Add sudo_closefrom() regression test.

MANIFEST

@@ -263,6 +263,7 @@ lib/util/pwrite.c
 lib/util/rcstr.c
 lib/util/reallocarray.c
 lib/util/regex.c
+lib/util/regress/closefrom/closefrom_test.c
 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1
 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2
 lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3

configure

@@ -23111,6 +23111,7 @@ fi
 done
 
 fi
+    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }closefrom_test"
 
 fi
 

configure.ac

@@ -2923,6 +2923,7 @@ AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom)
     ], [
 #	include <limits.h>
 #	include <fcntl.h> ])
+    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }closefrom_test"
 ])
 AC_CHECK_FUNCS([mkstemps mkdtemp], [], [break])
 if test X"$ac_cv_func_mkstemps$ac_cv_func_mkdtemp" != X"yesyes"; then

lib/util/Makefile.in

@@ -156,6 +156,8 @@ PARSELN_TEST_OBJS = parseln_test.lo parseln.lo
 
 PROGNAME_TEST_OBJS = progname_test.lo progname.lo basename.lo
 
+CLOSEFROM_TEST_OBJS = closefrom_test.lo closefrom.lo
+
 CONF_TEST_OBJS = conf_test.lo sudo_conf.lo
 
 HLTQ_TEST_OBJS = hltq_test.lo
@@ -261,6 +263,9 @@ mksiglist.h: $(srcdir)/sys_siglist.h
 mksigname.h: $(srcdir)/sys_signame.h
 	$(CPP) $(CPPFLAGS) $(srcdir)/sys_signame.h | $(SED) -e '1,/^int sudo_end_of_headers;/d' -e '/^#/d' > mksigname.h
 
+closefrom_test: $(CLOSEFROM_TEST_OBJS) libsudo_util.la
+	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CLOSEFROM_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
 conf_test: $(CONF_TEST_OBJS) libsudo_util.la
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libsudo_util.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
 
@@ -414,6 +419,9 @@ check: $(TEST_PROGS) check-fuzzer
 	    MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \
 	    MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \
 	    rval=0; \
+	    if test -f closefrom_test; then \
+		./closefrom_test || rval=`expr $$rval + $$?`; \
+	    fi; \
 	    if test -f parse_gids_test; then \
 		./parse_gids_test || rval=`expr $$rval + $$?`; \
 	    fi; \
@@ -549,6 +557,18 @@ closefrom.i: $(srcdir)/closefrom.c $(incdir)/compat/stdbool.h \
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 closefrom.plog: closefrom.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/closefrom.c --i-file $< --output-file $@
+closefrom_test.lo: $(srcdir)/regress/closefrom/closefrom_test.c \
+                   $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                   $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
+                   $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/closefrom/closefrom_test.c
+closefrom_test.i: $(srcdir)/regress/closefrom/closefrom_test.c \
+                   $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
+                   $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
+                   $(incdir)/sudo_util.h $(top_builddir)/config.h
+	$(CC) -E -o $@ $(CPPFLAGS) $<
+closefrom_test.plog: closefrom_test.i
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/closefrom/closefrom_test.c --i-file $< --output-file $@
 conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c \
               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
               $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
@@ -1172,12 +1192,12 @@ reallocarray.i: $(srcdir)/reallocarray.c $(incdir)/sudo_compat.h \
 reallocarray.plog: reallocarray.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/reallocarray.c --i-file $< --output-file $@
 regex.lo: $(srcdir)/regex.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-          $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-          $(top_builddir)/config.h
+          $(incdir)/sudo_debug.h $(incdir)/sudo_gettext.h \
+          $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regex.c
 regex.i: $(srcdir)/regex.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-          $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
-          $(top_builddir)/config.h
+          $(incdir)/sudo_debug.h $(incdir)/sudo_gettext.h \
+          $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h
 	$(CC) -E -o $@ $(CPPFLAGS) $<
 regex.plog: regex.i
 	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regex.c --i-file $< --output-file $@

lib/util/regress/closefrom/closefrom_test.c

@@ -0,0 +1,107 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2022 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define SUDO_ERROR_WRAP 0
+
+#include "sudo_compat.h"
+#include "sudo_fatal.h"
+#include "sudo_util.h"
+
+sudo_dso_public int main(int argc, char *argv[]);
+
+/*
+ * Test that sudo_closefrom() works as expected.
+ */
+
+int
+main(int argc, char *argv[])
+{
+    int fds[2], flag, maxfd, minfd, errors = 0, ntests = 0;
+    initprogname(argc > 0 ? argv[0] : "closefrom_test");
+
+    /* We use pipe() because it doesn't rely on the filesystem. */
+    ntests++;
+    if (pipe(fds) == -1) {
+	sudo_warn("%s", "pipe");
+	errors++;
+	goto done;
+    }
+    maxfd = MAX(fds[0], fds[1]);
+    minfd = MIN(fds[0], fds[1]);
+
+    /* Close any fds greater than fds[0] and fds[1]. */
+    sudo_closefrom(maxfd + 1);
+
+    /* Verify that sudo_closefrom() didn't close fds[0] or fds[1]. */
+    ntests++;
+    if (fcntl(fds[0], F_GETFL, 0) == -1) {
+	sudo_warnx("fd %d closed prematurely", fds[0]);
+	errors++;
+	goto done;
+    }
+    ntests++;
+    if (fcntl(fds[1], F_GETFL, 0) == -1) {
+	sudo_warnx("fd %d closed prematurely", fds[1]);
+	errors++;
+	goto done;
+    }
+
+    /* Close fds[0], fds[1] and above. */
+    sudo_closefrom(minfd);
+
+    /* Verify that sudo_closefrom() closed both fds. */
+    ntests++;
+    flag = fcntl(fds[0], F_GETFD, 0);
+#ifdef __APPLE__
+    /* We only set the close-on-exec flag on macOS. */
+    if (flag == 1)
+	flag = -1;
+#endif
+    if (flag != -1) {
+	sudo_warnx("fd %d still open", fds[0]);
+	errors++;
+	goto done;
+    }
+    ntests++;
+    flag = fcntl(fds[1], F_GETFD, 0);
+#ifdef __APPLE__
+    /* We only set the close-on-exec flag on macOS. */
+    if (flag == 1)
+	flag = -1;
+#endif
+    if (flag != -1) {
+	sudo_warnx("fd %d still open", fds[1]);
+	errors++;
+	goto done;
+    }
+
+done:
+    if (ntests != 0) {
+	printf("%s: %d tests run, %d errors, %d%% success rate\n",
+	    getprogname(), ntests, errors, (ntests - errors) * 100 / ntests);
+    }
+    exit(errors);
+}