1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/* Test that openat_safer leave standard fds alone.
Copyright (C) 2009-2023 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* Written by Eric Blake <ebb9@byu.net>, 2009. */
#include <config.h>
#include "fcntl--.h"
#include <errno.h>
#include <stdio.h>
#include <sys/stat.h>
#include <unistd.h>
/* This test intentionally closes stderr. So, we arrange to have fd 10
(outside the range of interesting fd's during the test) set up to
duplicate the original stderr. */
#define BACKUP_STDERR_FILENO 10
#define ASSERT_STREAM myerr
#include "macros.h"
static FILE *myerr;
#define witness "test-openat-safer.txt"
int
main (void)
{
int i;
int j;
int dfd;
int fd;
char buf[2];
/* We close fd 2 later, so save it in fd 10. */
if (dup2 (STDERR_FILENO, BACKUP_STDERR_FILENO) != BACKUP_STDERR_FILENO
|| (myerr = fdopen (BACKUP_STDERR_FILENO, "w")) == NULL)
return 2;
/* Create handle for future use. */
dfd = openat (AT_FDCWD, ".", O_RDONLY);
ASSERT (STDERR_FILENO < dfd);
/* Create file for later checks. */
remove (witness);
fd = openat (dfd, witness, O_WRONLY | O_CREAT | O_EXCL, 0600);
ASSERT (STDERR_FILENO < fd);
ASSERT (write (fd, "hi", 2) == 2);
ASSERT (close (fd) == 0);
/* Four iterations, with progressively more standard descriptors
closed. */
for (i = -1; i <= STDERR_FILENO; i++)
{
ASSERT (fchdir (dfd) == 0);
if (0 <= i)
ASSERT (close (i) == 0);
/* Execute once in ".", once in "..". */
for (j = 0; j <= 1; j++)
{
if (j)
ASSERT (chdir ("..") == 0);
/* Check for error detection. */
errno = 0;
ASSERT (openat (AT_FDCWD, "", O_RDONLY) == -1);
ASSERT (errno == ENOENT);
errno = 0;
ASSERT (openat (dfd, "", O_RDONLY) == -1);
ASSERT (errno == ENOENT);
errno = 0;
ASSERT (openat (-1, ".", O_RDONLY) == -1);
ASSERT (errno == EBADF);
/* Check for trailing slash and /dev/null handling. */
errno = 0;
ASSERT (openat (dfd, "nonexist.ent/", O_CREAT | O_RDONLY,
S_IRUSR | S_IWUSR) == -1);
ASSERT (errno == ENOTDIR || errno == EISDIR || errno == ENOENT
|| errno == EINVAL);
errno = 0;
ASSERT (openat (dfd, witness "/", O_RDONLY) == -1);
ASSERT (errno == ENOTDIR || errno == EISDIR || errno == EINVAL);
#if defined __linux__ || defined __ANDROID__
/* Using a bad directory is okay for absolute paths. */
fd = openat (-1, "/dev/null", O_WRONLY);
ASSERT (STDERR_FILENO < fd);
#endif
/* Using a non-directory is wrong for relative paths. */
errno = 0;
fd = open ("/dev/null", O_RDONLY);
ASSERT (STDERR_FILENO < fd);
ASSERT (openat (fd, ".", O_RDONLY) == -1);
ASSERT (errno == EBADF || errno == ENOTDIR);
ASSERT (close (fd) == 0);
/* Check for our witness file. */
fd = openat (dfd, witness, O_RDONLY | O_NOFOLLOW);
ASSERT (STDERR_FILENO < fd);
ASSERT (read (fd, buf, 2) == 2);
ASSERT (buf[0] == 'h' && buf[1] == 'i');
ASSERT (close (fd) == 0);
}
}
ASSERT (fchdir (dfd) == 0);
ASSERT (unlink (witness) == 0);
ASSERT (close (dfd) == 0);
return 0;
}
|