From ddc5974845058f5711a661fb582276f2489ba1bc Mon Sep 17 00:00:00 2001
From: tobias <tobias@openbsd.org>
Date: Mon, 8 May 2023 17:15:43 +0000
Subject: [PATCH] Prevent signed integer overflow

A signed integer overflow could occur after INT_MAX bad password
attempts. Check for unlimited tries first and then increment the
counter. Also consider INT_MAX to be a valid upper limit.

ok millert@
---
 usr.bin/passwd/local_passwd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index 2cd0c73b874..a1f973fd23f 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: local_passwd.c,v 1.63 2022/02/10 13:06:46 robert Exp $	*/
+/*	$OpenBSD: local_passwd.c,v 1.64 2023/05/08 17:15:43 tobias Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -202,7 +202,7 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated)
 
 	pwd_tries = pwd_gettries(lc);
 
-	for (newpass[0] = '\0', tries = 0;;) {
+	for (newpass[0] = '\0', tries = -1;;) {
 		char repeat[1024];
 
 		p = readpassphrase("New password:", newpass, sizeof(newpass),
@@ -217,7 +217,7 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated)
 			continue;
 		}
 
-		if ((tries++ < pwd_tries || pwd_tries == 0) &&
+		if ((pwd_tries == 0 || ++tries < pwd_tries) &&
 		    pwd_check(lc, p) == 0)
 			continue;
 		p = readpassphrase("Retype new password:", repeat, sizeof(repeat),
-- 
2.20.1