From a5c091e3026eb41d3a4daef3db95b47a3445aa11 Mon Sep 17 00:00:00 2001
From: Tobias Blass <tobiasblass@t-online.de>
Date: Wed, 13 Jun 2018 00:39:24 +0200
Subject: [PATCH 1/3] Perform (partial) server initialization before dropping
 privileges.

Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
---
 include/sway/server.h |  2 ++
 sway/main.c           |  5 +++++
 sway/server.c         | 11 ++++++++---
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/include/sway/server.h b/include/sway/server.h
index 65d96e7a..963d4dc1 100644
--- a/include/sway/server.h
+++ b/include/sway/server.h
@@ -47,6 +47,8 @@ struct sway_server {
 
 struct sway_server server;
 
+/* Prepares an unprivileged server_init by performing all privileged operations in advance */
+bool server_privileged_prepare(struct sway_server *server);
 bool server_init(struct sway_server *server);
 void server_fini(struct sway_server *server);
 void server_run(struct sway_server *server);
diff --git a/sway/main.c b/sway/main.c
index a7e808ad..a325dc3a 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -359,6 +359,11 @@ int main(int argc, char **argv) {
 
 	executable_sanity_check();
 	bool suid = false;
+
+	if (!server_privileged_prepare(&server)) {
+		return 1;
+	}
+
 #ifdef __linux__
 	if (getuid() != geteuid() || getgid() != getegid()) {
 		// Retain capabilities after setuid()
diff --git a/sway/server.c b/sway/server.c
index 824b1d8e..4745ab6e 100644
--- a/sway/server.c
+++ b/sway/server.c
@@ -25,9 +25,8 @@
 #include "sway/tree/layout.h"
 
 
-bool server_init(struct sway_server *server) {
-	wlr_log(L_DEBUG, "Initializing Wayland server");
-
+bool server_privileged_prepare(struct sway_server *server) {
+	wlr_log(L_DEBUG, "Preparing Wayland server initialization");
 	server->wl_display = wl_display_create();
 	server->wl_event_loop = wl_display_get_event_loop(server->wl_display);
 	server->backend = wlr_backend_autocreate(server->wl_display, NULL);
@@ -36,6 +35,12 @@ bool server_init(struct sway_server *server) {
 		wlr_log(L_ERROR, "Unable to create backend");
 		return false;
 	}
+	return true;
+}
+
+bool server_init(struct sway_server *server) {
+	wlr_log(L_DEBUG, "Initializing Wayland server");
+
 	struct wlr_renderer *renderer = wlr_backend_get_renderer(server->backend);
 	assert(renderer);
 

From aa9f058e3e8c49be88cadbf506d0c089795968b3 Mon Sep 17 00:00:00 2001
From: Rostislav Pehlivanov <atomnuker@gmail.com>
Date: Fri, 22 Jun 2018 13:44:16 +0100
Subject: [PATCH 2/3] Init the dmabuf exporting protocol in wlroots

Allows desktop capture via the dmabuf-capture wlroots example client.
---
 sway/server.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sway/server.c b/sway/server.c
index 824b1d8e..8af0bc5b 100644
--- a/sway/server.c
+++ b/sway/server.c
@@ -11,6 +11,7 @@
 #include <wlr/types/wlr_idle.h>
 #include <wlr/types/wlr_layer_shell.h>
 #include <wlr/types/wlr_linux_dmabuf.h>
+#include <wlr/types/wlr_export_dmabuf_v1.h>
 #include <wlr/types/wlr_primary_selection.h>
 #include <wlr/types/wlr_screenshooter.h>
 #include <wlr/types/wlr_server_decoration.h>
@@ -97,6 +98,7 @@ bool server_init(struct sway_server *server) {
 		deco_manager, WLR_SERVER_DECORATION_MANAGER_MODE_SERVER);
 
 	wlr_linux_dmabuf_create(server->wl_display, renderer);
+	wlr_export_dmabuf_manager_v1_create(server->wl_display);
 
 	server->socket = wl_display_add_socket_auto(server->wl_display);
 	if (!server->socket) {

From ad085c13325d17a242a813879b8574ba3dd43cc7 Mon Sep 17 00:00:00 2001
From: ael-code <tommy.ael@gmail.com>
Date: Fri, 22 Jun 2018 15:41:44 +0200
Subject: [PATCH 3/3] bugfix: avoid access after free

if src is NULL due to a previous error we cannot use it in the command
result string.

Moreover if `src` points to `p.we_wordv[0]` we cannot use it after
`wordfree(&p)` in the command result string.

Bonus feature: If there was an error accessing the file, the string
rapresentation of the error is now included in the command result
string.
---
 sway/commands/output/background.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/sway/commands/output/background.c b/sway/commands/output/background.c
index 0c5c164f..82bccf68 100644
--- a/sway/commands/output/background.c
+++ b/sway/commands/output/background.c
@@ -3,6 +3,7 @@
 #include <strings.h>
 #include <unistd.h>
 #include <wordexp.h>
+#include <errno.h>
 #include "sway/commands.h"
 #include "sway/config.h"
 #include "log.h"
@@ -71,21 +72,27 @@ struct cmd_results *output_cmd_background(int argc, char **argv) {
 			if (conf) {
 				char *conf_path = dirname(conf);
 				src = malloc(strlen(conf_path) + strlen(src) + 2);
-				if (src) {
-					sprintf(src, "%s/%s", conf_path, p.we_wordv[0]);
-				} else {
+				if (!src) {
+					free(conf);
+					wordfree(&p);
 					wlr_log(L_ERROR,
-						"Unable to allocate background source");
+						"Unable to allocate resource: Not enough memory");
+					return cmd_results_new(CMD_FAILURE, "output",
+						"Unable to allocate resources");
 				}
+				sprintf(src, "%s/%s", conf_path, p.we_wordv[0]);
 				free(conf);
 			} else {
 				wlr_log(L_ERROR, "Unable to allocate background source");
 			}
 		}
-		if (!src || access(src, F_OK) == -1) {
+
+		if (access(src, F_OK) == -1) {
+			struct cmd_results *cmd_res = cmd_results_new(CMD_FAILURE, "output",
+				"Unable to access background file '%s': %s", src, strerror(errno));
+			free(src);
 			wordfree(&p);
-			return cmd_results_new(CMD_INVALID, "output",
-				"Background file unreadable (%s).", src);
+			return cmd_res;
 		}
 
 		output->background = strdup(src);