From 0961ea934fa28621528ca1f68ad706081fd6801b Mon Sep 17 00:00:00 2001
From: paco <paco@voltanet.io>
Date: Fri, 22 Jun 2018 15:41:35 +0200
Subject: [PATCH] ripd: out-of-bounds read (Coverity 1399295)

Signed-off-by: F. Aragon <paco@voltanet.io>
---
 ripd/ripd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ripd/ripd.c b/ripd/ripd.c
index 92c27106d5..90dc7808eb 100644
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -799,11 +799,11 @@ static int rip_auth_simple_password(struct rte *rte, struct sockaddr_in *from,
 				    struct interface *ifp)
 {
 	struct rip_interface *ri;
-	char *auth_str = (char *)&rte->prefix;
+	char *auth_str = (char *)rte + offsetof(struct rte, prefix);
 	int i;
 
 	/* reject passwords with zeros in the middle of the string */
-	for (i = strlen(auth_str); i < 16; i++) {
+	for (i = strnlen(auth_str, 16); i < 16; i++) {
 		if (auth_str[i] != '\0')
 			return 0;
 	}
-- 
2.39.5