ppp RADIUS accounting bug
Barney Wolff
barney at databus.com
Tue Nov 18 23:17:16 PST 2003
On Wed, Nov 19, 2003 at 09:00:01AM +0500, Boris Kovalenko wrote:
>
> I found a serious bug in RADIUS accounting code. The problem is that
> OctetsIn and OctetsOut are defined as unsingned long long, but the
> RADIUS supports only INT32 values, so, when
> we're doing rad_put_int(r->cx.rad, RAD_ACCT_OUTPUT_OCTETS,
> stats->OctetsOut) in radius.c for OctetsOut (and OctetsIn also) we
> loosing information if OctetsOut is greater then INT32_MAX. This should
> be fixed.
Note that RADIUS integers are unsigned, so the limit is 2^32-1.
Also, RFC2869 defines attributes to hold the high-order parts.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-stable
mailing list