Last time I trust 'sucess's on a non-context diff...

Pointed out by: Bill Fenner <fenner@parc.xerox.com>
1996-10-22 22:52:37 +00:00 · 1996-10-22 22:52:37 +00:00 · 59faa42d9d
commit 59faa42d9d
parent 6713d4a747
1 changed files with 23 additions and 22 deletions
--- a/libexec/mail.local/mail.local.c
+++ b/libexec/mail.local/mail.local.c
@ -30,7 +30,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: mail.local.c,v 1.7 1996/09/22 21:54:07 wosch Exp $
+ *	$Id: mail.local.c,v 1.8 1996/10/22 21:01:01 scrappy Exp $
 */

 #ifndef lint
@ -197,13 +197,13 @@ void
 deliver(fd, name, nobiff)
 	int fd, nobiff;
 	char *name;
-        uid_t saveeuid;
 {
 	struct stat fsb, sb;
 	struct passwd *pw;
 	int mbfd, nr, nw, off;
 	char biffmsg[100], buf[8*1024], path[MAXPATHLEN];
 	off_t curoff;
+        uid_t saveeuid;

 	/*
 	 * Disallow delivery to unknown names -- special mailboxes can be
@ -233,8 +233,6 @@ deliver(fd, name, nobiff)
 	 * If we created the mailbox, set the owner/group.  If that fails,
 	 * just return.  Another process may have already opened it, so we
 	 * can't unlink it.  Historically, binmail set the owner/group at
-
-	saveeuid=geteuid();
 	 * each mail delivery.  We no longer do this, assuming that if the

 	 * ownership or permissions were changed there was a reason.
@ -242,6 +240,8 @@ deliver(fd, name, nobiff)
 	 * XXX
 	 * open(2) should support flock'ing the file.
 	 */
+
+	saveeuid=geteuid();
 tryagain:
 	if (lstat(path, &sb)) {
 		mbfd = open(path,
@ -249,6 +249,14 @@ tryagain:
 		if (mbfd == -1) {
 			if (errno == EEXIST)

+
+				goto tryagain;
+		} else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) {
+			e_to_sys(errno);
+			warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name);
+			return;
+		}
+
                /* Now that the box is created and permissions are correct, we
                   close it and go back to the top so that we will come in 
                   and write as the user.  We dont seteuid() before the above
@ -257,12 +265,11 @@ tryagain:
                close(mbfd);
                goto tryagain;

-				goto tryagain;
-		} else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) {
-			e_to_sys(errno);
-			warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name);
-			return;
-
+	} else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) {
+		e_to_sys(errno);
+		warn("%s: linked file", path);
+		return;
+	} else {
 		/* Become the user, so quota enforcement will occur */

 		if(seteuid(pw->pw_uid) != 0) {
@ -270,22 +277,15 @@ tryagain:
 			return;
 		}    

-		}
-	} else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) {
-		e_to_sys(errno);
-		warn("%s: linked file", path);
-		return;
-	} else {
 		mbfd = open(path, O_APPEND|O_WRONLY, 0);
-                        seteuid(saveeuid);
 		if (mbfd != -1 &&
 		    (fstat(mbfd, &fsb) || fsb.st_nlink != 1 ||
 		    S_ISLNK(fsb.st_mode) || sb.st_dev != fsb.st_dev ||
 		    sb.st_ino != fsb.st_ino)) {
 			warn("%s: file changed after open", path);
 			(void)close(mbfd);
+                        seteuid(saveeuid);
 			return;
-                seteuid(saveeuid);

 		}
 	}
@ -294,6 +294,7 @@ tryagain:
 		e_to_sys(errno);
 		warn("%s: %s", path, strerror(errno));
 		return;
+                seteuid(saveeuid);
 	}

 	/* Wait until we can get a lock on the file. */
@ -327,19 +328,16 @@ tryagain:
 	if (nr < 0) {
 		e_to_sys(errno);
 		warn("temporary file: %s", strerror(errno));
-                seteuid(saveeuid);
 err2:		(void)ftruncate(mbfd, curoff);
 err1:		(void)close(mbfd);
+                seteuid(saveeuid);
 		return;
 	}

 #ifndef DONT_FSYNC
 	/* Flush to disk, don't wait for update. */
-                seteuid(saveeuid);
 	if (fsync(mbfd)) {
 		e_to_sys(errno);
-
-        seteuid(saveeuid);
 		warn("%s: %s", path, strerror(errno));
 		goto err2;
 	}
@ -349,9 +347,12 @@ err1:		(void)close(mbfd);
 	if (close(mbfd)) {
 		e_to_sys(errno);
 		warn("%s: %s", path, strerror(errno));
+                seteuid(saveeuid);
 		return;
 	}

+	seteuid(saveeuid);
+
 	if (!nobiff)
 		notifybiff(biffmsg);
 }