Add _FORTIFY_SOURCE support for inet_ntop

- Create the __inet_ntop_chk routine that verifies that the builtin size of the destination buffer is at least as big as the size given by the user. - Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn - Update the abilist for this new routine - Update the manual to mention the new fortification Reviewed-by: Florian Weimer <fweimer@redhat.com>
2025-08-08 17:42:12 +03:00 · 2025-03-07 18:16:30 +01:00
parent 3cdb99d8bb
commit 090dfa40a5
46 changed files with 182 additions and 0 deletions
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -55,6 +55,7 @@ routines = \
  gethostname_chk \
  gets_chk \
  getwd_chk \
+  inet_ntop_chk \
  longjmp_chk \
  mbsnrtowcs_chk \
  mbsrtowcs_chk \
--- a/debug/Versions
+++ b/debug/Versions
@@ -64,6 +64,9 @@ libc {
    __wcslcat_chk;
    __wcslcpy_chk;
  }
+  GLIBC_2.42 {
+    __inet_ntop_chk;
+  }
  GLIBC_PRIVATE {
    __fortify_fail;
  }
--- a/debug/inet_ntop_chk.c
+++ b/debug/inet_ntop_chk.c
@@ -0,0 +1,30 @@
+/* Copyright (C) 2025 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <arpa/inet.h>
+#include <stdio.h>
+
+const char *
+__inet_ntop_chk (int af, const void *src, char *dst,
+		 socklen_t size, size_t dst_size)
+{
+  if (size > dst_size)
+    __chk_fail ();
+
+  return __inet_ntop (af, src, dst, size);
+}
+libc_hidden_def (__inet_ntop_chk)
--- a/debug/tst-fortify.c
+++ b/debug/tst-fortify.c
@@ -23,6 +23,7 @@

 #include <assert.h>
 #include <fcntl.h>
+#include <arpa/inet.h>
 #include <limits.h>
 #include <locale.h>
 #include <obstack.h>
@@ -1832,6 +1833,26 @@ do_test (void)
 # endif
 #endif

+  struct in6_addr addr6 = {};
+  struct in_addr addr = {};
+  char addrstr6[INET6_ADDRSTRLEN];
+  char addrstr[INET_ADDRSTRLEN];
+
+  if (inet_ntop (AF_INET6, &addr6, addrstr6, sizeof (addrstr6)) == NULL)
+    FAIL ();
+  if (inet_ntop (AF_INET, &addr, addrstr, sizeof (addrstr)) == NULL)
+    FAIL ();
+
+#if __USE_FORTIFY_LEVEL >= 1
+  CHK_FAIL_START
+  inet_ntop (AF_INET6, &addr6, buf, INET6_ADDRSTRLEN);
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN);
+  CHK_FAIL_END
+#endif
+
  return ret;
 }