[gnutls-devel] GnuTLS | Use gnutls_strdup() in library code (!742)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Sep 17 08:14:25 CEST 2018

> Well, `_gnutls_resolve_priorities()` is only used in tests/system-prio-file.c and not meant as a public function. That function can also be directly reached/tested through `gnutls_priority_init()`. Am I wrong ?
If that is possible, we don't have to expose `_gnutls_resolve_priorities()` at all.

The reason of it being exported (as internal symbol), is for unit testing. It is not available to applications.

> Also, instead of strdup() we can use gnutls_strdup(). Regarding `getline()`: the use of this function _may_ cause issues since you can't limit the length of the input. It may be reasonable to limit the input (whatever makes sense here, 1k, 4k, 32k ?). Doing so we can use gnutls_free().

I'm not sure if there is really a concern here (loading the system-wide config), but that could indeed be a way to use `gnutls_free` here.

> And then... the issue with free() vs. gnutls_free() occurs on Windows only (AFAIK). Since Windows doesn't provide getline(), it will be taken from gnulib and thus the code is inside the gnutls DLL. And that allows calling gnutls_free().

That would not be the case if the application has replaced the allocation functions. The original/historical reason for `gnutls_free` and `gnutls_malloc` was so that applications could (in theory) override them. Today is mostly windows and leaving the possibility open to moving to another allocator in the future (e.g., talloc).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/742#note_101731985
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180917/31d8a3ae/attachment-0001.html>

More information about the Gnutls-devel mailing list