From 674409e2265eb12e02658d59b2efd0f0ef53419b Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 18 Dec 2023 20:45:44 +0100
Subject: [PATCH] lib/: Saturate addition to avoid overflow

Very large values in /etc/shadow could lead to overflows.  Make sure
that these calculations are saturated at LONG_MAX.  Since entries are
based on days and not seconds since epoch, saturating won't hurt anyone.

Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
 lib/age.c       | 12 ++++++++----
 lib/isexpired.c | 15 +++++++++------
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/lib/age.c b/lib/age.c
index d9ef88c4c..72a13eab5 100644
--- a/lib/age.c
+++ b/lib/age.c
@@ -13,12 +13,15 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include "prototypes.h"
-#include "defines.h"
-#include "exitcodes.h"
 #include <pwd.h>
 #include <grp.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "exitcodes.h"
+#include "prototypes.h"
+
+
 #ident "$Id$"
 
 #ifndef PASSWD_PROGRAM
@@ -162,7 +165,8 @@ void agecheck (/*@null@*/const struct spwd *sp)
 		return;
 	}
 
-	remain = sp->sp_lstchg + sp->sp_max - now;
+	remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
+
 	if (remain <= sp->sp_warn) {
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),
diff --git a/lib/isexpired.c b/lib/isexpired.c
index 45c7601ec..c275691f7 100644
--- a/lib/isexpired.c
+++ b/lib/isexpired.c
@@ -15,11 +15,13 @@
 #include <config.h>
 
 #include <sys/types.h>
-#include "prototypes.h"
-#include "defines.h"
 #include <pwd.h>
 #include <time.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "prototypes.h"
+
 #ident "$Id$"
 
 
@@ -38,7 +40,7 @@
  */
 int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
-	long now;
+	long  now;
 
 	now = time(NULL) / DAY;
 
@@ -72,7 +74,8 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	if (   (sp->sp_lstchg > 0)
 	    && (sp->sp_max >= 0)
 	    && (sp->sp_inact >= 0)
-	    && (now >= (sp->sp_lstchg + sp->sp_max + sp->sp_inact))) {
+	    && (now >= addsl(sp->sp_lstchg, sp->sp_max, sp->sp_inact)))
+	{
 		return 2;
 	}
 
@@ -94,9 +97,9 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	 * the password has expired.
 	 */
 
-	if (now >= (sp->sp_lstchg + sp->sp_max)) {
+	if (now >= addsl(sp->sp_lstchg, sp->sp_max))
 		return 1;
-	}
+
 	return 0;
 }
 
-- 
2.47.2