Add _FORTIFY_SOURCE support for inet_pton

Add function __inet_pton_chk which calls __chk_fail when the size of
argument dst is too small.   inet_pton is redirected to __inet_pton_chk
or __inet_pton_warn when _FORTIFY_SOURCE is > 0.

Also add tests to debug/tst-fortify.c, update the abilist with
__inet_pton_chk and mention inet_pton fortification in maint.texi.

Co-authored-by: Frédéric Bérat <fberat@redhat.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>

4 files changed, 56 insertions, 0 deletions

diff --git a/debug/Makefile b/debug/Makefile
index 2484580cd2..40201844b3 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -56,6 +56,7 @@ routines = \
   gets_chk \
   getwd_chk \
   inet_ntop_chk \
+  inet_pton_chk \
   longjmp_chk \
   mbsnrtowcs_chk \
   mbsrtowcs_chk \
diff --git a/debug/Versions b/debug/Versions
index 2ae5747f8d..6b9ec1eb46 100644
--- a/debug/Versions
+++ b/debug/Versions
@@ -66,6 +66,7 @@ libc {
   }
   GLIBC_2.42 {
     __inet_ntop_chk;
+    __inet_pton_chk;
   }
   GLIBC_PRIVATE {
     __fortify_fail;
diff --git a/debug/inet_pton_chk.c b/debug/inet_pton_chk.c
new file mode 100644
index 0000000000..965cf5e116
--- /dev/null
+++ b/debug/inet_pton_chk.c
@@ -0,0 +1,30 @@
+/* Copyright (C) 2025 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <arpa/inet.h>
+#include <stdio.h>
+
+int
+__inet_pton_chk (int af, const char *src, void *dst, size_t dst_size)
+{
+  if ((af == AF_INET && dst_size < 4)
+      || (af == AF_INET6 && dst_size < 16))
+    __chk_fail ();
+
+  return __inet_pton (af, src, dst);
+}
+libc_hidden_def (__inet_pton_chk)
diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c
index cd649369d9..c4c28e6e13 100644
--- a/debug/tst-fortify.c
+++ b/debug/tst-fortify.c
@@ -1853,6 +1853,30 @@ do_test (void)
   CHK_FAIL_END
 #endif
 
+  const char *ipv4str = "127.0.0.1";
+  const char *ipv6str = "::1";
+
+  if (inet_pton (AF_INET, ipv4str, (void *) &addr) != 1)
+    FAIL ();
+  if (inet_pton (AF_INET6, ipv6str, (void *) &addr6) != 1)
+    FAIL ();
+
+#if __USE_FORTIFY_LEVEL >= 1
+  char smallbuf[2];
+
+  CHK_FAIL_START
+  inet_pton (AF_INET, ipv4str, (void *) smallbuf);
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  inet_pton (AF_INET6, ipv6str, (void *) smallbuf);
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  inet_pton (AF_INET6, ipv6str, (void *) &addr);
+  CHK_FAIL_END
+#endif
+
   return ret;
 }