CUPS incorrectly used the USER environment variable when the name did not match

the user ID (STR #4327)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11509 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/CHANGES-1.7.txt b/CHANGES-1.7.txt
index d355aa08da597a3dd9c16e302c81488aacfa8066..2762fc7cde8e7e10d07d9fe4e2d27e6aca787be5 100644 (file)
--- a/CHANGES-1.7.txt
+++ b/CHANGES-1.7.txt
@@ -36,6 +36,8 @@ CHANGES IN CUPS V1.7.1
        - lpq and lpstat did not list jobs in the correct order when priorities
          were specified (STR #4326)
        - The D-BUS notifier did not remove its lockfile (STR #4314)
+       - CUPS incorrectly used the USER environment variable when the name did
+         not match the user ID (STR #4327)
 
 
 CHANGES IN CUPS V1.7.0

diff --git a/cups/usersys.c b/cups/usersys.c
index 867226d5b98f6006c4907e78620e0df43b9a6740..16617e900c74bbc0a670697357de2fbfac2347bc 100644 (file)
--- a/cups/usersys.c
+++ b/cups/usersys.c
@@ -850,7 +850,25 @@ _cupsSetDefaults(void)
   cups_expiredcerts   = getenv("CUPS_EXPIREDCERTS");
 
   if ((cups_user = getenv("CUPS_USER")) == NULL)
-    cups_user = getenv("USER");
+  {
+   /*
+    * Try the USER environment variable...
+    */
+
+    if ((cups_user = getenv("USER")) != NULL)
+    {
+     /*
+      * Validate USER matches the current UID, otherwise don't allow it to
+      * override things...  This makes sure that printing after doing su or
+      * sudo records the correct username.
+      */
+
+      struct passwd    *pw;            /* Account information */
+
+      if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
+        cups_user = NULL;
+    }
+  }
 
  /*
   * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf