Alon Bar-Lev <alon.bar...@gmail.com> writes: > Isn't this a bug in libc/strdup and not in nettle? This implementation > is the same as what expected from strdup.
I agree. Please file a bug report for the C library you're using. strdup is a standard posix function (if not part of the C language standard), and widely used, see https://codesearch.debian.net/search?q=strdup&perpkg=1 > As a workaround I would have added CPPFLAGS="-Dstrdup(x) ...." instead > of introducing workarounds for libc bugs, -D'strdup(x)=strcpy(malloc(strlen(x)+1, x))' might work (since strcpy returns the pointer to the destination string). > However, looking at the code, I believe the allocation of memory is > not required... it can be: The if (hex_salt) {...} block overwrites the salt storage, for in-place hex decoding. I don't quite like overwriting the strings passed in via argv, even if it might be possible. So when I wrote this tool, always allocating a writable copy, and calling free unconditionally, seemed nice and easy, Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
