From 2881ce563661043ef0ee1163c63c120f3622e6d1 Mon Sep 17 00:00:00 2001 From: Olivier Fourdan Date: Wed, 5 Sep 2018 15:06:55 +0200 Subject: [PATCH xserver] glx: check for indirect context in CreateContextAttribsARB() Commit 99f0365b "Add a command line argument for disabling indirect GLX" added a test to check if indirect context are enabled in `DoCreateContext()` but `__glXDisp_CreateContextAttribsARB()` doesn't use `DoCreateContext()` and doesn't check if indirect context is enabled. As a result, clients can still manage to create indirect contexts using `glXCreateContextAttribsARB()` even if indirect contexts are disabled, which can possibly crash Xservers such as Xwayland or Xephyr when the context is destroyed. To avoid the issue, check for `enableIndirectGLX` in `__glXDisp_CreateContextAttribsARB()` as well. Fixes: 99f0365b "Add a command line argument for disabling indirect GLX" Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107508 Signed-off-by: Olivier Fourdan --- glx/createcontext.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/glx/createcontext.c b/glx/createcontext.c index 7d09c3a1c..24b02ddfb 100644 --- a/glx/createcontext.c +++ b/glx/createcontext.c @@ -28,6 +28,7 @@ #include "glxserver.h" #include "glxext.h" #include "indirect_dispatch.h" +#include "opaque.h" #define ALL_VALID_FLAGS \ (GLX_CONTEXT_DEBUG_BIT_ARB | GLX_CONTEXT_FORWARD_COMPATIBLE_BIT_ARB \ @@ -320,6 +321,17 @@ __glXDisp_CreateContextAttribsARB(__GLXclientState * cl, GLbyte * pc) err = BadAlloc; } else { + /* Only allow creating indirect GLX contexts if allowed by + * server command line. Indirect GLX is of limited use (since + * it's only GL 1.4), it's slower than direct contexts, and + * it's a massive attack surface for buffer overflow type + * errors. + */ + if (!enableIndirectGLX) { + client->errorValue = req->isDirect; + return BadValue; + } + ctx = glxScreen->createContext(glxScreen, config, shareCtx, req->numAttribs, (uint32_t *) attribs, &err); -- 2.19.0.rc1