rlm_expr overflow bug

Gabriel Blanchard gabe at teksavvy.com
Fri Jul 25 17:26:19 CEST 2014

Found a bug while trying to use the acct_counters64 policy

acct_counters64.preacct {
	update request {
		Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} *
4294967296) + %{%{Acct-Input-Octets}:-0}}"
		Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} *
4294967296) + %{%{Acct-Output-Octets}:-0}}"

expr was returning 32 bit signed numbers and overflowing...it should
return 64 bit numbers. I believe this needs to be changed in rlm_expr.c

static int get_number(REQUEST *request, char const **string, int64_t

-       snprintf(out, outlen, "%ld", (long int) result);
+       snprintf(out, outlen, "%lld", (int64_t) result);


More information about the Freeradius-Devel mailing list