Index: include/secure/Makefile
===================================================================
--- include/secure/Makefile
+++ include/secure/Makefile
@@ -1,6 +1,6 @@
 # $FreeBSD$
 
-INCS= security.h _poll.h
+INCS= security.h _poll.h _socket.h
 INCSDIR= ${INCLUDEDIR}/secure
 
 .include <bsd.prog.mk>
Index: include/secure/_socket.h
===================================================================
--- /dev/null
+++ include/secure/_socket.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9 
+ *
+ * $FreeBSD$
+ */
+
+
+#ifndef _SYS_SOCKET_H_
+#error "You should not use <secure/_socket.h> directly; include <sys/socket.h> instead."
+#endif
+
+#ifndef _SECURE_SOCKET_H_
+#define _SECURE_SOCKET_H_
+
+#include <sys/_null.h>
+#include <secure/security.h>
+
+__BEGIN_DECLS
+
+extern ssize_t	__recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict);
+extern ssize_t	__recvfrom_real(int, void *, size_t, int, const struct sockaddr *, socklen_t *) __RENAME(recvfrom);
+__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer");
+
+#ifdef __BSD_FORTIFY
+
+__FORTIFY_INLINE ssize_t
+recvfrom(int _s, void *_buf, size_t _len, int _flags, struct sockaddr * __restrict _from, socklen_t * __restrict _fromlen)
+{
+	size_t _bos = __bos0(_buf);
+
+#ifndef __clang__
+	if (_bos == __FORTIFY_UNKNOWN_SIZE)
+		return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen));
+
+	if (__builtin_constant_p(_len) && (_len <= _bos))
+		return (__recvfrom_real(_s, _buf, _len, _flags, _from, _fromlen));
+
+	if (__builtin_constant_p(_len) && (_len > _bos))
+		__recvfrom_error();
+#endif
+
+	return (__recvfrom_chk(_s, _buf, _len, _bos, _flags, _from, _fromlen));
+}
+
+
+__FORTIFY_INLINE ssize_t
+recv(int _s, void *_buf, size_t _len, int _flags)
+{
+
+	return recvfrom(_s, _buf, _len, _flags, NULL, 0);
+}
+
+#endif /* !__BSD_FORTIFY */
+
+__END_DECLS
+
+#endif /* !_SECURE_SOCKET_H */
Index: lib/libc/secure/Makefile.inc
===================================================================
--- lib/libc/secure/Makefile.inc
+++ lib/libc/secure/Makefile.inc
@@ -17,6 +17,7 @@
 # Sources which contains FORTIFY_SOURCE functions,
 # but live in .h files under sys/sys
 SRCS+=	\
-	__poll_chk.c
+	__poll_chk.c \
+	__recvfrom_chk.c
 
 SYM_MAPS+=    ${LIBC_SRCTOP}/secure/Symbol.map
Index: lib/libc/secure/Symbol.map
===================================================================
--- lib/libc/secure/Symbol.map
+++ lib/libc/secure/Symbol.map
@@ -21,6 +21,7 @@
 	__fortify_chk_fail;
 	__poll_chk;
 	__ppoll_chk;
+	__recvfrom_chk;
 	__secure_fail;
 };
 
Index: lib/libc/secure/__recvfrom_chk.c
===================================================================
--- /dev/null
+++ lib/libc/secure/__recvfrom_chk.c
@@ -0,0 +1,53 @@
+/*-
+ * Copyright (C) 2013 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * bionic rev: a8993c994e45ec2dc00dcef15910560e22d67be9
+ *
+ * $FreeBSD$
+ */
+
+#undef _FORTIFY_SOURCE
+
+#include <sys/cdefs.h>
+#include <sys/socket.h>
+#include <secure/security.h>
+#include "secure/_socket.h"
+
+ssize_t 
+__recvfrom_chk(int s, void *buf, size_t len, size_t bos,
+    int flags, struct sockaddr * __restrict from,
+    socklen_t * __restrict fromlen)
+{
+
+	if (__predict_false(bos == __FORTIFY_UNKNOWN_SIZE))
+		return (recvfrom(s, buf, len, flags, from, fromlen));
+
+	if (__predict_false(len > bos))
+		__fortify_chk_fail("recvfrom: prevented write past end of buffer");
+
+	return (recvfrom(s, buf, len, flags, from, fromlen));
+}
Index: sys/sys/socket.h
===================================================================
--- sys/sys/socket.h
+++ sys/sys/socket.h
@@ -630,6 +630,10 @@
 int	socketpair(int, int, int, int *);
 __END_DECLS
 
+#ifdef __BSD_FORTIFY
+#include <secure/_socket.h>
+#endif
+
 #endif /* !_KERNEL */
 
 #ifdef _KERNEL