Add _FORTIFY_SOURCE support for inet_ntop

- Create the __inet_ntop_chk routine that verifies that the builtin size
of the destination buffer is at least as big as the size given by the
user.
- Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn
- Update the abilist for this new routine
- Update the manual to mention the new fortification

Reviewed-by: Florian Weimer <fweimer@redhat.com>

4 files changed, 55 insertions, 0 deletions

diff --git a/debug/Makefile b/debug/Makefile
index 6a05205ce6..905f2bf7e0 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -55,6 +55,7 @@ routines = \
   gethostname_chk \
   gets_chk \
   getwd_chk \
+  inet_ntop_chk \
   longjmp_chk \
   mbsnrtowcs_chk \
   mbsrtowcs_chk \
diff --git a/debug/Versions b/debug/Versions
index 9cf2725992..2ae5747f8d 100644
--- a/debug/Versions
+++ b/debug/Versions
@@ -64,6 +64,9 @@ libc {
     __wcslcat_chk;
     __wcslcpy_chk;
   }
+  GLIBC_2.42 {
+    __inet_ntop_chk;
+  }
   GLIBC_PRIVATE {
     __fortify_fail;
   }
diff --git a/debug/inet_ntop_chk.c b/debug/inet_ntop_chk.c
new file mode 100644
index 0000000000..e1ec600fbb
--- /dev/null
+++ b/debug/inet_ntop_chk.c
@@ -0,0 +1,30 @@
+/* Copyright (C) 2025 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <arpa/inet.h>
+#include <stdio.h>
+
+const char *
+__inet_ntop_chk (int af, const void *src, char *dst,
+		 socklen_t size, size_t dst_size)
+{
+  if (size > dst_size)
+    __chk_fail ();
+
+  return __inet_ntop (af, src, dst, size);
+}
+libc_hidden_def (__inet_ntop_chk)
diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c
index f8ccc2dff5..cd649369d9 100644
--- a/debug/tst-fortify.c
+++ b/debug/tst-fortify.c
@@ -23,6 +23,7 @@
 
 #include <assert.h>
 #include <fcntl.h>
+#include <arpa/inet.h>
 #include <limits.h>
 #include <locale.h>
 #include <obstack.h>
@@ -1832,6 +1833,26 @@ do_test (void)
 # endif
 #endif
 
+  struct in6_addr addr6 = {};
+  struct in_addr addr = {};
+  char addrstr6[INET6_ADDRSTRLEN];
+  char addrstr[INET_ADDRSTRLEN];
+
+  if (inet_ntop (AF_INET6, &addr6, addrstr6, sizeof (addrstr6)) == NULL)
+    FAIL ();
+  if (inet_ntop (AF_INET, &addr, addrstr, sizeof (addrstr)) == NULL)
+    FAIL ();
+
+#if __USE_FORTIFY_LEVEL >= 1
+  CHK_FAIL_START
+  inet_ntop (AF_INET6, &addr6, buf, INET6_ADDRSTRLEN);
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  inet_ntop (AF_INET, &addr, buf, INET_ADDRSTRLEN);
+  CHK_FAIL_END
+#endif
+
   return ret;
 }