chpass: reject change/expiry dates beyond y2106

The pwd.db and spwd.db files store the change and expire dates as
unsigned 32-bit ints, which overflow in 2106.  Reject larger values for
now, until the introduction of a v5 password database.

i386 has 32-bit time_t and so dates beyond y2038 are already rejected by
mktime.

PR:		227589
Reviewed by:	lidl
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation

1 files changed, 12 insertions, 0 deletions

diff --git a/chpass/util.c b/chpass/util.c
index bfece1d..6b10b68 100644
--- a/chpass/util.c
+++ b/chpass/util.c
@@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 
 #include <ctype.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -136,6 +137,17 @@ bad:		return (1);
 	lt->tm_isdst = -1;
 	if ((tval = mktime(lt)) < 0)
 		return (1);
+#ifndef __i386__
+	/*
+	 * PR227589: The pwd.db and spwd.db files store the change and expire
+	 * dates as unsigned 32-bit ints which overflow in 2106, so larger
+	 * values must be rejected until the introduction of a v5 password
+	 * database.  i386 has 32-bit time_t and so dates beyond y2038 are
+	 * already rejected by mktime above.
+	 */
+	if (tval > UINT32_MAX)
+		return (1);
+#endif
 	*store = tval;
 	return (0);
 }