commit 95b59c520b24aabcdc63b93a3f1eaf73e57a3afe
author Daniel Micay <danielmicay@gmail.com> Mon Feb 13 17:27:59 2017 -0800
committer George Burgess IV <gbiv@google.com> Tue Feb 14 15:50:28 2017 -0800
tree 76e43d9ec4f387c5774508c9e6c9d728a21c8052
parent 9fc52deab1c6bec6a37860242eafe1ae4c205e44

add fortified implementations of send/sendto

Bug: None
Test: Bullhead builds+boots; CtsBionicTestCases passes.
Change-Id: I2f137a100f679f7f2145d84b2f29ddd3e96a36ae

libc/include/sys/socket.h

diff --git a/libc/include/sys/socket.h b/libc/include/sys/socket.h
index 0813423..c87465f 100644
--- a/libc/include/sys/socket.h
+++ b/libc/include/sys/socket.h
@@ -318,18 +318,22 @@
 __socketcall int socketpair(int, int, int, int*);
 
 ssize_t recv(int, void*, size_t, int) __overloadable __RENAME_CLANG(recv);
-ssize_t send(int, const void*, size_t, int);
+ssize_t send(int, const void*, size_t, int) __overloadable __RENAME_CLANG(send);
 
-__socketcall ssize_t sendto(int, const void*, size_t, int, const struct sockaddr*, socklen_t);
+__socketcall ssize_t sendto(int, const void*, size_t, int, const struct sockaddr*, socklen_t)
+        __overloadable __RENAME_CLANG(sendto);
 __socketcall ssize_t recvfrom(int, void*, size_t, int, struct sockaddr*,
         socklen_t*) __overloadable __RENAME_CLANG(recvfrom);
 
+extern ssize_t __sendto_chk(int, const void*, size_t, size_t, int, const struct sockaddr*,
+        socklen_t) __INTRODUCED_IN_FUTURE;
 ssize_t __recvfrom_chk(int, void*, size_t, size_t, int, struct sockaddr*,
         socklen_t*) __INTRODUCED_IN(21);
 
 #if defined(__BIONIC_FORTIFY)
 
 #define __recvfrom_bad_size "recvfrom called with size bigger than buffer"
+#define __sendto_bad_size "sendto called with size bigger than buffer"
 #if defined(__clang__)
 #if __ANDROID_API__ >= __ANDROID_API_N__
 __BIONIC_ERROR_FUNCTION_VISIBILITY
@@ -355,10 +359,45 @@
 }
 #endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
 
+#if __ANDROID_API__ >= __ANDROID_API_N_MR1__
+__BIONIC_ERROR_FUNCTION_VISIBILITY
+ssize_t sendto(int fd, const void* buf, size_t len, int flags,
+               const struct sockaddr* dest_addr, socklen_t addr_len)
+        __overloadable
+        __enable_if(__bos0(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
+                    __bos0(buf) < len, "selected when the buffer is too small")
+        __errorattr(__sendto_bad_size);
+
+__BIONIC_FORTIFY_INLINE
+ssize_t sendto(int fd, const void* const buf __pass_object_size0, size_t len,
+               int flags, const struct sockaddr* dest_addr, socklen_t addr_len)
+      __overloadable {
+  size_t bos = __bos0(buf);
+
+  if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    return __call_bypassing_fortify(sendto)(fd, buf, len, flags, dest_addr,
+              addr_len);
+  }
+
+  return __sendto_chk(fd, buf, len, bos, flags, dest_addr, addr_len);
+}
+
+__BIONIC_ERROR_FUNCTION_VISIBILITY
+ssize_t send(int socket, const void* buf, size_t len, int flags)
+        __overloadable
+        __enable_if(__bos0(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
+                    __bos0(buf) < len, "selected when the buffer is too small")
+        __errorattr("send called with size bigger than buffer");
+#endif /* __ANDROID_API__ >= __ANDROID_API_N_MR1__ */
+
 #else /* defined(__clang__) */
 ssize_t __recvfrom_real(int, void*, size_t, int, struct sockaddr*, socklen_t*) __RENAME(recvfrom);
 __errordecl(__recvfrom_error, __recvfrom_bad_size);
 
+extern ssize_t __sendto_real(int, const void*, size_t, int, const struct sockaddr*, socklen_t)
+        __RENAME(sendto);
+__errordecl(__sendto_error, __sendto_bad_size);
+
 #if __ANDROID_API__ >= __ANDROID_API_N__
 __BIONIC_FORTIFY_INLINE
 ssize_t recvfrom(int fd, void* buf, size_t len, int flags,
@@ -380,8 +419,32 @@
   return __recvfrom_chk(fd, buf, len, bos, flags, src_addr, addr_len);
 }
 #endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
+
+#if __ANDROID_API__ >= __ANDROID_API_N_MR1__
+__BIONIC_FORTIFY_INLINE
+ssize_t sendto(int fd, const void* buf, size_t len, int flags,
+               const struct sockaddr* dest_addr, socklen_t addr_len) {
+  size_t bos = __bos0(buf);
+
+  if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    return __sendto_real(fd, buf, len, flags, dest_addr, addr_len);
+  }
+
+  if (__builtin_constant_p(len) && (len <= bos)) {
+    return __sendto_real(fd, buf, len, flags, dest_addr, addr_len);
+  }
+
+  if (__builtin_constant_p(len) && (len > bos)) {
+    __sendto_error();
+  }
+
+  return __sendto_chk(fd, buf, len, bos, flags, dest_addr, addr_len);
+}
+#endif /* __ANDROID_API__ >= __ANDROID_API_N_MR1__ */
+
 #endif /* defined(__clang__) */
 #undef __recvfrom_bad_size
+#undef __sendto_bad_size
 
 __BIONIC_FORTIFY_INLINE
 ssize_t recv(int socket, void* const buf __pass_object_size0, size_t len,
@@ -389,6 +452,12 @@
   return recvfrom(socket, buf, len, flags, NULL, 0);
 }
 
+__BIONIC_FORTIFY_INLINE
+ssize_t send(int socket, const void* const buf __pass_object_size0, size_t len, int flags)
+        __overloadable {
+  return sendto(socket, buf, len, flags, NULL, 0);
+}
+
 #endif /* __BIONIC_FORTIFY */
 
 #undef __socketcall