===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-add.c,v
retrieving revision 1.152
retrieving revision 1.153
diff -u -r1.152 -r1.153
--- src/usr.bin/ssh/ssh-add.c	2020/02/06 22:30:54	1.152
+++ src/usr.bin/ssh/ssh-add.c	2020/02/18 08:58:33	1.153
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.152 2020/02/06 22:30:54 naddy Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.153 2020/02/18 08:58:33 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -83,7 +83,7 @@
 static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
 
 /* Default lifetime (0 == forever) */
-static int lifetime = 0;
+static long lifetime = 0;
 
 /* User has to confirm key use */
 static int confirm = 0;
@@ -321,7 +321,7 @@
 			    filename, comment);
 			if (lifetime != 0) {
 				fprintf(stderr,
-				    "Lifetime set to %d seconds\n", lifetime);
+				    "Lifetime set to %ld seconds\n", lifetime);
 			}
 			if (confirm != 0) {
 				fprintf(stderr, "The user must confirm "
@@ -377,7 +377,7 @@
 		fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
 		    private->cert->key_id);
 		if (lifetime != 0) {
-			fprintf(stderr, "Lifetime set to %d seconds\n",
+			fprintf(stderr, "Lifetime set to %ld seconds\n",
 			    lifetime);
 		}
 		if (confirm != 0) {
@@ -564,7 +564,7 @@
 			    sshkey_type(keys[i]), fp);
 			if (lifetime != 0) {
 				fprintf(stderr,
-				    "Lifetime set to %d seconds\n", lifetime);
+				    "Lifetime set to %ld seconds\n", lifetime);
 			}
 			if (confirm != 0) {
 				fprintf(stderr, "The user must confirm "
@@ -713,7 +713,8 @@
 			pkcs11provider = optarg;
 			break;
 		case 't':
-			if ((lifetime = convtime(optarg)) == -1) {
+			if ((lifetime = convtime(optarg)) == -1 ||
+			    lifetime < 0 || lifetime > UINT32_MAX) {
 				fprintf(stderr, "Invalid lifetime\n");
 				ret = 1;
 				goto done;