ripd: out-of-bounds read (Coverity 1399295)

Signed-off-by: F. Aragon <paco@voltanet.io>

diff --git a/ripd/ripd.c b/ripd/ripd.c
index 92c27106d583be85b09f9ba645e354e5b9408026..90dc7808ebb802be538ff46dcada1e10a4185cec 100644 (file)
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -799,11 +799,11 @@ static int rip_auth_simple_password(struct rte *rte, struct sockaddr_in *from,
                                    struct interface *ifp)
 {
        struct rip_interface *ri;
-       char *auth_str = (char *)&rte->prefix;
+       char *auth_str = (char *)rte + offsetof(struct rte, prefix);
        int i;
 
        /* reject passwords with zeros in the middle of the string */
-       for (i = strlen(auth_str); i < 16; i++) {
+       for (i = strnlen(auth_str, 16); i < 16; i++) {
                if (auth_str[i] != '\0')
                        return 0;
        }