From: Michael R Sweet Date: Thu, 22 Feb 2018 18:14:31 +0000 (-0500) Subject: Temp files could not be created in some sandboxed applications (rdar://37789645) X-Git-Tag: v2.3b4~52 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0bb02bfa09dbd0d4b6bf547467ba17a0ab92ced3;p=thirdparty%2Fcups.git Temp files could not be created in some sandboxed applications (rdar://37789645) cups/tempfile.c: - Use confstr to get the user temp dir when TMPDIR isn't set or we are not being run from cupsd. --- diff --git a/CHANGES.md b/CHANGES.md index 3c74c21339..b860bbdfd2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,4 +1,4 @@ -CHANGES - 2.3rc1 - 2018-02-20 +CHANGES - 2.3rc1 - 2018-02-22 ============================= Changes in CUPS v2.3rc1 @@ -10,6 +10,8 @@ Changes in CUPS v2.3rc1 print queues like those shared by CUPS 1.3 and earlier (Issue #5241) - The IPP backend did not properly detect failed PDF prints (rdar://34055474) - TLS connections now properly timeout (rdar://34938533) +- Temp files could not be created in some sandboxed applications + (rdar://37789645) - Documentation fixes (Issue #5252) diff --git a/cups/tempfile.c b/cups/tempfile.c index cd887f901e..97972bd829 100644 --- a/cups/tempfile.c +++ b/cups/tempfile.c @@ -1,10 +1,11 @@ /* * Temp file utilities for CUPS. * - * Copyright 2007-2014 by Apple Inc. - * Copyright 1997-2006 by Easy Software Products. + * Copyright © 2007-2018 by Apple Inc. + * Copyright © 1997-2006 by Easy Software Products. * - * Licensed under Apache License v2.0. See the file "LICENSE" for more information. + * Licensed under Apache License v2.0. See the file "LICENSE" for more + * information. */ /* @@ -36,8 +37,10 @@ cupsTempFd(char *filename, /* I - Pointer to buffer */ int fd; /* File descriptor for temp file */ int tries; /* Number of tries */ const char *tmpdir; /* TMPDIR environment var */ +#if defined(__APPLE__) || defined(WIN32) + char tmppath[1024]; /* Temporary directory */ +#endif /* __APPLE__ || WIN32 */ #ifdef WIN32 - char tmppath[1024]; /* Windows temporary directory */ DWORD curtime; /* Current time */ #else struct timeval curtime; /* Current time */ @@ -54,6 +57,27 @@ cupsTempFd(char *filename, /* I - Pointer to buffer */ GetTempPath(sizeof(tmppath), tmppath); tmpdir = tmppath; } + +#elif defined(__APPLE__) + /* + * On macOS and iOS, the TMPDIR environment variable is not always the best + * location to place temporary files due to sandboxing. Instead, the confstr + * function should be called when running as a normal process (not a child of + * cupsd) to get the proper per-user, per-process TMPDIR value. We know + * whether the process is running as a child of cupsd by the presence of the + * "SOFTWARE" environment variable that cupsd sets. + */ + + tmpdir = getenv("TMPDIR"); + + if (!getenv("SOFTWARE") || !tmpdir) + { + if (confstr(_CS_DARWIN_USER_TEMP_DIR, tmppath, sizeof(tmppath))) + tmpdir = tmppath; + else + tmpdir = "/private/tmp"; /* This should never happen */ + } + #else /* * Previously we put root temporary files in the default CUPS temporary @@ -63,11 +87,7 @@ cupsTempFd(char *filename, /* I - Pointer to buffer */ */ if ((tmpdir = getenv("TMPDIR")) == NULL) -# if defined(__APPLE__) && !TARGET_OS_IOS - tmpdir = "/private/tmp"; /* /tmp is a symlink to /private/tmp */ -# else tmpdir = "/tmp"; -# endif /* __APPLE__ && !TARGET_OS_IOS */ #endif /* WIN32 */ /*