From 44f7d061cb6d7c60ac825ac28064d3e69634cc1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20B=C3=A9rat?= Date: Mon, 31 Mar 2025 21:09:49 +0200 Subject: [PATCH] Backport: Add _FORTIFY_SOURCE support for inet_pton - Backport: debug: Re-flow and sort routines variable in Makefile (RHEL-44920) - Backport: inet: Rearrange and sort Makefile variables (RHEL-44920) - Backport: Prepare inet_ntop to be fortified (RHEL-44920) - Backport: Add missing guards in include/arpa/inet.h (RHEL-44920) - Backport: Add _FORTIFY_SOURCE support for inet_ntop (RHEL-44920) - Backport: Prepare inet_pton to be fortified (RHEL-44920) - Backport: Add _FORTIFY_SOURCE support for inet_pton (RHEL-44920) Resolves: RHEL-44920 --- glibc-RHEL-44920-1.patch | 135 +++++++++++ glibc-RHEL-44920-2.patch | 168 ++++++++++++++ glibc-RHEL-44920-3.patch | 81 +++++++ glibc-RHEL-44920-4.patch | 26 +++ glibc-RHEL-44920-5.patch | 277 +++++++++++++++++++++++ glibc-RHEL-44920-6.patch | 23 ++ glibc-RHEL-44920-7.patch | 471 +++++++++++++++++++++++++++++++++++++++ glibc-RHEL-44920-8.patch | 176 +++++++++++++++ glibc.spec | 13 +- 9 files changed, 1369 insertions(+), 1 deletion(-) create mode 100644 glibc-RHEL-44920-1.patch create mode 100644 glibc-RHEL-44920-2.patch create mode 100644 glibc-RHEL-44920-3.patch create mode 100644 glibc-RHEL-44920-4.patch create mode 100644 glibc-RHEL-44920-5.patch create mode 100644 glibc-RHEL-44920-6.patch create mode 100644 glibc-RHEL-44920-7.patch create mode 100644 glibc-RHEL-44920-8.patch diff --git a/glibc-RHEL-44920-1.patch b/glibc-RHEL-44920-1.patch new file mode 100644 index 0000000..a1797aa --- /dev/null +++ b/glibc-RHEL-44920-1.patch @@ -0,0 +1,135 @@ +commit 4e4641164d2722d622a1bf3b5e4583538d9c7227 +Author: Florian Weimer +Date: Mon Apr 17 15:41:08 2023 +0200 + + debug: Re-flow and sort routines variable in Makefile + + Reviewed-by: Adhemerval Zanella + +Conflicts: + debug/Makefile (fixed context) + +diff --git a/debug/Makefile b/debug/Makefile +index 63395fc626610a53..c19c76e2b8564bd2 100644 +--- a/debug/Makefile ++++ b/debug/Makefile +@@ -28,31 +28,94 @@ headers := execinfo.h + # Note that ptsname_r_chk and getlogin_r are not here, but in + # login/Makefile instead. If that subdir is omitted from the + # build, its _FORTIFY_SOURCE support will be too. +-routines = backtrace backtracesyms backtracesymsfd noophooks \ +- memcpy_chk memmove_chk mempcpy_chk memset_chk stpcpy_chk \ +- strcat_chk strcpy_chk strncat_chk strncpy_chk stpncpy_chk \ +- sprintf_chk vsprintf_chk snprintf_chk vsnprintf_chk \ +- printf_chk fprintf_chk vprintf_chk vfprintf_chk \ +- gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \ +- read_chk pread_chk pread64_chk recv_chk recvfrom_chk \ +- readlink_chk readlinkat_chk getwd_chk getcwd_chk \ +- realpath_chk fread_chk fread_u_chk \ +- wctomb_chk wcscpy_chk wmemcpy_chk wmemmove_chk wmempcpy_chk \ +- wcpcpy_chk wcsncpy_chk wcscat_chk wcsncat_chk wmemset_chk \ +- wcpncpy_chk \ +- swprintf_chk vswprintf_chk wprintf_chk fwprintf_chk \ +- vwprintf_chk vfwprintf_chk fgetws_chk fgetws_u_chk \ +- confstr_chk getgroups_chk ttyname_r_chk \ +- gethostname_chk getdomainname_chk wcrtomb_chk mbsnrtowcs_chk \ +- wcsnrtombs_chk mbsrtowcs_chk wcsrtombs_chk mbstowcs_chk \ +- wcstombs_chk asprintf_chk vasprintf_chk dprintf_chk \ +- vdprintf_chk obprintf_chk vobprintf_chk \ +- longjmp_chk ____longjmp_chk \ +- fdelt_chk poll_chk ppoll_chk \ +- explicit_bzero_chk \ +- stack_chk_fail fortify_fail \ +- readonly-area-fallback \ +- $(static-only-routines) ++routines = \ ++ ____longjmp_chk \ ++ asprintf_chk \ ++ backtrace \ ++ backtracesyms \ ++ backtracesymsfd \ ++ chk_fail \ ++ confstr_chk \ ++ dprintf_chk \ ++ explicit_bzero_chk \ ++ fdelt_chk \ ++ fgets_chk \ ++ fgets_u_chk \ ++ fgetws_chk \ ++ fgetws_u_chk \ ++ fortify_fail \ ++ fprintf_chk \ ++ fread_chk \ ++ fread_u_chk \ ++ fwprintf_chk \ ++ getcwd_chk \ ++ getdomainname_chk \ ++ getgroups_chk \ ++ gethostname_chk \ ++ gets_chk \ ++ getwd_chk \ ++ longjmp_chk \ ++ mbsnrtowcs_chk \ ++ mbsrtowcs_chk \ ++ mbstowcs_chk \ ++ memcpy_chk \ ++ memmove_chk \ ++ mempcpy_chk \ ++ memset_chk \ ++ noophooks \ ++ obprintf_chk \ ++ poll_chk \ ++ ppoll_chk \ ++ pread64_chk \ ++ pread_chk \ ++ printf_chk \ ++ read_chk \ ++ readlink_chk \ ++ readlinkat_chk \ ++ readonly-area \ ++ readonly-area-fallback \ ++ realpath_chk \ ++ recv_chk \ ++ recvfrom_chk \ ++ snprintf_chk \ ++ sprintf_chk \ ++ stack_chk_fail \ ++ stpcpy_chk \ ++ stpncpy_chk \ ++ strcat_chk \ ++ strcpy_chk \ ++ strncat_chk \ ++ strncpy_chk \ ++ swprintf_chk \ ++ ttyname_r_chk \ ++ vasprintf_chk \ ++ vdprintf_chk \ ++ vfprintf_chk \ ++ vfwprintf_chk \ ++ vobprintf_chk \ ++ vprintf_chk \ ++ vsnprintf_chk \ ++ vsprintf_chk \ ++ vswprintf_chk \ ++ vwprintf_chk \ ++ wcpcpy_chk \ ++ wcpncpy_chk \ ++ wcrtomb_chk \ ++ wcscat_chk \ ++ wcscpy_chk \ ++ wcsncat_chk \ ++ wcsncpy_chk \ ++ wcsnrtombs_chk \ ++ wcsrtombs_chk \ ++ wcstombs_chk \ ++ wctomb_chk \ ++ wmemcpy_chk \ ++ wmemmove_chk \ ++ wmempcpy_chk \ ++ wmemset_chk \ ++ wprintf_chk \ ++ $(static-only-routines) ++ # routines + static-only-routines := stack_chk_fail_local + + # Don't add stack_chk_fail_local.o to libc.a since __stack_chk_fail_local diff --git a/glibc-RHEL-44920-2.patch b/glibc-RHEL-44920-2.patch new file mode 100644 index 0000000..a375886 --- /dev/null +++ b/glibc-RHEL-44920-2.patch @@ -0,0 +1,168 @@ +commit b6b8a88cf59a00d7716e9dd2e5ba92eedfec69ce +Author: Arjun Shankar +Date: Mon Oct 2 14:55:13 2023 +0200 + + inet: Rearrange and sort Makefile variables + + Rearrange lists of routines, tests, etc. into one-per-line in + inet/Makefile and sort them using scripts/sort-makefile-lines.py. + Reviewed-by: Siddhesh Poyarekar + +diff --git a/inet/Makefile b/inet/Makefile +index cf4cf5cf8ae6732f..b7d6e40fb319f52d 100644 +--- a/inet/Makefile ++++ b/inet/Makefile +@@ -22,41 +22,123 @@ subdir := inet + + include ../Makeconfig + +-headers := netinet/ether.h netinet/in.h netinet/in_systm.h \ +- netinet/if_ether.h netinet/igmp.h \ +- netinet/tcp.h netinet/ip.h $(wildcard arpa/*.h protocols/*.h) \ +- aliases.h ifaddrs.h netinet/ip6.h netinet/icmp6.h bits/in.h \ +- rpc/netdb.h +- +-routines := htonl htons \ +- inet_lnaof inet_mkadr \ +- inet_netof inet_ntoa inet_net herrno herrno-loc \ +- gethstbyad gethstbyad_r gethstbynm gethstbynm2 gethstbynm2_r \ +- gethstbynm_r gethstent gethstent_r \ +- getnetbyad getnetbyad_r getnetbynm getnetent getnetent_r \ +- getnetbynm_r \ +- getproto getproto_r getprtent getprtent_r getprtname getprtname_r \ +- getsrvbynm getsrvbynm_r getsrvbypt getsrvbypt_r getservent \ +- getservent_r getrpcent getrpcbyname getrpcbynumber \ +- getrpcent_r getrpcbyname_r getrpcbynumber_r \ +- ether_aton ether_aton_r ether_hton ether_line \ +- ether_ntoa ether_ntoa_r ether_ntoh \ +- rcmd rexec ruserpass bindresvport \ +- getnetgrent_r getnetgrent \ +- getaliasent_r getaliasent getaliasname getaliasname_r \ +- in6_addr getnameinfo if_index ifaddrs inet6_option \ +- getipv4sourcefilter setipv4sourcefilter \ +- getsourcefilter setsourcefilter inet6_opt inet6_rth \ +- inet6_scopeid_pton deadline idna idna_name_classify ++headers := \ ++ $(wildcard arpa/*.h protocols/*.h) \ ++ aliases.h \ ++ bits/in.h \ ++ ifaddrs.h \ ++ netinet/ether.h \ ++ netinet/icmp6.h \ ++ netinet/if_ether.h \ ++ netinet/igmp.h \ ++ netinet/in.h \ ++ netinet/in_systm.h \ ++ netinet/ip.h \ ++ netinet/ip6.h \ ++ netinet/tcp.h \ ++ rpc/netdb.h \ ++ # headers ++ ++routines := \ ++ bindresvport \ ++ deadline \ ++ ether_aton \ ++ ether_aton_r \ ++ ether_hton \ ++ ether_line \ ++ ether_ntoa \ ++ ether_ntoa_r \ ++ ether_ntoh \ ++ getaliasent \ ++ getaliasent_r \ ++ getaliasname \ ++ getaliasname_r \ ++ gethstbyad \ ++ gethstbyad_r \ ++ gethstbynm \ ++ gethstbynm2 \ ++ gethstbynm2_r \ ++ gethstbynm_r \ ++ gethstent \ ++ gethstent_r \ ++ getipv4sourcefilter \ ++ getnameinfo \ ++ getnetbyad \ ++ getnetbyad_r \ ++ getnetbynm \ ++ getnetbynm_r \ ++ getnetent \ ++ getnetent_r \ ++ getnetgrent \ ++ getnetgrent_r \ ++ getproto \ ++ getproto_r \ ++ getprtent \ ++ getprtent_r \ ++ getprtname \ ++ getprtname_r \ ++ getrpcbyname \ ++ getrpcbyname_r \ ++ getrpcbynumber \ ++ getrpcbynumber_r \ ++ getrpcent \ ++ getrpcent_r \ ++ getservent \ ++ getservent_r \ ++ getsourcefilter \ ++ getsrvbynm \ ++ getsrvbynm_r \ ++ getsrvbypt \ ++ getsrvbypt_r \ ++ herrno \ ++ herrno-loc \ ++ htonl \ ++ htons \ ++ idna \ ++ idna_name_classify \ ++ if_index \ ++ ifaddrs \ ++ in6_addr \ ++ inet6_opt \ ++ inet6_option \ ++ inet6_rth \ ++ inet6_scopeid_pton \ ++ inet_lnaof \ ++ inet_mkadr \ ++ inet_net \ ++ inet_netof \ ++ inet_ntoa \ ++ rcmd \ ++ rexec \ ++ ruserpass \ ++ setipv4sourcefilter \ ++ setsourcefilter \ ++ # routines + + install-others = $(inst_sysconfdir)/rpc + + aux := check_pf check_native ifreq + +-tests := htontest test_ifindex tst-ntoa tst-ether_aton tst-network \ +- tst-gethnm test-ifaddrs bug-if1 test-inet6_opt tst-ether_line \ +- tst-getni1 tst-getni2 tst-inet6_rth tst-checks tst-checks-posix \ +- tst-sockaddr test-hnto-types tst-if_index-long ++tests := \ ++ bug-if1 \ ++ htontest \ ++ test-hnto-types \ ++ test-ifaddrs \ ++ test-inet6_opt \ ++ test_ifindex \ ++ tst-checks \ ++ tst-checks-posix \ ++ tst-ether_aton \ ++ tst-ether_line \ ++ tst-gethnm \ ++ tst-getni1 \ ++ tst-getni2 \ ++ tst-if_index-long \ ++ tst-inet6_rth \ ++ tst-network \ ++ tst-ntoa \ ++ tst-sockaddr \ ++ # tests + + # tst-deadline must be linked statically so that we can access + # internal functions. diff --git a/glibc-RHEL-44920-3.patch b/glibc-RHEL-44920-3.patch new file mode 100644 index 0000000..ca7ee81 --- /dev/null +++ b/glibc-RHEL-44920-3.patch @@ -0,0 +1,81 @@ +commit 84373ef7b72c9c8ab61ce1fdfd798777715a1a52 +Author: Frédéric Bérat +Date: Fri Mar 7 14:42:26 2025 +0100 + + Prepare inet_ntop to be fortified + + Rename inet_ntop to __inet_ntop and create the inet_ntop weak alias + based on it in order to prepare for disabling fortification when + available. + + Reviewed-by: Florian Weimer + +diff --git a/include/arpa/inet.h b/include/arpa/inet.h +index df9472ba3bc52689..d1ea13bb19d4a497 100644 +--- a/include/arpa/inet.h ++++ b/include/arpa/inet.h +@@ -5,7 +5,9 @@ + extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp); + libc_hidden_proto (__inet_aton_exact) + +-libc_hidden_proto (inet_ntop) ++extern __typeof (inet_ntop) __inet_ntop; ++libc_hidden_proto (__inet_ntop) ++ + libc_hidden_proto (inet_pton) + extern __typeof (inet_pton) __inet_pton; + libc_hidden_proto (__inet_pton) +diff --git a/inet/getnameinfo.c b/inet/getnameinfo.c +index 8380d8578361b289..d0c6de6ba12b6298 100644 +--- a/inet/getnameinfo.c ++++ b/inet/getnameinfo.c +@@ -323,7 +323,7 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf, + if (sa->sa_family == AF_INET6) + { + const struct sockaddr_in6 *sin6p = (const struct sockaddr_in6 *) sa; +- if (inet_ntop (AF_INET6, &sin6p->sin6_addr, host, hostlen) == NULL) ++ if (__inet_ntop (AF_INET6, &sin6p->sin6_addr, host, hostlen) == NULL) + return EAI_OVERFLOW; + + uint32_t scopeid = sin6p->sin6_scope_id; +@@ -350,7 +350,7 @@ gni_host_inet_numeric (struct scratch_buffer *tmpbuf, + else + { + const struct sockaddr_in *sinp = (const struct sockaddr_in *) sa; +- if (inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen) == NULL) ++ if (__inet_ntop (AF_INET, &sinp->sin_addr, host, hostlen) == NULL) + return EAI_OVERFLOW; + } + return 0; +diff --git a/resolv/inet_ntop.c b/resolv/inet_ntop.c +index c4d38c0f951013e5..acf5f3cb885e2e47 100644 +--- a/resolv/inet_ntop.c ++++ b/resolv/inet_ntop.c +@@ -42,7 +42,7 @@ static const char *inet_ntop4 (const u_char *src, char *dst, socklen_t size); + static const char *inet_ntop6 (const u_char *src, char *dst, socklen_t size); + + /* char * +- * inet_ntop(af, src, dst, size) ++ * __inet_ntop(af, src, dst, size) + * convert a network format address to presentation format. + * return: + * pointer to presentation format address (`dst'), or NULL (see errno). +@@ -50,7 +50,7 @@ static const char *inet_ntop6 (const u_char *src, char *dst, socklen_t size); + * Paul Vixie, 1996. + */ + const char * +-inet_ntop (int af, const void *src, char *dst, socklen_t size) ++__inet_ntop (int af, const void *src, char *dst, socklen_t size) + { + switch (af) { + case AF_INET: +@@ -63,7 +63,8 @@ inet_ntop (int af, const void *src, char *dst, socklen_t size) + } + /* NOTREACHED */ + } +-libc_hidden_def (inet_ntop) ++libc_hidden_def (__inet_ntop) ++weak_alias (__inet_ntop, inet_ntop) + + /* const char * + * inet_ntop4(src, dst, size) diff --git a/glibc-RHEL-44920-4.patch b/glibc-RHEL-44920-4.patch new file mode 100644 index 0000000..ca6bade --- /dev/null +++ b/glibc-RHEL-44920-4.patch @@ -0,0 +1,26 @@ +commit 3cdb99d8bb9d0008b2b297080e61d6c10dd66cc8 +Author: Frédéric Bérat +Date: Tue Mar 11 10:40:11 2025 +0100 + + Add missing guards in include/arpa/inet.h + + Add the missing guards in the header, similarly to other headers at the + same level + + Reviewed-by: Florian Weimer + +diff --git a/include/arpa/inet.h b/include/arpa/inet.h +index d1ea13bb19d4a497..d9e55a3c7f2db9f2 100644 +--- a/include/arpa/inet.h ++++ b/include/arpa/inet.h +@@ -1,3 +1,5 @@ ++#ifndef _ARPA_INET_H ++/* Note: _ARPA_INET_H is defined by inet/arpa/inet.h below. */ + #include + + #ifndef _ISOMAC +@@ -17,3 +19,4 @@ libc_hidden_proto (inet_netof) + extern __typeof (inet_network) __inet_network; + libc_hidden_proto (__inet_network) + #endif ++#endif diff --git a/glibc-RHEL-44920-5.patch b/glibc-RHEL-44920-5.patch new file mode 100644 index 0000000..24ba239 --- /dev/null +++ b/glibc-RHEL-44920-5.patch @@ -0,0 +1,277 @@ +commit 090dfa40a5e46f7c0e4d6e8369bcbbd51267625f +Author: Frédéric Bérat +Date: Fri Mar 7 18:16:30 2025 +0100 + + Add _FORTIFY_SOURCE support for inet_ntop + + - Create the __inet_ntop_chk routine that verifies that the builtin size + of the destination buffer is at least as big as the size given by the + user. + - Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn + - Update the abilist for this new routine + - Update the manual to mention the new fortification + + Reviewed-by: Florian Weimer + +Conflicts: + debug/Makefile (New routine added to static-only-routines + instead of routines) + debug/Versions (Version not updated in the backport) + inet/Makefile (New headers) + manual/maint.texi (Not relevant in current Glibc Version) + */libc.abilist (Not added in the backport) + inet/bits/inet-fortified-decl.h (Replace __REDIRECT_FORTIFY_NTH + with __REDIRECT_NTH) + inet/bits/inet-fortified.h (removed attribute_overloadable and + clang specific handling) + +Note on the changes: +- Since we can't modify the ABI, __inet_ntop_chk has been added to + static-only-routines and `attribute_hidden` has been added to its definition. +- __REDIRECT_FORTIFY* macros aren't available in the current version, since + the patch to enable foritfication on glibc itself hasn't be ported. +- clang specific handling of foritifcation has not been ported, which means the + following had to be removed from the patch: + - use of __attribute_overloadable__ + - use of __fortify_clang_* macros + +diff --git a/debug/Makefile b/debug/Makefile +index c19c76e2b8564bd2..18be784e86bbaaab 100644 +--- a/debug/Makefile ++++ b/debug/Makefile +@@ -116,7 +116,8 @@ routines = \ + wprintf_chk \ + $(static-only-routines) + # routines +-static-only-routines := stack_chk_fail_local ++static-only-routines := stack_chk_fail_local \ ++ inet_ntop_chk \ + + # Don't add stack_chk_fail_local.o to libc.a since __stack_chk_fail_local + # is an alias of __stack_chk_fail in stack_chk_fail.o. +diff --git a/debug/inet_ntop_chk.c b/debug/inet_ntop_chk.c +new file mode 100644 +index 0000000000000000..8a3994dd3fc9bfe4 +--- /dev/null ++++ b/debug/inet_ntop_chk.c +@@ -0,0 +1,31 @@ ++/* Copyright (C) 2025 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++ ++attribute_hidden ++const char * ++__inet_ntop_chk (int af, const void *src, char *dst, ++ socklen_t size, size_t dst_size) ++{ ++ if (size > dst_size) ++ __chk_fail (); ++ ++ return inet_ntop (af, src, dst, size); ++} ++libc_hidden_def (__inet_ntop_chk) +diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c +index 01a8703de1e6e09a..50909d0af53da10e 100644 +--- a/debug/tst-fortify.c ++++ b/debug/tst-fortify.c +@@ -24,6 +24,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -1762,6 +1763,26 @@ do_test (void) + # endif + #endif + ++ struct in6_addr addr6 = {}; ++ struct in_addr addr = {}; ++ char addrstr6[INET6_ADDRSTRLEN]; ++ char addrstr[INET_ADDRSTRLEN]; ++ ++ if (inet_ntop (AF_INET6, &addr6, addrstr6, sizeof (addrstr6)) == NULL) ++ FAIL (); ++ if (inet_ntop (AF_INET, &addr, addrstr, sizeof (addrstr)) == NULL) ++ FAIL (); ++ ++#if __USE_FORTIFY_LEVEL >= 1 ++ CHK_FAIL_START ++ inet_ntop (AF_INET6, &addr6, buf, INET6_ADDRSTRLEN); ++ CHK_FAIL_END ++ ++ CHK_FAIL_START ++ inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN); ++ CHK_FAIL_END ++#endif ++ + return ret; + } + +diff --git a/include/arpa/inet.h b/include/arpa/inet.h +index d9e55a3c7f2db9f2..a02892f48a27454e 100644 +--- a/include/arpa/inet.h ++++ b/include/arpa/inet.h +@@ -3,12 +3,18 @@ + #include + + #ifndef _ISOMAC ++/* Declare functions with security checks. ++ This needs to be included unconditionally as these definition are needed even ++ when fortification is disabled in inet/arpa/inet.h. */ ++#include ++ + /* Variant of inet_aton which rejects trailing garbage. */ + extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp); + libc_hidden_proto (__inet_aton_exact) + + extern __typeof (inet_ntop) __inet_ntop; + libc_hidden_proto (__inet_ntop) ++libc_hidden_proto (__inet_ntop_chk) + + libc_hidden_proto (inet_pton) + extern __typeof (inet_pton) __inet_pton; +diff --git a/include/bits/inet-fortified-decl.h b/include/bits/inet-fortified-decl.h +new file mode 100644 +index 0000000000000000..e6ad4d4663c61a0d +--- /dev/null ++++ b/include/bits/inet-fortified-decl.h +@@ -0,0 +1 @@ ++#include +diff --git a/include/bits/inet-fortified.h b/include/bits/inet-fortified.h +new file mode 100644 +index 0000000000000000..abba7c57014c2a23 +--- /dev/null ++++ b/include/bits/inet-fortified.h +@@ -0,0 +1 @@ ++#include +diff --git a/inet/Makefile b/inet/Makefile +index b7d6e40fb319f52d..ef6b94ed0b519d6d 100644 +--- a/inet/Makefile ++++ b/inet/Makefile +@@ -26,6 +26,8 @@ headers := \ + $(wildcard arpa/*.h protocols/*.h) \ + aliases.h \ + bits/in.h \ ++ bits/inet-fortified-decl.h \ ++ bits/inet-fortified.h \ + ifaddrs.h \ + netinet/ether.h \ + netinet/icmp6.h \ +diff --git a/inet/arpa/inet.h b/inet/arpa/inet.h +index 54c9c6d468b66a2f..2ac498061a533a7b 100644 +--- a/inet/arpa/inet.h ++++ b/inet/arpa/inet.h +@@ -101,6 +101,11 @@ extern char *inet_nsap_ntoa (int __len, const unsigned char *__cp, + char *__buf) __THROW; + #endif + ++#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function ++/* Include functions with security checks. */ ++# include ++#endif ++ + __END_DECLS + + #endif /* arpa/inet.h */ +diff --git a/inet/bits/inet-fortified-decl.h b/inet/bits/inet-fortified-decl.h +new file mode 100644 +index 0000000000000000..229063ae7898ba2d +--- /dev/null ++++ b/inet/bits/inet-fortified-decl.h +@@ -0,0 +1,35 @@ ++/* Declarations of checking macros for inet functions. ++ Copyright (C) 2025 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#ifndef _BITS_INET_FORTIFIED_DEC_H ++#define _BITS_INET_FORTIFIED_DEC_H 1 ++ ++#ifndef _ARPA_INET_H ++# error "Never include directly; use instead." ++#endif ++ ++extern const char *__inet_ntop_chk (int, const void *, char *, socklen_t, size_t); ++ ++extern const char *__REDIRECT_NTH (__inet_ntop_alias, ++ (int, const void *, char *, socklen_t), inet_ntop); ++extern const char *__REDIRECT_NTH (__inet_ntop_chk_warn, ++ (int, const void *, char *, socklen_t, size_t), __inet_ntop_chk) ++ __warnattr ("inet_ntop called with bigger length than " ++ "size of destination buffer"); ++ ++#endif /* bits/inet-fortified-decl.h. */ +diff --git a/inet/bits/inet-fortified.h b/inet/bits/inet-fortified.h +new file mode 100644 +index 0000000000000000..af26f36ef6ae0533 +--- /dev/null ++++ b/inet/bits/inet-fortified.h +@@ -0,0 +1,37 @@ ++/* Checking macros for inet functions. ++ Copyright (C) 2025 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#ifndef _BITS_INET_FORTIFIED_H ++#define _BITS_INET_FORTIFIED_H 1 ++ ++#ifndef _ARPA_INET_H ++# error "Never include directly; use instead." ++#endif ++ ++#include ++ ++__fortify_function const char * ++__NTH (inet_ntop (int __af, const void * __restrict __src, ++ char *__restrict __dst, socklen_t __dst_size)) ++{ ++ return __glibc_fortify (inet_ntop, __dst_size, sizeof (char), ++ __glibc_objsize (__dst), ++ __af, __src, __dst, __dst_size); ++}; ++ ++#endif /* bits/inet-fortified.h. */ diff --git a/glibc-RHEL-44920-6.patch b/glibc-RHEL-44920-6.patch new file mode 100644 index 0000000..c2eca09 --- /dev/null +++ b/glibc-RHEL-44920-6.patch @@ -0,0 +1,23 @@ +commit 7f0d9e61f40c669fca3cfd1e342fa8236c7220b7 +Author: Paul Pluzhnikov +Date: Sat May 20 13:37:47 2023 +0000 + + Fix all the remaining misspellings -- BZ 25337 + +Note on the changes: +- Partial backport, the only file modified is `resolv/inet_pton.c` to + ease further backport for RHEL-44920. + +diff --git a/resolv/inet_pton.c b/resolv/inet_pton.c +index f1d5db75d0d47501..835f364794c1be96 100644 +--- a/resolv/inet_pton.c ++++ b/resolv/inet_pton.c +@@ -121,7 +121,7 @@ inet_pton4 (const char *src, const char *end, unsigned char *dst) + return 1; + } + +-/* Return the value of CH as a hexademical digit, or -1 if it is a ++/* Return the value of CH as a hexadecimal digit, or -1 if it is a + different type of character. */ + static int + hex_digit_value (char ch) diff --git a/glibc-RHEL-44920-7.patch b/glibc-RHEL-44920-7.patch new file mode 100644 index 0000000..51ee98f --- /dev/null +++ b/glibc-RHEL-44920-7.patch @@ -0,0 +1,471 @@ +commit a71db81ed1353edd00ca2901d2fefd98c53209d3 +Author: Aaron Merey +Date: Thu Mar 20 11:07:05 2025 -0400 + + Prepare inet_pton to be fortified + + Split inet_pton internals such as __inet_pton_length from the + inet_pton entry point. + + This allows the internals to be built with fortification while + leaving the inet_pton entry point unchanged. + + Co-authored-by: Frédéric Bérat + Reviewed-by: Florian Weimer + +diff --git a/resolv/Makefile b/resolv/Makefile +index e168a81d9e086df4..f3f5c260d0b7471f 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -38,6 +38,7 @@ routines := \ + inet_addr \ + inet_ntop \ + inet_pton \ ++ inet_pton_length \ + ns_makecanon \ + ns_name_compress \ + ns_name_length_uncompressed \ +@@ -73,6 +74,11 @@ routines := \ + resolv_context \ + # routines + ++# Exclude fortified routines from being built with _FORTIFY_SOURCE ++routines_no_fortify += \ ++ inet_pton \ ++ # routines_no_fortify ++ + tests = tst-aton tst-leaks tst-inet_ntop + tests-container = tst-leaks2 + +diff --git a/resolv/inet_pton.c b/resolv/inet_pton.c +index 835f364794c1be96..cebccb2e1ee7bfd1 100644 +--- a/resolv/inet_pton.c ++++ b/resolv/inet_pton.c +@@ -33,33 +33,7 @@ + */ + + #include +-#include +-#include +-#include +-#include + #include +-#include +-#include +-#include +- +-static int inet_pton4 (const char *src, const char *src_end, u_char *dst); +-static int inet_pton6 (const char *src, const char *src_end, u_char *dst); +- +-int +-__inet_pton_length (int af, const char *src, size_t srclen, void *dst) +-{ +- switch (af) +- { +- case AF_INET: +- return inet_pton4 (src, src + srclen, dst); +- case AF_INET6: +- return inet_pton6 (src, src + srclen, dst); +- default: +- __set_errno (EAFNOSUPPORT); +- return -1; +- } +-} +-libc_hidden_def (__inet_pton_length) + + /* Like __inet_pton_length, but use strlen (SRC) as the length of + SRC. */ +@@ -71,164 +45,3 @@ __inet_pton (int af, const char *src, void *dst) + libc_hidden_def (__inet_pton) + weak_alias (__inet_pton, inet_pton) + libc_hidden_weak (inet_pton) +- +-/* Like inet_aton but without all the hexadecimal, octal and shorthand +- (and trailing garbage is not ignored). Return 1 if SRC is a valid +- dotted quad, else 0. This function does not touch DST unless it's +- returning 1. +- Author: Paul Vixie, 1996. */ +-static int +-inet_pton4 (const char *src, const char *end, unsigned char *dst) +-{ +- int saw_digit, octets, ch; +- unsigned char tmp[NS_INADDRSZ], *tp; +- +- saw_digit = 0; +- octets = 0; +- *(tp = tmp) = 0; +- while (src < end) +- { +- ch = *src++; +- if (ch >= '0' && ch <= '9') +- { +- unsigned int new = *tp * 10 + (ch - '0'); +- +- if (saw_digit && *tp == 0) +- return 0; +- if (new > 255) +- return 0; +- *tp = new; +- if (! saw_digit) +- { +- if (++octets > 4) +- return 0; +- saw_digit = 1; +- } +- } +- else if (ch == '.' && saw_digit) +- { +- if (octets == 4) +- return 0; +- *++tp = 0; +- saw_digit = 0; +- } +- else +- return 0; +- } +- if (octets < 4) +- return 0; +- memcpy (dst, tmp, NS_INADDRSZ); +- return 1; +-} +- +-/* Return the value of CH as a hexadecimal digit, or -1 if it is a +- different type of character. */ +-static int +-hex_digit_value (char ch) +-{ +- if ('0' <= ch && ch <= '9') +- return ch - '0'; +- if ('a' <= ch && ch <= 'f') +- return ch - 'a' + 10; +- if ('A' <= ch && ch <= 'F') +- return ch - 'A' + 10; +- return -1; +-} +- +-/* Convert presentation-level IPv6 address to network order binary +- form. Return 1 if SRC is a valid [RFC1884 2.2] address, else 0. +- This function does not touch DST unless it's returning 1. +- Author: Paul Vixie, 1996. Inspired by Mark Andrews. */ +-static int +-inet_pton6 (const char *src, const char *src_endp, unsigned char *dst) +-{ +- unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; +- const char *curtok; +- int ch; +- size_t xdigits_seen; /* Number of hex digits since colon. */ +- unsigned int val; +- +- tp = memset (tmp, '\0', NS_IN6ADDRSZ); +- endp = tp + NS_IN6ADDRSZ; +- colonp = NULL; +- +- /* Leading :: requires some special handling. */ +- if (src == src_endp) +- return 0; +- if (*src == ':') +- { +- ++src; +- if (src == src_endp || *src != ':') +- return 0; +- } +- +- curtok = src; +- xdigits_seen = 0; +- val = 0; +- while (src < src_endp) +- { +- ch = *src++; +- int digit = hex_digit_value (ch); +- if (digit >= 0) +- { +- if (xdigits_seen == 4) +- return 0; +- val <<= 4; +- val |= digit; +- if (val > 0xffff) +- return 0; +- ++xdigits_seen; +- continue; +- } +- if (ch == ':') +- { +- curtok = src; +- if (xdigits_seen == 0) +- { +- if (colonp) +- return 0; +- colonp = tp; +- continue; +- } +- else if (src == src_endp) +- return 0; +- if (tp + NS_INT16SZ > endp) +- return 0; +- *tp++ = (unsigned char) (val >> 8) & 0xff; +- *tp++ = (unsigned char) val & 0xff; +- xdigits_seen = 0; +- val = 0; +- continue; +- } +- if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) +- && inet_pton4 (curtok, src_endp, tp) > 0) +- { +- tp += NS_INADDRSZ; +- xdigits_seen = 0; +- break; /* '\0' was seen by inet_pton4. */ +- } +- return 0; +- } +- if (xdigits_seen > 0) +- { +- if (tp + NS_INT16SZ > endp) +- return 0; +- *tp++ = (unsigned char) (val >> 8) & 0xff; +- *tp++ = (unsigned char) val & 0xff; +- } +- if (colonp != NULL) +- { +- /* Replace :: with zeros. */ +- if (tp == endp) +- /* :: would expand to a zero-width field. */ +- return 0; +- size_t n = tp - colonp; +- memmove (endp - n, colonp, n); +- memset (colonp, 0, endp - n - colonp); +- tp = endp; +- } +- if (tp != endp) +- return 0; +- memcpy (dst, tmp, NS_IN6ADDRSZ); +- return 1; +-} +diff --git a/resolv/inet_pton_length.c b/resolv/inet_pton_length.c +new file mode 100644 +index 0000000000000000..c3614074a47140c1 +--- /dev/null ++++ b/resolv/inet_pton_length.c +@@ -0,0 +1,223 @@ ++/* Copyright (C) 1996-2025 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* ++ * Copyright (c) 1996,1999 by Internet Software Consortium. ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE ++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ * SOFTWARE. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int inet_pton4 (const char *src, const char *src_end, u_char *dst); ++static int inet_pton6 (const char *src, const char *src_end, u_char *dst); ++ ++int ++__inet_pton_length (int af, const char *src, size_t srclen, void *dst) ++{ ++ switch (af) ++ { ++ case AF_INET: ++ return inet_pton4 (src, src + srclen, dst); ++ case AF_INET6: ++ return inet_pton6 (src, src + srclen, dst); ++ default: ++ __set_errno (EAFNOSUPPORT); ++ return -1; ++ } ++} ++libc_hidden_def (__inet_pton_length) ++ ++/* Like inet_aton but without all the hexadecimal, octal and shorthand ++ (and trailing garbage is not ignored). Return 1 if SRC is a valid ++ dotted quad, else 0. This function does not touch DST unless it's ++ returning 1. ++ Author: Paul Vixie, 1996. */ ++static int ++inet_pton4 (const char *src, const char *end, unsigned char *dst) ++{ ++ int saw_digit, octets, ch; ++ unsigned char tmp[NS_INADDRSZ], *tp; ++ ++ saw_digit = 0; ++ octets = 0; ++ *(tp = tmp) = 0; ++ while (src < end) ++ { ++ ch = *src++; ++ if (ch >= '0' && ch <= '9') ++ { ++ unsigned int new = *tp * 10 + (ch - '0'); ++ ++ if (saw_digit && *tp == 0) ++ return 0; ++ if (new > 255) ++ return 0; ++ *tp = new; ++ if (! saw_digit) ++ { ++ if (++octets > 4) ++ return 0; ++ saw_digit = 1; ++ } ++ } ++ else if (ch == '.' && saw_digit) ++ { ++ if (octets == 4) ++ return 0; ++ *++tp = 0; ++ saw_digit = 0; ++ } ++ else ++ return 0; ++ } ++ if (octets < 4) ++ return 0; ++ memcpy (dst, tmp, NS_INADDRSZ); ++ return 1; ++} ++ ++/* Return the value of CH as a hexadecimal digit, or -1 if it is a ++ different type of character. */ ++static int ++hex_digit_value (char ch) ++{ ++ if ('0' <= ch && ch <= '9') ++ return ch - '0'; ++ if ('a' <= ch && ch <= 'f') ++ return ch - 'a' + 10; ++ if ('A' <= ch && ch <= 'F') ++ return ch - 'A' + 10; ++ return -1; ++} ++ ++/* Convert presentation-level IPv6 address to network order binary ++ form. Return 1 if SRC is a valid [RFC1884 2.2] address, else 0. ++ This function does not touch DST unless it's returning 1. ++ Author: Paul Vixie, 1996. Inspired by Mark Andrews. */ ++static int ++inet_pton6 (const char *src, const char *src_endp, unsigned char *dst) ++{ ++ unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; ++ const char *curtok; ++ int ch; ++ size_t xdigits_seen; /* Number of hex digits since colon. */ ++ unsigned int val; ++ ++ tp = memset (tmp, '\0', NS_IN6ADDRSZ); ++ endp = tp + NS_IN6ADDRSZ; ++ colonp = NULL; ++ ++ /* Leading :: requires some special handling. */ ++ if (src == src_endp) ++ return 0; ++ if (*src == ':') ++ { ++ ++src; ++ if (src == src_endp || *src != ':') ++ return 0; ++ } ++ ++ curtok = src; ++ xdigits_seen = 0; ++ val = 0; ++ while (src < src_endp) ++ { ++ ch = *src++; ++ int digit = hex_digit_value (ch); ++ if (digit >= 0) ++ { ++ if (xdigits_seen == 4) ++ return 0; ++ val <<= 4; ++ val |= digit; ++ if (val > 0xffff) ++ return 0; ++ ++xdigits_seen; ++ continue; ++ } ++ if (ch == ':') ++ { ++ curtok = src; ++ if (xdigits_seen == 0) ++ { ++ if (colonp) ++ return 0; ++ colonp = tp; ++ continue; ++ } ++ else if (src == src_endp) ++ return 0; ++ if (tp + NS_INT16SZ > endp) ++ return 0; ++ *tp++ = (unsigned char) (val >> 8) & 0xff; ++ *tp++ = (unsigned char) val & 0xff; ++ xdigits_seen = 0; ++ val = 0; ++ continue; ++ } ++ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) ++ && inet_pton4 (curtok, src_endp, tp) > 0) ++ { ++ tp += NS_INADDRSZ; ++ xdigits_seen = 0; ++ break; /* '\0' was seen by inet_pton4. */ ++ } ++ return 0; ++ } ++ if (xdigits_seen > 0) ++ { ++ if (tp + NS_INT16SZ > endp) ++ return 0; ++ *tp++ = (unsigned char) (val >> 8) & 0xff; ++ *tp++ = (unsigned char) val & 0xff; ++ } ++ if (colonp != NULL) ++ { ++ /* Replace :: with zeros. */ ++ if (tp == endp) ++ /* :: would expand to a zero-width field. */ ++ return 0; ++ size_t n = tp - colonp; ++ memmove (endp - n, colonp, n); ++ memset (colonp, 0, endp - n - colonp); ++ tp = endp; ++ } ++ if (tp != endp) ++ return 0; ++ memcpy (dst, tmp, NS_IN6ADDRSZ); ++ return 1; ++} diff --git a/glibc-RHEL-44920-8.patch b/glibc-RHEL-44920-8.patch new file mode 100644 index 0000000..dbba29e --- /dev/null +++ b/glibc-RHEL-44920-8.patch @@ -0,0 +1,176 @@ +commit e3a6e85d67f1a48dec3e2557a83d6ce1544a58cb +Author: Aaron Merey +Date: Thu Mar 20 13:13:33 2025 -0400 + + Add _FORTIFY_SOURCE support for inet_pton + + Add function __inet_pton_chk which calls __chk_fail when the size of + argument dst is too small. inet_pton is redirected to __inet_pton_chk + or __inet_pton_warn when _FORTIFY_SOURCE is > 0. + + Also add tests to debug/tst-fortify.c, update the abilist with + __inet_pton_chk and mention inet_pton fortification in maint.texi. + + Co-authored-by: Frédéric Bérat + Reviewed-by: Florian Weimer + +Conflicts: + debug/Makefile (New routine added to static-only-routines + instead of routines) + debug/Versions (Not added in the backport) + manual/maint.texi (Not relevant for this version) + */libc.abilist (Not added in the backport) + inet/bits/inet-fortified-decl.h (Replace __REDIRECT_FORTIFY_NTH + with __REDIRECT_NTH) + inet/bits/inet-fortified.h (removed attribute_overloadable and + clang specific handling) + +Note on the changes: +- Since we can't modify the ABI, __inet_pton_chk has been added to + static-only-routines and `attribute_hidden` has been added to its definition. +- __REDIRECT_FORTIFY* macros aren't available in the current version, since + the patch to enable foritfication on glibc itself hasn't be ported. +- clang specific handling of foritifcation has not been ported, which means the + following had to be removed from the patch: + - use of __attribute_overloadable__ + - use of __fortify_clang_* macros + +diff --git a/debug/Makefile b/debug/Makefile +index 18be784e86bbaaab..c6ca9946d5fb5d19 100644 +--- a/debug/Makefile ++++ b/debug/Makefile +@@ -118,6 +118,7 @@ routines = \ + # routines + static-only-routines := stack_chk_fail_local \ + inet_ntop_chk \ ++ inet_pton_chk \ + + # Don't add stack_chk_fail_local.o to libc.a since __stack_chk_fail_local + # is an alias of __stack_chk_fail in stack_chk_fail.o. +diff --git a/debug/inet_pton_chk.c b/debug/inet_pton_chk.c +new file mode 100644 +index 0000000000000000..c9e4fd4683900141 +--- /dev/null ++++ b/debug/inet_pton_chk.c +@@ -0,0 +1,31 @@ ++/* Copyright (C) 2025 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++ ++attribute_hidden ++int ++__inet_pton_chk (int af, const char *src, void *dst, size_t dst_size) ++{ ++ if ((af == AF_INET && dst_size < 4) ++ || (af == AF_INET6 && dst_size < 16)) ++ __chk_fail (); ++ ++ return inet_pton (af, src, dst); ++} ++libc_hidden_def (__inet_pton_chk) +diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c +index 50909d0af53da10e..a87793e44ee36363 100644 +--- a/debug/tst-fortify.c ++++ b/debug/tst-fortify.c +@@ -1783,6 +1783,30 @@ do_test (void) + CHK_FAIL_END + #endif + ++ const char *ipv4str = "127.0.0.1"; ++ const char *ipv6str = "::1"; ++ ++ if (inet_pton (AF_INET, ipv4str, (void *) &addr) != 1) ++ FAIL (); ++ if (inet_pton (AF_INET6, ipv6str, (void *) &addr6) != 1) ++ FAIL (); ++ ++#if __USE_FORTIFY_LEVEL >= 1 ++ char smallbuf[2]; ++ ++ CHK_FAIL_START ++ inet_pton (AF_INET, ipv4str, (void *) smallbuf); ++ CHK_FAIL_END ++ ++ CHK_FAIL_START ++ inet_pton (AF_INET6, ipv6str, (void *) smallbuf); ++ CHK_FAIL_END ++ ++ CHK_FAIL_START ++ inet_pton (AF_INET6, ipv6str, (void *) &addr); ++ CHK_FAIL_END ++#endif ++ + return ret; + } + +diff --git a/include/arpa/inet.h b/include/arpa/inet.h +index a02892f48a27454e..3db8f1a96fdbd6fd 100644 +--- a/include/arpa/inet.h ++++ b/include/arpa/inet.h +@@ -19,6 +19,8 @@ libc_hidden_proto (__inet_ntop_chk) + libc_hidden_proto (inet_pton) + extern __typeof (inet_pton) __inet_pton; + libc_hidden_proto (__inet_pton) ++libc_hidden_proto (__inet_pton_chk) ++ + extern __typeof (inet_makeaddr) __inet_makeaddr; + libc_hidden_proto (__inet_makeaddr) + libc_hidden_proto (inet_netof) +diff --git a/inet/bits/inet-fortified-decl.h b/inet/bits/inet-fortified-decl.h +index 229063ae7898ba2d..189d35aee8bacab1 100644 +--- a/inet/bits/inet-fortified-decl.h ++++ b/inet/bits/inet-fortified-decl.h +@@ -32,4 +32,11 @@ extern const char *__REDIRECT_NTH (__inet_ntop_chk_warn, + __warnattr ("inet_ntop called with bigger length than " + "size of destination buffer"); + ++extern int __inet_pton_chk (int, const char *, void *, size_t); ++ ++extern int __REDIRECT_NTH (__inet_pton_alias, ++ (int, const char *, void *), inet_pton); ++extern int __REDIRECT_NTH (__inet_pton_chk_warn, ++ (int, const char *, void *, size_t), __inet_pton_chk) ++ __warnattr ("inet_pton called with a destination buffer size too small"); + #endif /* bits/inet-fortified-decl.h. */ +diff --git a/inet/bits/inet-fortified.h b/inet/bits/inet-fortified.h +index af26f36ef6ae0533..8420a4b7fb41086f 100644 +--- a/inet/bits/inet-fortified.h ++++ b/inet/bits/inet-fortified.h +@@ -34,4 +34,21 @@ __NTH (inet_ntop (int __af, const void * __restrict __src, + __af, __src, __dst, __dst_size); + }; + ++__fortify_function int ++__NTH (inet_pton (int __af, const char *__restrict __src, ++ void * __restrict __dst)) ++{ ++ size_t sz = 0; ++ if (__af == AF_INET) ++ sz = sizeof (struct in_addr); ++ else if (__af == AF_INET6) ++ sz = sizeof (struct in6_addr); ++ else ++ return __inet_pton_alias (__af, __src, __dst); ++ ++ return __glibc_fortify (inet_pton, sz, sizeof (char), ++ __glibc_objsize (__dst), ++ __af, __src, __dst); ++}; ++ + #endif /* bits/inet-fortified.h. */ diff --git a/glibc.spec b/glibc.spec index 1266639..ec78b58 100644 --- a/glibc.spec +++ b/glibc.spec @@ -157,7 +157,7 @@ end \ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 182%{?dist} +Release: 183%{?dist} # In general, GPLv2+ is used by programs, LGPLv2+ is used for # libraries. @@ -1158,6 +1158,14 @@ Patch850: glibc-RHEL-80538-1.patch Patch851: glibc-RHEL-80538-2.patch Patch852: glibc-RHEL-80538-3.patch Patch853: glibc-RHEL-80538-4.patch +Patch854: glibc-RHEL-44920-1.patch +Patch855: glibc-RHEL-44920-2.patch +Patch856: glibc-RHEL-44920-3.patch +Patch857: glibc-RHEL-44920-4.patch +Patch858: glibc-RHEL-44920-5.patch +Patch859: glibc-RHEL-44920-6.patch +Patch860: glibc-RHEL-44920-7.patch +Patch861: glibc-RHEL-44920-8.patch ############################################################################## # Continued list of core "glibc" package information: @@ -3151,6 +3159,9 @@ update_gconv_modules_cache () %endif %changelog +* Mon Mar 31 2025 Frédéric Bérat - 2.34-183 +- Fortify inet_ntop and inet_pton (RHEL-44920) + * Thu Mar 27 2025 Arjun Shankar - 2.34-182 - Improve printf fortification against %n in writeable memory (RHEL-80538)