConnClientPrefix *) ((char *) stuff + sz_xReq);
- if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix +
+ if (client->swapped && !AllowByteSwappedClients) {
+ reason = "Prohibited client endianess, see the Xserver man page ";
+ } else if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix +
pad_to_int32(prefix->nbytesAuthProto) +
pad_to_int32(prefix->nbytesAuthString))
reason = "Bad length";
diff --git a/hw/xwayland/xwayland.pc.in b/hw/xwayland/xwayland.pc.in
index 9d727b002..e920d7608 100644
--- a/hw/xwayland/xwayland.pc.in
+++ b/hw/xwayland/xwayland.pc.in
@@ -12,3 +12,4 @@ have_listenfd=true
have_verbose=true
have_terminate_delay=true
have_no_touch_pointer_emulation=true
+have_byteswappedclients=true
diff --git a/include/opaque.h b/include/opaque.h
index 256261c2a..398d4b4e5 100644
--- a/include/opaque.h
+++ b/include/opaque.h
@@ -74,4 +74,6 @@ extern _X_EXPORT Bool bgNoneRoot;
extern _X_EXPORT Bool CoreDump;
extern _X_EXPORT Bool NoListenAll;
+extern _X_EXPORT Bool AllowByteSwappedClients;
+
#endif /* OPAQUE_H */
diff --git a/man/Xserver.man b/man/Xserver.man
index 764bd1d90..e7adf9eb3 100644
--- a/man/Xserver.man
+++ b/man/Xserver.man
@@ -114,6 +114,12 @@ pattern. This is the default unless -retro or -wr is specified.
.B \-bs
disables backing store support on all screens.
.TP 8
+.B \+byteswappedclients
+Allow connections from clients with an endianess different to that of the server.
+.TP 8
+.B \-byteswappedclients
+Prohibit connections from clients with an endianess different to that of the server.
+.TP 8
.B \-c
turns off key-click.
.TP 8
diff --git a/os/utils.c b/os/utils.c
index c9a8e7367..6f5e64cee 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -189,6 +189,8 @@ Bool CoreDump;
Bool enableIndirectGLX = FALSE;
+Bool AllowByteSwappedClients = FALSE;
+
#ifdef PANORAMIX
Bool PanoramiXExtensionDisabledHack = FALSE;
#endif
@@ -523,6 +525,8 @@ UseMsg(void)
ErrorF("-br create root window with black background\n");
ErrorF("+bs enable any backing store support\n");
ErrorF("-bs disable any backing store support\n");
+ ErrorF("+byteswappedclients Allow clients with endianess different to that of the server\n");
+ ErrorF("-byteswappedclients Prohibit clients with endianess different to that of the server\n");
ErrorF("-c turns off key-click\n");
ErrorF("c # key-click volume (0-100)\n");
ErrorF("-cc int default color visual class\n");
@@ -720,6 +724,11 @@ ProcessCommandLine(int argc, char *argv[])
else
UseMsg();
}
+ else if (strcmp(argv[i], "-byteswappedclients") == 0) {
+ AllowByteSwappedClients = FALSE;
+ } else if (strcmp(argv[i], "+byteswappedclients") == 0) {
+ AllowByteSwappedClients = TRUE;
+ }
else if (strcmp(argv[i], "-br") == 0); /* default */
else if (strcmp(argv[i], "+bs") == 0)
enableBackingStore = TRUE;
--
2.39.0