> The cryptodev security telemetry handlers parsed dev_id/capa_id with
> strtoul() and no overflow or range check, so an out-of-range dev_id
> (e.g. 256) silently truncated to a valid device in
> rte_cryptodev_is_valid_dev(). isdigit() was also called on a plain
> (signed) char, which is undefined for high-bit input.
> The parser was also using strtok() which is not thread safe.
>
> Use a validated parse helper and reject malformed input rather than
> logging and continuing. This also drops the thread-unsafe strtok() in
> the crypto_caps handler.
>
> Fixes: 259ca6d1617f ("security: add telemetry endpoint for capabilities")
> Cc: [email protected]
>
> Signed-off-by: Stephen Hemminger <[email protected]>
This patch seems to be already merged in main tree as part of other series.
Marking it as superseded.
