Subject: Re: pkg/36625: nss-ldap miscalculates pw_change
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
List: pkgsrc-bugs
Date: 08/09/2007 17:55:02
The following reply was made to PR pkg/36625; it has been noted by GNATS.
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: ef@math.uni-bonn.de
Cc: gnats-bugs@NetBSD.org
Subject: Re: pkg/36625: nss-ldap miscalculates pw_change
Date: Thu, 09 Aug 2007 19:51:47 +0200
Your fix is obviously correct. Looking at that code I'm
getting the impression however that there is some potential
for integer overflow which might be worth looking at:
It seems to be common (according to google hits) to set
shadowMax or shadowExpire to "99999" to express "unused".
On 32-bit systems, this would already overflow an int/long
if multiplied with secs/day.
Do you think it is safe to treat everything larger
than 24855 as 0?
best regards
Matthias
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDirig'in Baerbel Brumme-Bothe
Vorstand: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv.
Vorsitzender)