Alon Bar-Lev alon.barlev@gmail.com writes:
Isn't this a bug in libc/strdup and not in nettle? This implementation is the same as what expected from strdup.
I agree. Please file a bug report for the C library you're using. strdup is a standard posix function (if not part of the C language standard), and widely used, see https://codesearch.debian.net/search?q=strdup&perpkg=1
As a workaround I would have added CPPFLAGS="-Dstrdup(x) ...." instead of introducing workarounds for libc bugs,
-D'strdup(x)=strcpy(malloc(strlen(x)+1, x))'
might work (since strcpy returns the pointer to the destination string).
However, looking at the code, I believe the allocation of memory is not required... it can be:
The if (hex_salt) {...} block overwrites the salt storage, for in-place hex decoding. I don't quite like overwriting the strings passed in via argv, even if it might be possible. So when I wrote this tool, always allocating a writable copy, and calling free unconditionally, seemed nice and easy,
Regards, /Niels