From 4289b00d4393f490515527864cf09093f4f8c2c4 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu, 8 Feb 2024 15:46:18 -0300
Subject: socket: Improve fortify with clang

It improve fortify checks recv, recvfrom, poll, and ppoll.  The compile
and runtime hecks have similar coverage as with GCC.

Checked on aarch64, armhf, x86_64, and i686.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
---
 socket/bits/socket2.h | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'socket')

diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h
index a88cb64370..04780f320e 100644
--- a/socket/bits/socket2.h
+++ b/socket/bits/socket2.h
@@ -30,14 +30,20 @@ extern ssize_t __REDIRECT (__recv_chk_warn,
      __warnattr ("recv called with bigger length than size of destination "
 		 "buffer");
 
-__fortify_function ssize_t
-recv (int __fd, void *__buf, size_t __n, int __flags)
+__fortify_function __attribute_overloadable__ ssize_t
+recv (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __n,
+      int __flags)
+     __fortify_clang_warning_only_if_bos0_lt (__n, __buf,
+					      "recv called with bigger length than "
+					      "size of destination buffer")
 {
   size_t sz = __glibc_objsize0 (__buf);
   if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
     return __recv_alias (__fd, __buf, __n, __flags);
+#if !__fortify_use_clang
   if (__glibc_unsafe_len (__n, sizeof (char), sz))
     return __recv_chk_warn (__fd, __buf, __n, sz, __flags);
+#endif
   return __recv_chk (__fd, __buf, __n, sz, __flags);
 }
 
@@ -57,15 +63,21 @@ extern ssize_t __REDIRECT (__recvfrom_chk_warn,
      __warnattr ("recvfrom called with bigger length than size of "
 		 "destination buffer");
 
-__fortify_function ssize_t
-recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags,
+__fortify_function __attribute_overloadable__ ssize_t
+recvfrom (int __fd, __fortify_clang_overload_arg0 (void *, __restrict, __buf),
+	  size_t __n, int __flags,
 	  __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len)
+     __fortify_clang_warning_only_if_bos0_lt (__n, __buf,
+					      "recvfrom called with bigger length "
+					      "than size of destination buffer")
 {
   size_t sz = __glibc_objsize0 (__buf);
   if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
     return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
+#if !__fortify_use_clang
   if (__glibc_unsafe_len (__n, sizeof (char), sz))
     return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr,
 				__addr_len);
+#endif
   return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len);
 }
-- 
cgit 1.4.1