edquota doesn't check return code properly

  • johndamm

      246     if (getuid() == geteuid() && getgid() == getegid())
      247         tmpdir = getenv("TMPDIR");
      248     if (!tmpdir)
      249         tmpdir = _PATH_TMP;
      250     tmpfil = smalloc(strlen(tmpdir) + strlen("/EdP.aXXXXXX") + 1);
      251     strcpy(tmpfil, tmpdir);
      252     strcat(tmpfil, "/EdP.aXXXXXX");
      253     tmpfd = mkstemp(tmpfil);
      254     fchown(tmpfd, getuid(), getgid());
      255     ret = 0;

    From the snippet above it is seen that no check is made for a successfull return from mkstemp() and fchown().

    This error probably goes undetected until the user defines the environment variable TMPDIR to a none existing directory. In such case tmpfd is set to -1 and fchown() fails with "Illegal file handle", but since there is no check here either the -1 filehandle ripples through the code until its finally caught in quotaops.c where tmpfd becomes outfd:

      256     ftruncate(outfd, 0);
      257     lseek(outfd, 0, SEEK_SET);
      258     if (!(fd = fdopen(dup(outfd), "w")))
      259         die(1, _("Cannot duplicate descriptor of file to write to: %s\n"), strerror(errno));

    Please add more thorough error checking in this program.

    John Damm Sørensen

    • Jan Kara
      Jan Kara

      Thanks for spotting the problem. I've fixed it.