On Fri, Jun 05, 2026 at 01:50:58PM -0700, Stephen Hemminger wrote:
> The telemetry client_handler() runs in a detached thread per connection,
> and up to MAX_CONNECTIONS instances can run concurrently.
> The function strtok() keeps parser state in a static variable
> shared across all threads, so concurrent clients corrupt each other's
> command parsing. Use strtok_r() with a local saveptr.
>
> Fixes: 6dd571fd07c3 ("telemetry: introduce new functionality")
> Cc: [email protected]
>
> Signed-off-by: Stephen Hemminger <[email protected]>
> ---
Acked-by: Bruce Richardson <[email protected]>
> lib/telemetry/telemetry.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/lib/telemetry/telemetry.c b/lib/telemetry/telemetry.c
> index b109d076d4..e591c1e283 100644
> --- a/lib/telemetry/telemetry.c
> +++ b/lib/telemetry/telemetry.c
> @@ -415,8 +415,9 @@ client_handler(void *sock_id)
> int bytes = read(s, buffer, sizeof(buffer) - 1);
> while (bytes > 0) {
> buffer[bytes] = 0;
> - const char *cmd = strtok(buffer, ",");
> - const char *param = strtok(NULL, "\0");
> + char *saveptr = NULL;
> + const char *cmd = strtok_r(buffer, ",", &saveptr);
> + const char *param = strtok_r(NULL, "\0", &saveptr);
> struct cmd_callback cb = {.fn = unknown_command};
> int i;
>
> --
> 2.53.0
>
