In nsswitch/pam_winbind.c, I believe the following code is off by 1 if the current date is in a leap year after leap day, and the password expires beyond the end of the current year.
days = (tm_next_change.tm_yday+tm_next_change.tm_year*365) -
For instance, if it is 12/30/12 and the password expires on 1/30/13 (which is 31 days), this calculation computes as follows:
This assumes the leap year has 365 days, but the Julian day will be 1 higher than it is in non-leap years. This in effect will subtract 1 too many days, thus indicating 1 fewer day than in actuality.
I believe this code is in previous versions as well, such as 3.6.9.