319 lines
11 KiB
Diff
319 lines
11 KiB
Diff
Partial backport (without ABI changes, using libc_nonshared.a instead)
|
|
of:
|
|
|
|
commit 090dfa40a5e46f7c0e4d6e8369bcbbd51267625f
|
|
Author: Frédéric Bérat <fberat@redhat.com>
|
|
Date: Fri Mar 7 18:16:30 2025 +0100
|
|
|
|
Add _FORTIFY_SOURCE support for inet_ntop
|
|
|
|
- Create the __inet_ntop_chk routine that verifies that the builtin size
|
|
of the destination buffer is at least as big as the size given by the
|
|
user.
|
|
- Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn
|
|
- Update the abilist (Dropped) for this new routine
|
|
- Update the manual to mention the new fortification
|
|
|
|
Reviewed-by: Florian Weimer <fweimer@redhat.com>
|
|
|
|
Conflicts:
|
|
debug/inet_ntop_chk.c
|
|
(attribute_hidden added, use inet_ntop instead of __inet_ntop)
|
|
debug/Makefile
|
|
(Routine added to static-only-routines)
|
|
debug/Versions
|
|
(Dropped)
|
|
inet/bits/inet-fortified.h
|
|
(removed attribute_overloadable and clang specific handling)
|
|
sysdeps/mach/hurd/i386/libc.abilist
|
|
sysdeps/mach/hurd/x86_64/libc.abilist
|
|
sysdeps/unix/sysv/linux/aarch64/libc.abilist
|
|
sysdeps/unix/sysv/linux/alpha/libc.abilist
|
|
sysdeps/unix/sysv/linux/arc/libc.abilist
|
|
sysdeps/unix/sysv/linux/arm/be/libc.abilist
|
|
sysdeps/unix/sysv/linux/arm/le/libc.abilist
|
|
sysdeps/unix/sysv/linux/csky/libc.abilist
|
|
sysdeps/unix/sysv/linux/hppa/libc.abilist
|
|
sysdeps/unix/sysv/linux/i386/libc.abilist
|
|
sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist
|
|
sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist
|
|
sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist
|
|
sysdeps/unix/sysv/linux/microblaze/be/libc.abilist
|
|
sysdeps/unix/sysv/linux/microblaze/le/libc.abilist
|
|
sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist
|
|
sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist
|
|
sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist
|
|
sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist
|
|
sysdeps/unix/sysv/linux/or1k/libc.abilist
|
|
sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist
|
|
sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist
|
|
sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist
|
|
sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist
|
|
sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist
|
|
sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist
|
|
sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist
|
|
sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist
|
|
sysdeps/unix/sysv/linux/sh/be/libc.abilist
|
|
sysdeps/unix/sysv/linux/sh/le/libc.abilist
|
|
sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist
|
|
sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist
|
|
sysdeps/unix/sysv/linux/x86_64/64/libc.abilist
|
|
sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist
|
|
(Dropped)
