From: WanBingjiang <wanbingjiang@webray.com.cn>
Date: Wed, 29 Apr 2026 03:04:38 +0000 (+0800)
Subject: cpuset: Validate full tokens in cpulist_parse()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b063ab12e0178dbb258cd4d51d9c15182326ee0;p=thirdparty%2Futil-linux.git

cpuset: Validate full tokens in cpulist_parse()

Prevent silent acceptance of inputs like 1,2,3abc,4 by validating all
characters after each parsed number, not just at the end of the string.

Signed-off-by: WanBingjiang <wanbingjiang@webray.com.cn>
---

diff --git a/lib/cpuset.c b/lib/cpuset.c
index aba5d5056..423317d3a 100644
--- a/lib/cpuset.c
+++ b/lib/cpuset.c
@@ -361,7 +361,8 @@ int cpulist_parse(const char *str, cpu_set_t *set, size_t setsize, int fail)
 		unsigned int s;	/* stride */
 		const char *c1, *c2;
 
-		if (nextnumber(p, &end, &a) != 0)
+		if (nextnumber(p, &end, &a) != 0 ||
+			(*end && *end != ',' && *end != '-'))
 			return 1;
 		b = a;
 		s = 1;
@@ -371,13 +372,15 @@ int cpulist_parse(const char *str, cpu_set_t *set, size_t setsize, int fail)
 		c2 = nexttoken(p, ',');
 
 		if (c1 != NULL && (c2 == NULL || c1 < c2)) {
-			if (nextnumber(c1, &end, &b) != 0)
+			if (nextnumber(c1, &end, &b) != 0 ||
+				(*end && *end != ',' && *end != ':'))
 				return 1;
 
-			c1 = end && *end ? nexttoken(end, ':') : NULL;
+			c1 = nexttoken(end, ':');
 
 			if (c1 != NULL && (c2 == NULL || c1 < c2)) {
-				if (nextnumber(c1, &end, &s) != 0)
+				if (nextnumber(c1, &end, &s) != 0 ||
+					(*end && *end != ','))
 					return 1;
 				if (s == 0)
 					return 1;