From 4cf3f6fda4106306baf1f5c503e8869d28187047 Mon Sep 17 00:00:00 2001 From: claudio Date: Tue, 7 Nov 2023 11:29:05 +0000 Subject: [PATCH] iface->auth_key is not a real C string so use strnlen() to define the maximum. This fixes the use of 8 char passwords with auth simple. Reported by Laurent CARON (lcaron at unix-scripts info) OK tb@ --- usr.sbin/ospfd/auth.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/ospfd/auth.c b/usr.sbin/ospfd/auth.c index 8db5b61096f..12bfa5adde9 100644 --- a/usr.sbin/ospfd/auth.c +++ b/usr.sbin/ospfd/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.22 2023/07/03 09:40:47 claudio Exp $ */ +/* $OpenBSD: auth.c,v 1.23 2023/11/07 11:29:05 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Esben Norby @@ -166,7 +166,8 @@ auth_gen(struct ibuf *buf, struct iface *iface) fatalx("auth_gen: ibuf_set failed"); if (ibuf_set(buf, offsetof(struct ospf_hdr, auth_key), - iface->auth_key, strlen(iface->auth_key)) == -1) + iface->auth_key, strnlen(iface->auth_key, + sizeof(iface->auth_key))) == -1) fatalx("auth_gen: ibuf_set failed"); break; case AUTH_CRYPT: -- 2.20.1