From a9165d2503ea597a1bb52d9cbae0cd61b9e0a544 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Mon, 23 Mar 2026 10:51:02 +0000
Subject: mkhtemp: fail if TMPDIR is SET, but set wrong

right now we defer to fallbacks otherwise, which
is wrong.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/lib/file.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/util/nvmutil/lib/file.c b/util/nvmutil/lib/file.c
index 786c51fb..6546c252 100644
--- a/util/nvmutil/lib/file.c
+++ b/util/nvmutil/lib/file.c
@@ -453,16 +453,20 @@ env_tmpdir(int bypass_all_sticky_checks)
 	if (t != NULL && *t != '\0') {
 
 		if (tmpdir_policy(t,
-		    &allow_noworld_unsticky) == 0) {
-
-			if (world_writeable_and_sticky(t,
-			    allow_noworld_unsticky,
-			    bypass_all_sticky_checks)) {
+		    &allow_noworld_unsticky) < 0) {
+			errno = EPERM;
+			return NULL; /* errno already set */
+		}
 
-				errno = saved_errno;
-				return t;
-			}
+		if (!world_writeable_and_sticky(t,
+		    allow_noworld_unsticky,
+		    bypass_all_sticky_checks)) {
+			errno = EPERM;
+			return NULL;
 		}
+
+		errno = saved_errno;
+		return t;
 	}
 
 	allow_noworld_unsticky = 0;
-- 
cgit v1.2.1