I have committed the error handling aspects of the patch.
Turns out that we have yet another possibility to trigger a theoretical
signed integer overflow if pwd_tries is INT_MAX. This one avoids such
situation as well.
Okay?
Index: local_passwd.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/local_passwd.c,v
retrieving revision 1.63
diff -u -p -u -p -r1.63 local_passwd.c
--- local_passwd.c 10 Feb 2022 13:06:46 -0000 1.63
+++ local_passwd.c 8 May 2023 16:13:37 -0000
@@ -202,7 +202,7 @@ getnewpasswd(struct passwd *pw, login_ca
pwd_tries = pwd_gettries(lc);
- for (newpass[0] = '\0', tries = 0;;) {
+ for (newpass[0] = '\0', tries = -1;;) {
char repeat[1024];
p = readpassphrase("New password:", newpass, sizeof(newpass),
@@ -217,7 +217,7 @@ getnewpasswd(struct passwd *pw, login_ca
continue;
}
- if ((tries++ < pwd_tries || pwd_tries == 0) &&
+ if ((pwd_tries == 0 || ++tries < pwd_tries) &&
pwd_check(lc, p) == 0)
continue;
p = readpassphrase("Retype new password:", repeat,
sizeof(repeat),
