Date: Thu, 19 Apr 2018 12:50:49 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r332769 - head/usr.bin/chpass Message-ID: <201804191250.w3JConNX077218@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Thu Apr 19 12:50:49 2018 New Revision: 332769 URL: https://svnweb.freebsd.org/changeset/base/332769 Log: chpass: reject change/expiry dates beyond y2106 The pwd.db and spwd.db files store the change and expire dates as unsigned 32-bit ints, which overflow in 2106. Reject larger values for now, until the introduction of a v5 password database. i386 has 32-bit time_t and so dates beyond y2038 are already rejected by mktime. PR: 227589 Reviewed by: lidl MFC after: 1 week Sponsored by: The FreeBSD Foundation Modified: head/usr.bin/chpass/util.c Modified: head/usr.bin/chpass/util.c ============================================================================== --- head/usr.bin/chpass/util.c Thu Apr 19 10:16:39 2018 (r332768) +++ head/usr.bin/chpass/util.c Thu Apr 19 12:50:49 2018 (r332769) @@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <sys/types.h> #include <ctype.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -136,6 +137,17 @@ bad: return (1); lt->tm_isdst = -1; if ((tval = mktime(lt)) < 0) return (1); +#ifndef __i386__ + /* + * PR227589: The pwd.db and spwd.db files store the change and expire + * dates as unsigned 32-bit ints which overflow in 2106, so larger + * values must be rejected until the introduction of a v5 password + * database. i386 has 32-bit time_t and so dates beyond y2038 are + * already rejected by mktime above. + */ + if (tval > UINT32_MAX) + return (1); +#endif *store = tval; return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804191250.w3JConNX077218>