118 lines
4.4 KiB
Diff
118 lines
4.4 KiB
Diff
|
From 068862767ef95ebc54977e1df49ab700c20ae347 Mon Sep 17 00:00:00 2001
|
||
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
||
|
Date: Tue, 20 Dec 2022 10:42:03 +1000
|
||
|
Subject: [PATCH xserver 3/3] Disallow byte-swapped clients by default
|
||
|
|
||
|
The X server swapping code is a huge attack surface, much of this code
|
||
|
is untested and prone to security issues. The use-case of byte-swapped
|
||
|
clients is very niche, so let's disable this by default and allow it
|
||
|
only when the respective config option or commandline flag is given.
|
||
|
|
||
|
For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on".
|
||
|
For all DDX, this adds the commandline options +byteswappedclients and
|
||
|
-byteswappedclients to enable or disable, respectively.
|
||
|
|
||
|
Fixes #1201
|
||
|
|
||
|
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1029
|
||
|
|
||
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||
|
(cherry picked from commit 412777664a20dd3561b936c02c96571a756fe9b2)
|
||
|
---
|
||
|
dix/dispatch.c | 4 +++-
|
||
|
hw/xwayland/xwayland.pc.in | 1 +
|
||
|
include/opaque.h | 2 ++
|
||
|
man/Xserver.man | 6 ++++++
|
||
|
os/utils.c | 9 +++++++++
|
||
|
5 files changed, 21 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/dix/dispatch.c b/dix/dispatch.c
|
||
|
index 2efa2dcf1..0570ec07c 100644
|
||
|
--- a/dix/dispatch.c
|
||
|
+++ b/dix/dispatch.c
|
||
|
@@ -3777,7 +3777,9 @@ ProcEstablishConnection(ClientPtr client)
|
||
|
|
||
|
prefix = (xConnClientPrefix *) ((char *) stuff + sz_xReq);
|
||
|
|
||
|
- if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix +
|
||
|
+ if (client->swapped && !AllowByteSwappedClients) {
|
||
|
+ reason = "Prohibited client endianess, see the Xserver man page ";
|
||
|
+ } else if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix +
|
||
|
pad_to_int32(prefix->nbytesAuthProto) +
|
||
|
pad_to_int32(prefix->nbytesAuthString))
|
||
|
reason = "Bad length";
|
||
|
diff --git a/hw/xwayland/xwayland.pc.in b/hw/xwayland/xwayland.pc.in
|
||
|
index 9d727b002..e920d7608 100644
|
||
|
--- a/hw/xwayland/xwayland.pc.in
|
||
|
+++ b/hw/xwayland/xwayland.pc.in
|
||
|
@@ -12,3 +12,4 @@ have_listenfd=true
|
||
|
have_verbose=true
|
||
|
have_terminate_delay=true
|
||
|
have_no_touch_pointer_emulation=true
|
||
|
+have_byteswappedclients=true
|
||
|
diff --git a/include/opaque.h b/include/opaque.h
|
||
|
index 256261c2a..398d4b4e5 100644
|
||
|
--- a/include/opaque.h
|
||
|
+++ b/include/opaque.h
|
||
|
@@ -74,4 +74,6 @@ extern _X_EXPORT Bool bgNoneRoot;
|
||
|
extern _X_EXPORT Bool CoreDump;
|
||
|
extern _X_EXPORT Bool NoListenAll;
|
||
|
|
||
|
+extern _X_EXPORT Bool AllowByteSwappedClients;
|
||
|
+
|
||
|
#endif /* OPAQUE_H */
|
||
|
diff --git a/man/Xserver.man b/man/Xserver.man
|
||
|
index 764bd1d90..e7adf9eb3 100644
|
||
|
--- a/man/Xserver.man
|
||
|
+++ b/man/Xserver.man
|
||
|
@@ -114,6 +114,12 @@ pattern. This is the default unless -retro or -wr is specified.
|
||
|
.B \-bs
|
||
|
disables backing store support on all screens.
|
||
|
.TP 8
|
||
|
+.B \+byteswappedclients
|
||
|
+Allow connections from clients with an endianess different to that of the server.
|
||
|
+.TP 8
|
||
|
+.B \-byteswappedclients
|
||
|
+Prohibit connections from clients with an endianess different to that of the server.
|
||
|
+.TP 8
|
||
|
.B \-c
|
||
|
turns off key-click.
|
||
|
.TP 8
|
||
|
diff --git a/os/utils.c b/os/utils.c
|
||
|
index c9a8e7367..6f5e64cee 100644
|
||
|
--- a/os/utils.c
|
||
|
+++ b/os/utils.c
|
||
|
@@ -189,6 +189,8 @@ Bool CoreDump;
|
||
|
|
||
|
Bool enableIndirectGLX = FALSE;
|
||
|
|
||
|
+Bool AllowByteSwappedClients = FALSE;
|
||
|
+
|
||
|
#ifdef PANORAMIX
|
||
|
Bool PanoramiXExtensionDisabledHack = FALSE;
|
||
|
#endif
|
||
|
@@ -523,6 +525,8 @@ UseMsg(void)
|
||
|
ErrorF("-br create root window with black background\n");
|
||
|
ErrorF("+bs enable any backing store support\n");
|
||
|
ErrorF("-bs disable any backing store support\n");
|
||
|
+ ErrorF("+byteswappedclients Allow clients with endianess different to that of the server\n");
|
||
|
+ ErrorF("-byteswappedclients Prohibit clients with endianess different to that of the server\n");
|
||
|
ErrorF("-c turns off key-click\n");
|
||
|
ErrorF("c # key-click volume (0-100)\n");
|
||
|
ErrorF("-cc int default color visual class\n");
|
||
|
@@ -720,6 +724,11 @@ ProcessCommandLine(int argc, char *argv[])
|
||
|
else
|
||
|
UseMsg();
|
||
|
}
|
||
|
+ else if (strcmp(argv[i], "-byteswappedclients") == 0) {
|
||
|
+ AllowByteSwappedClients = FALSE;
|
||
|
+ } else if (strcmp(argv[i], "+byteswappedclients") == 0) {
|
||
|
+ AllowByteSwappedClients = TRUE;
|
||
|
+ }
|
||
|
else if (strcmp(argv[i], "-br") == 0); /* default */
|
||
|
else if (strcmp(argv[i], "+bs") == 0)
|
||
|
enableBackingStore = TRUE;
|
||
|
--
|
||
|
2.39.0
|
||
|
|