|
|
|
|
diff --git a/debug/Makefile b/debug/Makefile
|
|
index 76c311d2845df9c1..db9a400711a2ce91 100644
|
|
--- a/debug/Makefile
|
|
+++ b/debug/Makefile
|
|
@@ -119,7 +119,10 @@ routines = \
|
|
wmemset_chk \
|
|
wprintf_chk \
|
|
# routines
|
|
-static-only-routines := stack_chk_fail_local
|
|
+static-only-routines := \
|
|
+ inet_ntop_chk \
|
|
+ stack_chk_fail_local \
|
|
+ # static-only-routines
|
|
|
|
# Don't add stack_chk_fail_local.o to libc.a since __stack_chk_fail_local
|
|
# is an alias of __stack_chk_fail in stack_chk_fail.o.
|
|
diff --git a/debug/inet_ntop_chk.c b/debug/inet_ntop_chk.c
|
|
new file mode 100644
|
|
index 0000000000000000..8a3994dd3fc9bfe4
|
|
--- /dev/null
|
|
+++ b/debug/inet_ntop_chk.c
|
|
@@ -0,0 +1,31 @@
|
|
+/* Copyright (C) 2025 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <https://www.gnu.org/licenses/>. */
|
|
+
|
|
+#include <arpa/inet.h>
|
|
+#include <stdio.h>
|
|
+
|
|
+attribute_hidden
|
|
+const char *
|
|
+__inet_ntop_chk (int af, const void *src, char *dst,
|
|
+ socklen_t size, size_t dst_size)
|
|
+{
|
|
+ if (size > dst_size)
|
|
+ __chk_fail ();
|
|
+
|
|
+ return inet_ntop (af, src, dst, size);
|
|
+}
|
|
+libc_hidden_def (__inet_ntop_chk)
|
|
diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c
|
|
index ae738ff10a305575..f9b97531749d363b 100644
|
|
--- a/debug/tst-fortify.c
|
|
+++ b/debug/tst-fortify.c
|
|
@@ -23,6 +23,7 @@
|
|
|
|
#include <assert.h>
|
|
#include <fcntl.h>
|
|
+#include <arpa/inet.h>
|
|
#include <limits.h>
|
|
#include <locale.h>
|
|
#include <obstack.h>
|
|
@@ -1832,6 +1833,26 @@ do_test (void)
|
|
# endif
|
|
#endif
|
|
|
|
+ struct in6_addr addr6 = {};
|
|
+ struct in_addr addr = {};
|
|
+ char addrstr6[INET6_ADDRSTRLEN];
|
|
+ char addrstr[INET_ADDRSTRLEN];
|
|
+
|
|
+ if (inet_ntop (AF_INET6, &addr6, addrstr6, sizeof (addrstr6)) == NULL)
|
|
+ FAIL ();
|
|
+ if (inet_ntop (AF_INET, &addr, addrstr, sizeof (addrstr)) == NULL)
|
|
+ FAIL ();
|
|
+
|
|
+#if __USE_FORTIFY_LEVEL >= 1
|
|
+ CHK_FAIL_START
|
|
+ inet_ntop (AF_INET6, &addr6, buf, INET6_ADDRSTRLEN);
|
|
+ CHK_FAIL_END
|
|
+
|
|
+ CHK_FAIL_START
|
|
+ inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN);
|
|
+ CHK_FAIL_END
|
|
+#endif
|
|
+
|
|
return ret;
|
|
}
|
|
|
|
diff --git a/include/arpa/inet.h b/include/arpa/inet.h
|
|
index d9e55a3c7f2db9f2..a02892f48a27454e 100644
|
|
--- a/include/arpa/inet.h
|
|
+++ b/include/arpa/inet.h
|
|
@@ -3,12 +3,18 @@
|
|
#include <inet/arpa/inet.h>
|
|
|
|
#ifndef _ISOMAC
|
|
+/* Declare functions with security checks.
|
|
+ This needs to be included unconditionally as these definition are needed even
|
|
+ when fortification is disabled in inet/arpa/inet.h. */
|
|
+#include <bits/inet-fortified-decl.h>
|
|
+
|
|
/* Variant of inet_aton which rejects trailing garbage. */
|
|
extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
|
|
libc_hidden_proto (__inet_aton_exact)
|
|
|
|
extern __typeof (inet_ntop) __inet_ntop;
|
|
libc_hidden_proto (__inet_ntop)
|
|
+libc_hidden_proto (__inet_ntop_chk)
|
|
|
|
libc_hidden_proto (inet_pton)
|
|
extern __typeof (inet_pton) __inet_pton;
|
|
diff --git a/include/bits/inet-fortified-decl.h b/include/bits/inet-fortified-decl.h
|
|
new file mode 100644
|
|
index 0000000000000000..e6ad4d4663c61a0d
|
|
--- /dev/null
|
|
+++ b/include/bits/inet-fortified-decl.h
|
|
@@ -0,0 +1 @@
|
|
+#include <inet/bits/inet-fortified-decl.h>
|
|
diff --git a/include/bits/inet-fortified.h b/include/bits/inet-fortified.h
|
|
new file mode 100644
|
|
index 0000000000000000..abba7c57014c2a23
|
|
--- /dev/null
|
|
+++ b/include/bits/inet-fortified.h
|
|
@@ -0,0 +1 @@
|
|
+#include <inet/bits/inet-fortified.h>
|
|
diff --git a/inet/Makefile b/inet/Makefile
|
|
index cb97b45f0f9d223f..01208235c4f800bb 100644
|
|
--- a/inet/Makefile
|
|
+++ b/inet/Makefile
|
|
@@ -25,6 +25,8 @@ include ../Makeconfig
|
|
headers := \
|
|
$(wildcard arpa/*.h protocols/*.h) \
|
|
bits/in.h \
|
|
+ bits/inet-fortified-decl.h \
|
|
+ bits/inet-fortified.h \
|
|
ifaddrs.h \
|
|
netinet/ether.h \
|
|
netinet/icmp6.h \
|
|
diff --git a/inet/arpa/inet.h b/inet/arpa/inet.h
|
|
index c005340a8004dcaf..2b8eac147280306e 100644
|
|
--- a/inet/arpa/inet.h
|
|
+++ b/inet/arpa/inet.h
|
|
@@ -101,6 +101,11 @@ extern char *inet_nsap_ntoa (int __len, const unsigned char *__cp,
|
|
char *__buf) __THROW;
|
|
#endif
|
|
|
|
+#if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function
|
|
+/* Include functions with security checks. */
|
|
+# include <bits/inet-fortified.h>
|
|
+#endif
|
|
+
|
|
__END_DECLS
|
|
|
|
#endif /* arpa/inet.h */
|
|
diff --git a/inet/bits/inet-fortified-decl.h b/inet/bits/inet-fortified-decl.h
|
|
new file mode 100644
|
|
index 0000000000000000..23e3cf4b2238c81a
|
|
--- /dev/null
|
|
+++ b/inet/bits/inet-fortified-decl.h
|
|
@@ -0,0 +1,35 @@
|
|
+/* Declarations of checking macros for inet functions.
