chpass: reject change/expiry dates beyond y2106

The pwd.db and spwd.db files store the change and expire dates as unsigned 32-bit ints, which overflow in 2106. Reject larger values for now, until the introduction of a v5 password database. i386 has 32-bit time_t and so dates beyond y2038 are already rejected by mktime. PR: 227589 Reviewed by: lidl MFC after: 1 week Sponsored by: The FreeBSD Foundation
2018-04-19 12:50:49 +00:00 · 2018-04-19 12:50:49 +00:00 · ba85da072b
commit ba85da072b
parent f3f6ecb450
1 changed files with 12 additions and 0 deletions
--- a/usr.bin/chpass/util.c
+++ b/usr.bin/chpass/util.c
@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>

 #include <ctype.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -136,6 +137,17 @@ bad:		return (1);
 	lt->tm_isdst = -1;
 	if ((tval = mktime(lt)) < 0)
 		return (1);
+#ifndef __i386__
+	/*
+	 * PR227589: The pwd.db and spwd.db files store the change and expire
+	 * dates as unsigned 32-bit ints which overflow in 2106, so larger
+	 * values must be rejected until the introduction of a v5 password
+	 * database.  i386 has 32-bit time_t and so dates beyond y2038 are
+	 * already rejected by mktime above.
+	 */
+	if (tval > UINT32_MAX)
+		return (1);
+#endif
 	*store = tval;
 	return (0);
 }