Bug 227589

Summary: chpass(1): post-2106 dates in account expiration corrupt passwd entry
Product: Base System Reporter: Paul Reynolds <paul.reynolds>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Some People CC: emaste
Priority: ---    
Version: 11.1-RELEASE   
Hardware: amd64   
OS: Any   

Description Paul Reynolds 2018-04-17 20:26:51 UTC
Using chpass, add an account expiration of a large date. e.g. January 1, 2119 and save. Using chpass again, attempt to fix the date to something more reasonable. e.g. January 1, 2019. When editing a date other than the one originally entered is displayed. For the above example it shows November 24, 1982. Changing the date to January 1, 2019 and saving fails. Error messages displayed:
chpass: entry inconsistent
chpass: pw_copy: Invalid argument

Workaround: zero out the expiration field for the given user using vipw. chpass now works again.
Comment 1 Ed Maste freebsd_committer 2018-04-18 14:20:42 UTC
pwd_mkdb.c and getpwent.c store the password change and expire fields as 32-bit ints so cannot be set beyond Jan 19 2038.
Comment 2 Ed Maste freebsd_committer 2018-04-18 14:30:56 UTC
Thank you for the report. In the near future I'll add a band-aid to disallow y2038+ dates, before we can implement a full fix.
Comment 3 Ed Maste freebsd_committer 2018-04-18 17:09:07 UTC
Proposed patch to disallow y2038 dates in chpass: https://github.com/emaste/freebsd/commit/d69eea06fcc51bf92bccebea3cb25ac84974d664

(y2048 in commit message is a typo)
Comment 4 Ed Maste freebsd_committer 2018-04-19 02:57:46 UTC
Ah, it's actually a y2106 problem: on all archs but i386 we have 64-bit time_t but are storing 32-bit unsigned ints in the pwd db. signed 32 bit int goes to 2038, unsigned 32 bit to 2106.

i386 has 32-bit time_t and chpass will already reject post-y2038 dates.
Comment 5 commit-hook freebsd_committer 2018-04-19 12:51:49 UTC
A commit references this bug:

Author: emaste
Date: Thu Apr 19 12:50:49 UTC 2018
New revision: 332769
URL: https://svnweb.freebsd.org/changeset/base/332769

  chpass: reject change/expiry dates beyond y2106

  The pwd.db and spwd.db files store the change and expire dates as
  unsigned 32-bit ints, which overflow in 2106.  Reject larger values for
  now, until the introduction of a v5 password database.

  i386 has 32-bit time_t and so dates beyond y2038 are already rejected by

  PR:		227589
  Reviewed by:	lidl
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation