lib/: Saturate addition to avoid overflow

Very large values in /etc/shadow could lead to overflows.  Make sure
that these calculations are saturated at LONG_MAX.  Since entries are
based on days and not seconds since epoch, saturating won't hurt anyone.

Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

lib/age.c

@@ -13,12 +13,15 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include "prototypes.h"
-#include "defines.h"
-#include "exitcodes.h"
 #include <pwd.h>
 #include <grp.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "exitcodes.h"
+#include "prototypes.h"
+
+
 #ident "$Id$"
 
 #ifndef PASSWD_PROGRAM
@@ -162,7 +165,8 @@ void agecheck (/*@null@*/const struct spwd *sp)
 		return;
 	}
 
-	remain = sp->sp_lstchg + sp->sp_max - now;
+	remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
+
 	if (remain <= sp->sp_warn) {
 		if (remain > 1) {
 			(void) printf (_("Your password will expire in %ld days.\n"),

lib/isexpired.c

@@ -15,11 +15,13 @@
 #include <config.h>
 
 #include <sys/types.h>
-#include "prototypes.h"
-#include "defines.h"
 #include <pwd.h>
 #include <time.h>
 
+#include "adds.h"
+#include "defines.h"
+#include "prototypes.h"
+
 #ident "$Id$"
 
 
@@ -38,7 +40,7 @@
  */
 int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 {
-	long now;
+	long  now;
 
 	now = time(NULL) / DAY;
 
@@ -72,7 +74,8 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	if (   (sp->sp_lstchg > 0)
 	    && (sp->sp_max >= 0)
 	    && (sp->sp_inact >= 0)
-	    && (now >= (sp->sp_lstchg + sp->sp_max + sp->sp_inact))) {
+	    && (now >= addsl(sp->sp_lstchg, sp->sp_max, sp->sp_inact)))
+	{
 		return 2;
 	}
 
@@ -94,9 +97,9 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	 * the password has expired.
 	 */
 
-	if (now >= (sp->sp_lstchg + sp->sp_max)) {
+	if (now >= addsl(sp->sp_lstchg, sp->sp_max))
 		return 1;
-	}
+
 	return 0;
 }