From: paco <paco@voltanet.io>
Date: Fri, 22 Jun 2018 13:41:35 +0000 (+0200)
Subject: ripd: out-of-bounds read (Coverity 1399295)
X-Git-Tag: frr-6.1-dev~254^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=0961ea934fa28621528ca1f68ad706081fd6801b;p=matthieu%2Ffrr.git

ripd: out-of-bounds read (Coverity 1399295)

Signed-off-by: F. Aragon <paco@voltanet.io>
---

diff --git a/ripd/ripd.c b/ripd/ripd.c
index 92c27106d5..90dc7808eb 100644
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -799,11 +799,11 @@ static int rip_auth_simple_password(struct rte *rte, struct sockaddr_in *from,
 				    struct interface *ifp)
 {
 	struct rip_interface *ri;
-	char *auth_str = (char *)&rte->prefix;
+	char *auth_str = (char *)rte + offsetof(struct rte, prefix);
 	int i;
 
 	/* reject passwords with zeros in the middle of the string */
-	for (i = strlen(auth_str); i < 16; i++) {
+	for (i = strnlen(auth_str, 16); i < 16; i++) {
 		if (auth_str[i] != '\0')
 			return 0;
 	}