chpass: reject change/expiry dates beyond y2106

The pwd.db and spwd.db files store the change and expire dates as
unsigned 32-bit ints, which overflow in 2106.  Reject larger values for
now, until the introduction of a v5 password database.

i386 has 32-bit time_t and so dates beyond y2038 are already rejected by
mktime.

PR:		227589
Reviewed by:	lidl
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation

diff --git a/chpass/util.c b/chpass/util.c
index bfece1d4ae1081f59dfd0d99b3d376a1e43b5b51..6b10b684b44639d9d327bb5c7b9ab97a749264da 100644 (file)
--- a/chpass/util.c
+++ b/chpass/util.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 
 #include <ctype.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -136,6 +137,17 @@ bad:               return (1);
        lt->tm_isdst = -1;
        if ((tval = mktime(lt)) < 0)
                return (1);
+#ifndef __i386__
+       /*
+        * PR227589: The pwd.db and spwd.db files store the change and expire
+        * dates as unsigned 32-bit ints which overflow in 2106, so larger
+        * values must be rejected until the introduction of a v5 password
+        * database.  i386 has 32-bit time_t and so dates beyond y2038 are
+        * already rejected by mktime above.
+        */
+       if (tval > UINT32_MAX)
+               return (1);
+#endif
        *store = tval;
        return (0);
 }