Add _FORTIFY_SOURCE support for inet_ntop

- Create the __inet_ntop_chk routine that verifies that the builtin size
of the destination buffer is at least as big as the size given by the
user.
- Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn
- Update the abilist for this new routine
- Update the manual to mention the new fortification

Reviewed-by: Florian Weimer <fweimer@redhat.com>

3 files changed, 8 insertions, 0 deletions

diff --git a/include/arpa/inet.h b/include/arpa/inet.h
index d9e55a3c7f..a02892f48a 100644
--- a/include/arpa/inet.h
+++ b/include/arpa/inet.h
@@ -3,12 +3,18 @@
 #include <inet/arpa/inet.h>
 
 #ifndef _ISOMAC
+/* Declare functions with security checks.
+   This needs to be included unconditionally as these definition are needed even
+   when fortification is disabled in inet/arpa/inet.h.  */
+#include <bits/inet-fortified-decl.h>
+
 /* Variant of inet_aton which rejects trailing garbage.  */
 extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
 libc_hidden_proto (__inet_aton_exact)
 
 extern __typeof (inet_ntop) __inet_ntop;
 libc_hidden_proto (__inet_ntop)
+libc_hidden_proto (__inet_ntop_chk)
 
 libc_hidden_proto (inet_pton)
 extern __typeof (inet_pton) __inet_pton;
diff --git a/include/bits/inet-fortified-decl.h b/include/bits/inet-fortified-decl.h
new file mode 100644
index 0000000000..e6ad4d4663
--- /dev/null
+++ b/include/bits/inet-fortified-decl.h
@@ -0,0 +1 @@
+#include <inet/bits/inet-fortified-decl.h>
diff --git a/include/bits/inet-fortified.h b/include/bits/inet-fortified.h
new file mode 100644
index 0000000000..abba7c5701
--- /dev/null
+++ b/include/bits/inet-fortified.h
@@ -0,0 +1 @@
+#include <inet/bits/inet-fortified.h>