lib/: Saturate addition to avoid overflow
Very large values in /etc/shadow could lead to overflows. Make sure
that these calculations are saturated at LONG_MAX. Since entries are
based on days and not seconds since epoch, saturating won't hurt anyone.
Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 674409e226 ("lib/: Saturate addition to avoid overflow")
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/876>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Tobias Stoeckmann
committed by
Alejandro Colomar
Alejandro Colomar
parent
541d4dde23
commit
dbdda2a48a
12
lib/age.c
12
lib/age.c
@@ -13,12 +13,15 @@
|
|||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include "exitcodes.h"
|
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
#include <grp.h>
|
#include <grp.h>
|
||||||
|
|
||||||
|
#include "adds.h"
|
||||||
|
#include "defines.h"
|
||||||
|
#include "exitcodes.h"
|
||||||
|
#include "prototypes.h"
|
||||||
|
|
||||||
|
|
||||||
#ident "$Id$"
|
#ident "$Id$"
|
||||||
|
|
||||||
#ifndef PASSWD_PROGRAM
|
#ifndef PASSWD_PROGRAM
|
||||||
@@ -162,7 +165,8 @@ void agecheck (/*@null@*/const struct spwd *sp)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
remain = sp->sp_lstchg + sp->sp_max - now;
|
remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
|
||||||
|
|
||||||
if (remain <= sp->sp_warn) {
|
if (remain <= sp->sp_warn) {
|
||||||
if (remain > 1) {
|
if (remain > 1) {
|
||||||
(void) printf (_("Your password will expire in %ld days.\n"),
|
(void) printf (_("Your password will expire in %ld days.\n"),
|
||||||
|
|||||||
@@ -15,11 +15,13 @@
|
|||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include "prototypes.h"
|
|
||||||
#include "defines.h"
|
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
|
||||||
|
#include "adds.h"
|
||||||
|
#include "defines.h"
|
||||||
|
#include "prototypes.h"
|
||||||
|
|
||||||
#ident "$Id$"
|
#ident "$Id$"
|
||||||
|
|
||||||
|
|
||||||
@@ -38,7 +40,7 @@
|
|||||||
*/
|
*/
|
||||||
int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
|
int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
|
||||||
{
|
{
|
||||||
long now;
|
long now;
|
||||||
|
|
||||||
now = time(NULL) / DAY;
|
now = time(NULL) / DAY;
|
||||||
|
|
||||||
@@ -72,7 +74,8 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
|
|||||||
if ( (sp->sp_lstchg > 0)
|
if ( (sp->sp_lstchg > 0)
|
||||||
&& (sp->sp_max >= 0)
|
&& (sp->sp_max >= 0)
|
||||||
&& (sp->sp_inact >= 0)
|
&& (sp->sp_inact >= 0)
|
||||||
&& (now >= (sp->sp_lstchg + sp->sp_max + sp->sp_inact))) {
|
&& (now >= addsl(sp->sp_lstchg, sp->sp_max, sp->sp_inact)))
|
||||||
|
{
|
||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -94,9 +97,9 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
|
|||||||
* the password has expired.
|
* the password has expired.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (now >= (sp->sp_lstchg + sp->sp_max)) {
|
if (now >= addsl(sp->sp_lstchg, sp->sp_max))
|
||||||
return 1;
|
return 1;
|
||||||
}
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user