It's clearly a bug, since the code asks for trouble by requesting to read more data than it actually should. In that case the code has to do:
new_key_name = malloc(strlen(key_name)+dkh->keynamelen+1); strcpy(new_key_name, key_name);
Well, these two lines are EXACTLY what the strndup code does :-)
Lionel