Add _FORTIFY_SOURCE support for inet_pton

Add function __inet_pton_chk which calls __chk_fail when the size of
argument dst is too small.   inet_pton is redirected to __inet_pton_chk
or __inet_pton_warn when _FORTIFY_SOURCE is > 0.

Also add tests to debug/tst-fortify.c, update the abilist with
__inet_pton_chk and mention inet_pton fortification in maint.texi.

Co-authored-by: Frédéric Bérat <fberat@redhat.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>

debug/Makefile

@@ -56,6 +56,7 @@ routines = \
   gets_chk \
   getwd_chk \
   inet_ntop_chk \
+  inet_pton_chk \
   longjmp_chk \
   mbsnrtowcs_chk \
   mbsrtowcs_chk \

debug/Versions

@@ -66,6 +66,7 @@ libc {
   }
   GLIBC_2.42 {
     __inet_ntop_chk;
+    __inet_pton_chk;
   }
   GLIBC_PRIVATE {
     __fortify_fail;

debug/inet_pton_chk.c

@@ -0,0 +1,30 @@
+/* Copyright (C) 2025 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <arpa/inet.h>
+#include <stdio.h>
+
+int
+__inet_pton_chk (int af, const char *src, void *dst, size_t dst_size)
+{
+  if ((af == AF_INET && dst_size < 4)
+      || (af == AF_INET6 && dst_size < 16))
+    __chk_fail ();
+
+  return __inet_pton (af, src, dst);
+}
+libc_hidden_def (__inet_pton_chk)

debug/tst-fortify.c

@@ -1853,6 +1853,30 @@ do_test (void)
   CHK_FAIL_END
 #endif
 
+  const char *ipv4str = "127.0.0.1";
+  const char *ipv6str = "::1";
+
+  if (inet_pton (AF_INET, ipv4str, (void *) &addr) != 1)
+    FAIL ();
+  if (inet_pton (AF_INET6, ipv6str, (void *) &addr6) != 1)
+    FAIL ();
+
+#if __USE_FORTIFY_LEVEL >= 1
+  char smallbuf[2];
+
+  CHK_FAIL_START
+  inet_pton (AF_INET, ipv4str, (void *) smallbuf);
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  inet_pton (AF_INET6, ipv6str, (void *) smallbuf);
+  CHK_FAIL_END
+
+  CHK_FAIL_START
+  inet_pton (AF_INET6, ipv6str, (void *) &addr);
+  CHK_FAIL_END
+#endif
+
   return ret;
 }
 

include/arpa/inet.h

@@ -19,6 +19,8 @@ libc_hidden_proto (__inet_ntop_chk)
 libc_hidden_proto (inet_pton)
 extern __typeof (inet_pton) __inet_pton;
 libc_hidden_proto (__inet_pton)
+libc_hidden_proto (__inet_pton_chk)
+
 extern __typeof (inet_makeaddr) __inet_makeaddr;
 libc_hidden_proto (__inet_makeaddr)
 libc_hidden_proto (inet_netof)

inet/bits/inet-fortified-decl.h

@@ -32,4 +32,11 @@ extern const char *__REDIRECT_NTH (__inet_ntop_chk_warn,
      __warnattr ("inet_ntop called with bigger length than "
 		 "size of destination buffer");
 
+extern int __inet_pton_chk (int, const char *, void *, size_t);
+
+extern int __REDIRECT_FORTIFY_NTH (__inet_pton_alias,
+				   (int, const char *, void *), inet_pton);
+extern int __REDIRECT_NTH (__inet_pton_chk_warn,
+			   (int, const char *, void *, size_t), __inet_pton_chk)
+     __warnattr ("inet_pton called with a destination buffer size too small");
 #endif /* bits/inet-fortified-decl.h.  */

inet/bits/inet-fortified.h

@@ -38,4 +38,24 @@ __NTH (inet_ntop (int __af,
 			  __af, __src, __dst, __dst_size);
 };
 
+__fortify_function __attribute_overloadable__ int
+__NTH (inet_pton (int __af,
+	   const char *__restrict __src,
+	   __fortify_clang_overload_arg (void *, __restrict, __dst)))
+    __fortify_clang_warning_only_if_bos0_lt
+	(4, __dst, "inet_pton called with destination buffer size less than 4")
+{
+  size_t sz = 0;
+  if (__af == AF_INET)
+    sz = sizeof (struct in_addr);
+  else if (__af == AF_INET6)
+    sz = sizeof (struct in6_addr);
+  else
+    return __inet_pton_alias (__af, __src, __dst);
+
+  return __glibc_fortify (inet_pton, sz, sizeof (char),
+			  __glibc_objsize (__dst),
+			  __af, __src, __dst);
+};
+
 #endif /* bits/inet-fortified.h.  */

manual/maint.texi

@@ -305,6 +305,8 @@ The following functions and macros are fortified in @theglibc{}:
 
