ripd: fix authentication key length

We were overwriting the last byte of the key when it's exactly 16 bytes. Fixes #8151. Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
author: Igor Ryzhov <iryzhov@nfware.com> 2021-07-26 22:31:41 +0300
committer: Igor Ryzhov <iryzhov@nfware.com> 2021-07-27 11:23:36 +0300
commit: b5b4f44eb30f0271e4df35784fe6c4b125fe349c (patch)
tree: 7a8f699cb0b9f4e12ae063db65bfae6a0ab19994 /ripd/ripd.c
parent: 53d7080980bb4e3bf6ef053673ebc560c5412103 (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/ripd/ripd.c b/ripd/ripd.c
index ccd4bf1bac..3d1427c3b6 100644
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@@ -920,9 +920,11 @@ static int rip_auth_md5(struct rip_packet *packet, struct sockaddr_in *from,
 		if (key == NULL || key->string == NULL)
 			return 0;
 
-		strlcpy(auth_str, key->string, sizeof(auth_str));
+		memcpy(auth_str, key->string,
+		       MIN(sizeof(auth_str), strlen(key->string)));
 	} else if (ri->auth_str)
-		strlcpy(auth_str, ri->auth_str, sizeof(auth_str));
+		memcpy(auth_str, ri->auth_str,
+		       MIN(sizeof(auth_str), strlen(ri->auth_str)));
 
 	if (auth_str[0] == 0)
 		return 0;
@@ -965,9 +967,11 @@ static void rip_auth_prepare_str_send(struct rip_interface *ri, struct key *key,
 
 	memset(auth_str, 0, len);
 	if (key && key->string)
-		strlcpy(auth_str, key->string, len);
+		memcpy(auth_str, key->string,
+		       MIN((size_t)len, strlen(key->string)));
 	else if (ri->auth_str)
-		strlcpy(auth_str, ri->auth_str, len);
+		memcpy(auth_str, ri->auth_str,
+		       MIN((size_t)len, strlen(ri->auth_str)));
 
 	return;
 }
author	Igor Ryzhov <iryzhov@nfware.com>	2021-07-26 22:31:41 +0300
committer	Igor Ryzhov <iryzhov@nfware.com>	2021-07-27 11:23:36 +0300
commit	b5b4f44eb30f0271e4df35784fe6c4b125fe349c (patch)
tree	7a8f699cb0b9f4e12ae063db65bfae6a0ab19994 /ripd/ripd.c
parent	53d7080980bb4e3bf6ef053673ebc560c5412103 (diff)