|Summary:||chpass(1): post-2106 dates in account expiration corrupt passwd entry|
|Product:||Base System||Reporter:||Paul Reynolds <paul.reynolds>|
|Component:||bin||Assignee:||freebsd-bugs (Nobody) <bugs>|
|Severity:||Affects Some People||CC:||emaste|
Description Paul Reynolds 2018-04-17 20:26:51 UTC
Using chpass, add an account expiration of a large date. e.g. January 1, 2119 and save. Using chpass again, attempt to fix the date to something more reasonable. e.g. January 1, 2019. When editing a date other than the one originally entered is displayed. For the above example it shows November 24, 1982. Changing the date to January 1, 2019 and saving fails. Error messages displayed: chpass: entry inconsistent chpass: pw_copy: Invalid argument Workaround: zero out the expiration field for the given user using vipw. chpass now works again.
Comment 1 Ed Maste 2018-04-18 14:20:42 UTC
pwd_mkdb.c and getpwent.c store the password change and expire fields as 32-bit ints so cannot be set beyond Jan 19 2038.
Comment 2 Ed Maste 2018-04-18 14:30:56 UTC
Thank you for the report. In the near future I'll add a band-aid to disallow y2038+ dates, before we can implement a full fix.
Comment 3 Ed Maste 2018-04-18 17:09:07 UTC
Proposed patch to disallow y2038 dates in chpass: https://github.com/emaste/freebsd/commit/d69eea06fcc51bf92bccebea3cb25ac84974d664 (y2048 in commit message is a typo)
Comment 4 Ed Maste 2018-04-19 02:57:46 UTC
Ah, it's actually a y2106 problem: on all archs but i386 we have 64-bit time_t but are storing 32-bit unsigned ints in the pwd db. signed 32 bit int goes to 2038, unsigned 32 bit to 2106. i386 has 32-bit time_t and chpass will already reject post-y2038 dates.
Comment 5 commit-hook 2018-04-19 12:51:49 UTC
A commit references this bug: Author: emaste Date: Thu Apr 19 12:50:49 UTC 2018 New revision: 332769 URL: https://svnweb.freebsd.org/changeset/base/332769 Log: chpass: reject change/expiry dates beyond y2106 The pwd.db and spwd.db files store the change and expire dates as unsigned 32-bit ints, which overflow in 2106. Reject larger values for now, until the introduction of a v5 password database. i386 has 32-bit time_t and so dates beyond y2038 are already rejected by mktime. PR: 227589 Reviewed by: lidl MFC after: 1 week Sponsored by: The FreeBSD Foundation Changes: head/usr.bin/chpass/util.c