 @item @code{inet_ntop}
 
+@item @code{inet_pton}
+
 @item @code{longjmp}
 
 @item @code{mbsnrtowcs}

sysdeps/mach/hurd/i386/libc.abilist

@@ -2585,6 +2585,7 @@ GLIBC_2.41 pthread_mutexattr_setrobust_np F
 GLIBC_2.41 pthread_mutexattr_settype F
 GLIBC_2.41 pthread_sigmask F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_barrier_destroy F
 GLIBC_2.42 pthread_barrier_init F
 GLIBC_2.42 pthread_barrier_wait F

sysdeps/mach/hurd/x86_64/libc.abilist

@@ -2268,6 +2268,7 @@ GLIBC_2.41 pthread_mutexattr_setrobust_np F
 GLIBC_2.41 pthread_mutexattr_settype F
 GLIBC_2.41 pthread_sigmask F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_barrier_destroy F
 GLIBC_2.42 pthread_barrier_init F
 GLIBC_2.42 pthread_barrier_wait F

sysdeps/unix/sysv/linux/aarch64/libc.abilist

@@ -2751,4 +2751,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/alpha/libc.abilist

@@ -3098,6 +3098,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/arc/libc.abilist

@@ -2512,4 +2512,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/arm/be/libc.abilist

@@ -2804,6 +2804,7 @@ GLIBC_2.4 xprt_unregister F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/arm/le/libc.abilist

@@ -2801,6 +2801,7 @@ GLIBC_2.4 xprt_unregister F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/csky/libc.abilist

@@ -2788,4 +2788,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/hppa/libc.abilist

@@ -2825,6 +2825,7 @@ GLIBC_2.41 cacheflush F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/i386/libc.abilist

@@ -3008,6 +3008,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/loongarch/lp64/libc.abilist

@@ -2272,4 +2272,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/m68k/coldfire/libc.abilist

@@ -2784,6 +2784,7 @@ GLIBC_2.4 xprt_unregister F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/m68k/m680x0/libc.abilist

@@ -2951,6 +2951,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/microblaze/be/libc.abilist

@@ -2837,4 +2837,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/microblaze/le/libc.abilist

@@ -2834,4 +2834,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/mips/mips32/fpu/libc.abilist

@@ -2912,6 +2912,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/mips/mips32/nofpu/libc.abilist

@@ -2910,6 +2910,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/mips/mips64/n32/libc.abilist

@@ -2918,6 +2918,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/mips/mips64/n64/libc.abilist

@@ -2820,6 +2820,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/or1k/libc.abilist

@@ -2262,4 +2262,5 @@ GLIBC_2.40 swapcontext F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/powerpc/powerpc32/fpu/libc.abilist

@@ -3141,6 +3141,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/powerpc/powerpc32/nofpu/libc.abilist

@@ -3186,6 +3186,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/powerpc/powerpc64/be/libc.abilist

@@ -2895,6 +2895,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/powerpc/powerpc64/le/libc.abilist

@@ -2971,4 +2971,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/riscv/rv32/libc.abilist

@@ -2515,4 +2515,5 @@ GLIBC_2.40 __riscv_hwprobe F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/riscv/rv64/libc.abilist

@@ -2715,4 +2715,5 @@ GLIBC_2.40 __riscv_hwprobe F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F

sysdeps/unix/sysv/linux/s390/s390-32/libc.abilist

@@ -3139,6 +3139,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/s390/s390-64/libc.abilist

@@ -2932,6 +2932,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/sh/be/libc.abilist

@@ -2831,6 +2831,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/sh/le/libc.abilist

@@ -2828,6 +2828,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/sparc/sparc32/libc.abilist

@@ -3160,6 +3160,7 @@ GLIBC_2.4 wscanf F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/sparc/sparc64/libc.abilist

@@ -2796,6 +2796,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/x86_64/64/libc.abilist

@@ -2747,6 +2747,7 @@ GLIBC_2.4 unshare F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F
 GLIBC_2.5 __readlinkat_chk F
 GLIBC_2.5 inet6_opt_append F

sysdeps/unix/sysv/linux/x86_64/x32/libc.abilist

@@ -2766,4 +2766,5 @@ GLIBC_2.39 stdc_trailing_zeros_us F
 GLIBC_2.41 sched_getattr F
 GLIBC_2.41 sched_setattr F
 GLIBC_2.42 __inet_ntop_chk F
+GLIBC_2.42 __inet_pton_chk F
 GLIBC_2.42 pthread_gettid_np F