246 if (getuid() == geteuid() && getgid() == getegid())
247 tmpdir = getenv("TMPDIR");
248 if (!tmpdir)
249 tmpdir = _PATH_TMP;
250 tmpfil = smalloc(strlen(tmpdir) + strlen("/EdP.aXXXXXX") + 1);
251 strcpy(tmpfil, tmpdir);
252 strcat(tmpfil, "/EdP.aXXXXXX");
253 tmpfd = mkstemp(tmpfil);
254 fchown(tmpfd, getuid(), getgid());
255 ret = 0;
From the snippet above it is seen that no check is made for a successfull return from mkstemp() and fchown().
This error probably goes undetected until the user defines the environment variable TMPDIR to a none existing directory. In such case tmpfd is set to -1 and fchown() fails with "Illegal file handle", but since there is no check here either the -1 filehandle ripples through the code until its finally caught in quotaops.c where tmpfd becomes outfd:
256 ftruncate(outfd, 0);
257 lseek(outfd, 0, SEEK_SET);
258 if (!(fd = fdopen(dup(outfd), "w")))
259 die(1, _("Cannot duplicate descriptor of file to write to: %s\n"), strerror(errno));
Please add more thorough error checking in this program.
John Damm Sørensen
Thanks for spotting the problem. I've fixed it.