|
|
+ Copyright (C) 2025 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <https://www.gnu.org/licenses/>. */
|
|
+
|
|
+#ifndef _BITS_INET_FORTIFIED_DEC_H
|
|
+#define _BITS_INET_FORTIFIED_DEC_H 1
|
|
+
|
|
+#ifndef _ARPA_INET_H
|
|
+# error "Never include <bits/inet-fortified-decl.h> directly; use <arpa/inet.h> instead."
|
|
+#endif
|
|
+
|
|
+extern const char *__inet_ntop_chk (int, const void *, char *, socklen_t, size_t);
|
|
+
|
|
+extern const char *__REDIRECT_FORTIFY_NTH (__inet_ntop_alias,
|
|
+ (int, const void *, char *, socklen_t), inet_ntop);
|
|
+extern const char *__REDIRECT_NTH (__inet_ntop_chk_warn,
|
|
+ (int, const void *, char *, socklen_t, size_t), __inet_ntop_chk)
|
|
+ __warnattr ("inet_ntop called with bigger length than "
|
|
+ "size of destination buffer");
|
|
+
|
|
+#endif /* bits/inet-fortified-decl.h. */
|
|
diff --git a/inet/bits/inet-fortified.h b/inet/bits/inet-fortified.h
|
|
new file mode 100644
|
|
index 0000000000000000..af26f36ef6ae0533
|
|
--- /dev/null
|
|
+++ b/inet/bits/inet-fortified.h
|
|
@@ -0,0 +1,37 @@
|
|
+/* Checking macros for inet functions.
|
|
+ Copyright (C) 2025 Free Software Foundation, Inc.
|
|
+ This file is part of the GNU C Library.
|
|
+
|
|
+ The GNU C Library is free software; you can redistribute it and/or
|
|
+ modify it under the terms of the GNU Lesser General Public
|
|
+ License as published by the Free Software Foundation; either
|
|
+ version 2.1 of the License, or (at your option) any later version.
|
|
+
|
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ Lesser General Public License for more details.
|
|
+
|
|
+ You should have received a copy of the GNU Lesser General Public
|
|
+ License along with the GNU C Library; if not, see
|
|
+ <https://www.gnu.org/licenses/>. */
|
|
+
|
|
+#ifndef _BITS_INET_FORTIFIED_H
|
|
+#define _BITS_INET_FORTIFIED_H 1
|
|
+
|
|
+#ifndef _ARPA_INET_H
|
|
+# error "Never include <bits/inet-fortified.h> directly; use <arpa/inet.h> instead."
|
|
+#endif
|
|
+
|
|
+#include <bits/inet-fortified-decl.h>
|
|
+
|
|
+__fortify_function const char *
|
|
+__NTH (inet_ntop (int __af, const void * __restrict __src,
|
|
+ char *__restrict __dst, socklen_t __dst_size))
|
|
+{
|
|
+ return __glibc_fortify (inet_ntop, __dst_size, sizeof (char),
|
|
+ __glibc_objsize (__dst),
|
|
+ __af, __src, __dst, __dst_size);
|
|
+};
|
|
+
|
|
+#endif /* bits/inet-fortified.h. */
|
|
diff --git a/manual/maint.texi b/manual/maint.texi
|
|
index 04faa222e2bd2fc4..ce6a556c68925b49 100644
|
|
--- a/manual/maint.texi
|
|
+++ b/manual/maint.texi
|
|
@@ -303,6 +303,8 @@ The following functions and macros are fortified in @theglibc{}:
|
|
|
|
@item @code{getwd}
|
|
|
|
+@item @code{inet_ntop}
|
|
+
|
|
@item @code{longjmp}
|
|
|
|
@item @code{mbsnrtowcs}
|