On Fri, Apr 12, 2019 at 6:04 AM <[email protected]> wrote: > > From: Mingli Yu <[email protected]> > > use malloc and strncpy altogether to replace > strdup for salt initialization to fix below > Segmentation fault: > # echo -n passwd| nettle-pbkdf2 -i 1 -l 16 salt > [65534.886509] nettle-pbkdf2[708]: segfault at 1f594260 ip 00007f3332256998 > sp 00007fff60d44410 error 4 in libnettle.so.6.5[7f3332244000+1d00] > [65534.887525] Code: e8 6d db fe ff 44 01 6d 68 48 83 c4 08 5b 5d 41 5c 41 > 5d 41 5e 41 5f c3 66 2e 0f 1f 84 00 00 00 00 00 49 89 dc e9 68 ff f > Segmentation fault > > Signed-off-by: Mingli Yu <[email protected]> > --- > tools/nettle-pbkdf2.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/tools/nettle-pbkdf2.c b/tools/nettle-pbkdf2.c > index fe6528d..6ecb206 100644 > --- a/tools/nettle-pbkdf2.c > +++ b/tools/nettle-pbkdf2.c > @@ -143,7 +143,10 @@ main (int argc, char **argv) > return EXIT_FAILURE; > } > > - salt = strdup (argv[0]); > + salt = malloc (strlen(argv[0]) + 1); > + if (! salt) > + die ("Failed to allocate memory for salt\n"); > + strncpy(salt, argv[0], sizeof(salt) - 1);
Hi, Isn't this a bug in libc/strdup and not in nettle? This implementation is the same as what expected from strdup. As a workaround I would have added CPPFLAGS="-Dstrdup(x) ...." instead of introducing workarounds for libc bugs, and send a patch to the libc, as this may affect more than this single strdup. Even if such workaround is to be added, it should be added using autoconf detection and a stub of _strdup(x) and a #define strdup _strdup if a known issue is detected, again, this should affect al strdup usages. I would add the die statement, but not replace the strdup. salt = strdup(argv[0]); +if (!salt) + die(...) However, looking at the code, I believe the allocation of memory is not required... it can be: - salt = strdup (argv[0]); - salt_length = strlen(argv[0]); + salt = argv[0]; + salt_length = strlen(salt); ... - free (salt); As argv is kept during execution. Regards, Alon _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
