The wrong address is being rewritten in the buffer overflow return address, but it still works

I am trying to do a buffer overflow, and here is my code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>


int check_authentication(char *password) {

   char password_buffer[16];
   int auth_flag = 0;
   strcpy(password_buffer, password);
   if(strcmp(password_buffer, "brillig") == 0)
     auth_flag = 1;
   if(strcmp(password_buffer, "outgrabe") == 0)
     auth_flag = 1;

   return auth_flag; 

}




int main(int argc, char *argv[]) {

   if(argc < 2) {
      printf("Usage: %s <password>\n", argv[0]);
      exit(0);
    }
    if(check_authentication(argv[1])) {
      printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
      printf(" Access Granted.\n");
      printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
    } 

    else {
      printf("\nAccess Denied.\n");
    }
}

The provided password from the command line will be compared with "brilling" and "outgrabe", if user input matches any of them, access will be granted if it is not denied. As I know, if the password exceeds 16, the address will be rewritten, but if you enter “A” 17 it will not be rewritten. Instead, auth_flag is overwritten and is 65 (0x41 in hexadecimal, which is A). I cannot understand why the variable is being rewritten instead of the return address. I am compiling with this

gcc -fno-stack-protector -z execstack -g -o test test.c

Hope you guys can help. Thank.