git.ipfire.org Git - thirdparty/samba.git/commit

author	Xavi Hernandez <xhernandez@gmail.com>
	Thu, 25 Sep 2025 08:42:30 +0000 (10:42 +0200)
committer	Douglas Bagnall <dbagnall@samba.org>
	Fri, 26 Sep 2025 05:23:30 +0000 (05:23 +0000)
commit	ebff8568d2a64ee9fa88e7355e35e79ebeaa56be
tree	fb083fafbf2a30bb003a695969a4a8d9e3ae06b2	tree \| snapshot
parent	7e2358fcf7be177d6e5de6e26f9d7c5af4acbb0c	commit \| diff

s3/rpc_server/samr: fix CID 1509008 - time_t truncation

The call to get_time_t_max() doesn't work as expected when time_t is a
64-bits type and the returned value is stored into a 32-bits unsigned
integer. Truncating a 64-bits constant to a 32-bits number won't return,
in general, the same value we would get if time_t were a 32-bits type.
It's unsafe and could even return small numbers very far from the
intended maximum.

This patch completely avoids the need to use get_time_t_max() by
assuming that when pwd_max_age is 0 or -1, it means no maximum age is
defined, so the password never expires and we don't need to do any
comparison.

A small adjustment has also been made to avoid calling
pdb_get_account_policy() if it's not necessary.

Signed-off-by: Xavi Hernandez <xhernandez@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Sep 26 05:23:30 UTC 2025 on atb-devel-224