iface->auth_key is not a real C string so use strnlen() to define the maximum.

This fixes the use of 8 char passwords with auth simple.
Reported by Laurent CARON (lcaron at unix-scripts info)
OK tb@

diff --git a/usr.sbin/ospfd/auth.c b/usr.sbin/ospfd/auth.c
index 8db5b61..12bfa5a 100644 (file)
--- a/usr.sbin/ospfd/auth.c
+++ b/usr.sbin/ospfd/auth.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: auth.c,v 1.22 2023/07/03 09:40:47 claudio Exp $ */
+/*     $OpenBSD: auth.c,v 1.23 2023/11/07 11:29:05 claudio Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
@@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface *iface)
                        fatalx("auth_gen: ibuf_set failed");
 
                if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key),
-                   iface->auth_key, strlen(iface->auth_key)) == -1)
+                   iface->auth_key, strnlen(iface->auth_key,
+                   sizeof(iface->auth_key))) == -1)
                        fatalx("auth_gen: ibuf_set failed");
                break;
        case AUTH_CRYPT: