summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrad King <brad.king@kitware.com>2018-06-26 15:51:44 (GMT)
committerBrad King <brad.king@kitware.com>2018-06-26 15:54:34 (GMT)
commitb29842a818ea978a85c0646cd3c2b3191b0498fc (patch)
tree3367b225f72c3fa1d5bb8f903273a037122b36e0
parentef5e2e8a62982ebccf4883fc7a01cdb66f8ca183 (diff)
downloadCMake-b29842a818ea978a85c0646cd3c2b3191b0498fc.zip
CMake-b29842a818ea978a85c0646cd3c2b3191b0498fc.tar.gz
CMake-b29842a818ea978a85c0646cd3c2b3191b0498fc.tar.bz2
ListFileLexer: Do not match null bytes in input
Extend the fix from commit v3.10.0-rc1~188^2 (ListFileLexer: fix heap-buffer-overflow on malicious input, 2017-08-26) to apply to all lexer token matches. Replace all `.` with `[^\0\n]`. Update all `[^...]` match expressions to not match `\0`. We cannot safely process null bytes in strings. Fixes: #18124
-rw-r--r--Source/LexerParser/cmListFileLexer.c196
-rw-r--r--Source/LexerParser/cmListFileLexer.in.l6
-rw-r--r--Tests/RunCMake/Syntax/NullAfterBackslash-result.txt1
-rw-r--r--Tests/RunCMake/Syntax/NullAfterBackslash-stderr.txt5
-rw-r--r--Tests/RunCMake/Syntax/NullAfterBackslash.cmakebin0 -> 113 bytes
-rw-r--r--Tests/RunCMake/Syntax/RunCMakeTest.cmake1
6 files changed, 106 insertions, 103 deletions
diff --git a/Source/LexerParser/cmListFileLexer.c b/Source/LexerParser/cmListFileLexer.c
index c6f524c..eb37337 100644
--- a/Source/LexerParser/cmListFileLexer.c
+++ b/Source/LexerParser/cmListFileLexer.c
@@ -576,16 +576,16 @@ struct yy_trans_info
flex_int32_t yy_verify;
flex_int32_t yy_nxt;
};
-static const flex_int16_t yy_accept[81] =
+static const flex_int16_t yy_accept[79] =
{ 0,
0, 0, 0, 0, 0, 0, 0, 0, 4, 4,
25, 13, 22, 1, 16, 3, 13, 5, 6, 7,
- 15, 23, 23, 17, 19, 20, 21, 17, 10, 11,
- 8, 10, 12, 9, 24, 4, 13, 0, 13, 0,
- 22, 0, 0, 7, 13, 0, 13, 0, 2, 0,
- 13, 17, 0, 18, 10, 8, 4, 0, 14, 0,
- 0, 0, 0, 14, 0, 0, 14, 0, 0, 0,
- 2, 14, 0, 0, 0, 0, 0, 0, 0, 0
+ 15, 23, 23, 17, 19, 20, 21, 24, 10, 11,
+ 8, 12, 9, 4, 13, 0, 13, 0, 22, 0,
+ 0, 7, 13, 0, 13, 0, 2, 0, 13, 17,
+ 0, 18, 10, 8, 4, 0, 14, 0, 0, 0,
+ 0, 14, 0, 0, 14, 0, 0, 0, 2, 14,
+ 0, 0, 0, 0, 0, 0, 0, 0
} ;
static const YY_CHAR yy_ec[256] =
@@ -623,89 +623,87 @@ static const YY_CHAR yy_ec[256] =
static const YY_CHAR yy_meta[17] =
{ 0,
1, 1, 2, 3, 4, 3, 1, 3, 5, 6,
- 1, 6, 1, 1, 7, 8
+ 1, 6, 1, 1, 7, 2
} ;
-static const flex_int16_t yy_base[99] =
+static const flex_int16_t yy_base[97] =
{ 0,
0, 0, 14, 28, 42, 56, 70, 84, 18, 19,
- 69, 100, 16, 323, 323, 55, 59, 323, 323, 13,
- 115, 0, 323, 52, 323, 323, 21, 51, 0, 323,
- 53, 0, 323, 323, 323, 0, 0, 126, 55, 0,
- 25, 25, 53, 0, 0, 136, 53, 0, 57, 0,
- 0, 42, 50, 323, 0, 43, 0, 146, 160, 45,
- 172, 43, 26, 0, 42, 184, 0, 42, 195, 40,
- 323, 40, 0, 38, 37, 34, 32, 31, 23, 323,
- 211, 219, 227, 235, 243, 251, 259, 267, 274, 281,
- 285, 291, 298, 302, 304, 310, 314, 316
+ 68, 100, 16, 298, 298, 54, 58, 298, 298, 13,
+ 115, 0, 298, 51, 298, 298, 21, 298, 0, 298,
+ 53, 298, 298, 0, 0, 126, 55, 0, 25, 25,
+ 53, 0, 0, 136, 53, 0, 57, 0, 0, 42,
+ 50, 298, 0, 43, 0, 146, 160, 45, 172, 43,
+ 26, 0, 42, 177, 0, 42, 188, 40, 298, 40,
+ 0, 38, 37, 34, 32, 31, 23, 298, 197, 204,
+ 211, 218, 225, 232, 239, 245, 252, 259, 262, 268,
+ 275, 278, 280, 286, 289, 291
} ;
-static const flex_int16_t yy_def[99] =
+static const flex_int16_t yy_def[97] =
{ 0,
- 80, 1, 81, 81, 82, 82, 83, 83, 84, 84,
- 80, 80, 80, 80, 80, 80, 12, 80, 80, 12,
- 80, 85, 80, 86, 80, 80, 86, 86, 87, 80,
- 80, 87, 80, 80, 80, 88, 12, 89, 12, 90,
- 80, 80, 91, 20, 12, 92, 12, 21, 80, 93,
- 12, 86, 86, 80, 87, 80, 88, 89, 80, 58,
- 89, 94, 80, 59, 91, 92, 59, 66, 92, 95,
- 80, 59, 96, 97, 94, 98, 95, 97, 98, 0,
- 80, 80, 80, 80, 80, 80, 80, 80, 80, 80,
- 80, 80, 80, 80, 80, 80, 80, 80
+ 78, 1, 79, 79, 80, 80, 81, 81, 82, 82,
+ 78, 78, 78, 78, 78, 78, 12, 78, 78, 12,
+ 78, 83, 78, 84, 78, 78, 84, 78, 85, 78,
+ 78, 78, 78, 86, 12, 87, 12, 88, 78, 78,
+ 89, 20, 12, 90, 12, 21, 78, 91, 12, 84,
+ 84, 78, 85, 78, 86, 87, 78, 56, 87, 92,
+ 78, 57, 89, 90, 57, 64, 90, 93, 78, 57,
+ 94, 95, 92, 96, 93, 95, 96, 0, 78, 78,
+ 78, 78, 78, 78, 78, 78, 78, 78, 78, 78,
+ 78, 78, 78, 78, 78, 78
} ;
-static const flex_int16_t yy_nxt[340] =
+static const flex_int16_t yy_nxt[315] =
{ 0,
12, 13, 14, 13, 15, 16, 17, 18, 19, 12,
- 12, 20, 21, 22, 12, 23, 25, 41, 26, 41,
- 14, 14, 44, 54, 44, 52, 41, 27, 41, 28,
- 25, 66, 26, 35, 35, 63, 63, 49, 49, 58,
- 67, 27, 66, 28, 30, 59, 58, 62, 67, 76,
- 64, 59, 74, 56, 52, 53, 31, 32, 30, 71,
- 70, 64, 62, 56, 53, 53, 43, 42, 80, 80,
- 31, 32, 30, 80, 80, 80, 80, 80, 80, 80,
- 80, 80, 80, 80, 34, 35, 30, 80, 80, 80,
- 80, 80, 80, 80, 80, 80, 80, 80, 34, 35,
-
- 37, 80, 80, 80, 38, 80, 39, 80, 80, 37,
- 37, 37, 37, 40, 37, 45, 80, 80, 80, 46,
- 80, 47, 80, 80, 45, 48, 45, 49, 50, 45,
- 59, 80, 60, 80, 80, 80, 80, 80, 80, 61,
- 67, 80, 68, 80, 80, 80, 80, 80, 80, 69,
- 59, 80, 60, 80, 80, 80, 80, 80, 80, 61,
- 59, 80, 80, 80, 38, 80, 72, 80, 80, 59,
- 59, 59, 59, 73, 59, 58, 80, 58, 80, 58,
- 58, 80, 80, 80, 80, 80, 80, 58, 67, 80,
- 68, 80, 80, 80, 80, 80, 80, 69, 66, 80,
-
- 66, 80, 66, 66, 80, 80, 80, 80, 80, 80,
- 66, 24, 24, 24, 24, 24, 24, 24, 24, 29,
- 29, 29, 29, 29, 29, 29, 29, 33, 33, 33,
- 33, 33, 33, 33, 33, 36, 36, 36, 36, 36,
- 36, 36, 36, 51, 80, 51, 51, 51, 51, 51,
- 51, 52, 80, 52, 80, 52, 52, 52, 52, 55,
- 80, 55, 55, 55, 55, 80, 55, 57, 80, 57,
- 57, 57, 57, 57, 58, 80, 80, 58, 80, 58,
- 58, 37, 80, 37, 37, 37, 37, 37, 37, 65,
- 65, 66, 80, 80, 66, 80, 66, 66, 45, 80,
-
- 45, 45, 45, 45, 45, 45, 75, 75, 77, 77,
- 59, 80, 59, 59, 59, 59, 59, 59, 78, 78,
- 79, 79, 11, 80, 80, 80, 80, 80, 80, 80,
- 80, 80, 80, 80, 80, 80, 80, 80, 80
+ 12, 20, 21, 22, 12, 23, 25, 39, 26, 39,
+ 14, 14, 42, 52, 42, 50, 39, 27, 39, 28,
+ 25, 64, 26, 28, 28, 61, 61, 47, 47, 56,
+ 65, 27, 64, 28, 30, 57, 56, 60, 65, 74,
+ 62, 57, 72, 54, 50, 51, 31, 28, 30, 69,
+ 68, 62, 60, 54, 51, 41, 40, 78, 78, 78,
+ 31, 28, 30, 78, 78, 78, 78, 78, 78, 78,
+ 78, 78, 78, 78, 33, 28, 30, 78, 78, 78,
+ 78, 78, 78, 78, 78, 78, 78, 78, 33, 28,
+
+ 35, 78, 78, 78, 36, 78, 37, 78, 78, 35,
+ 35, 35, 35, 38, 35, 43, 78, 78, 78, 44,
+ 78, 45, 78, 78, 43, 46, 43, 47, 48, 43,
+ 57, 78, 58, 78, 78, 78, 78, 78, 78, 59,
+ 65, 78, 66, 78, 78, 78, 78, 78, 78, 67,
+ 57, 78, 58, 78, 78, 78, 78, 78, 78, 59,
+ 57, 78, 78, 78, 36, 78, 70, 78, 78, 57,
+ 57, 57, 57, 71, 57, 56, 78, 56, 78, 56,
+ 56, 65, 78, 66, 78, 78, 78, 78, 78, 78,
+ 67, 64, 78, 64, 78, 64, 64, 24, 24, 24,
+
+ 24, 24, 24, 24, 29, 29, 29, 29, 29, 29,
+ 29, 32, 32, 32, 32, 32, 32, 32, 34, 34,
+ 34, 34, 34, 34, 34, 49, 78, 49, 49, 49,
+ 49, 49, 50, 78, 50, 78, 50, 50, 50, 53,
+ 78, 53, 53, 53, 53, 55, 78, 55, 55, 55,
+ 55, 55, 56, 78, 78, 56, 78, 56, 56, 35,
+ 78, 35, 35, 35, 35, 35, 63, 63, 64, 78,
+ 78, 64, 78, 64, 64, 43, 78, 43, 43, 43,
+ 43, 43, 73, 73, 75, 75, 57, 78, 57, 57,
+ 57, 57, 57, 76, 76, 77, 77, 11, 78, 78,
+
+ 78, 78, 78, 78, 78, 78, 78, 78, 78, 78,
+ 78, 78, 78, 78
} ;
-static const flex_int16_t yy_chk[340] =
+static const flex_int16_t yy_chk[315] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 3, 13, 3, 13,
- 9, 10, 20, 27, 20, 27, 41, 3, 41, 3,
- 4, 79, 4, 9, 10, 42, 63, 42, 63, 78,
- 77, 4, 76, 4, 5, 75, 74, 72, 70, 68,
- 65, 62, 60, 56, 53, 52, 5, 5, 6, 49,
- 47, 43, 39, 31, 28, 24, 17, 16, 11, 0,
+ 9, 10, 20, 27, 20, 27, 39, 3, 39, 3,
+ 4, 77, 4, 9, 10, 40, 61, 40, 61, 76,
+ 75, 4, 74, 4, 5, 73, 72, 70, 68, 66,
+ 63, 60, 58, 54, 51, 50, 5, 5, 6, 47,
+ 45, 41, 37, 31, 24, 17, 16, 11, 0, 0,
6, 6, 7, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 7, 7, 8, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 8, 8,
@@ -713,29 +711,27 @@ static const flex_int16_t yy_chk[340] =
12, 0, 0, 0, 12, 0, 12, 0, 0, 12,
12, 12, 12, 12, 12, 21, 0, 0, 0, 21,
0, 21, 0, 0, 21, 21, 21, 21, 21, 21,
- 38, 0, 38, 0, 0, 0, 0, 0, 0, 38,
- 46, 0, 46, 0, 0, 0, 0, 0, 0, 46,
- 58, 0, 58, 0, 0, 0, 0, 0, 0, 58,
- 59, 0, 0, 0, 59, 0, 59, 0, 0, 59,
- 59, 59, 59, 59, 59, 61, 0, 61, 0, 61,
- 61, 0, 0, 0, 0, 0, 0, 61, 66, 0,
- 66, 0, 0, 0, 0, 0, 0, 66, 69, 0,
-
- 69, 0, 69, 69, 0, 0, 0, 0, 0, 0,
- 69, 81, 81, 81, 81, 81, 81, 81, 81, 82,
- 82, 82, 82, 82, 82, 82, 82, 83, 83, 83,
- 83, 83, 83, 83, 83, 84, 84, 84, 84, 84,
- 84, 84, 84, 85, 0, 85, 85, 85, 85, 85,
- 85, 86, 0, 86, 0, 86, 86, 86, 86, 87,
- 0, 87, 87, 87, 87, 0, 87, 88, 0, 88,
- 88, 88, 88, 88, 89, 0, 0, 89, 0, 89,
- 89, 90, 0, 90, 90, 90, 90, 90, 90, 91,
- 91, 92, 0, 0, 92, 0, 92, 92, 93, 0,
-
- 93, 93, 93, 93, 93, 93, 94, 94, 95, 95,
- 96, 0, 96, 96, 96, 96, 96, 96, 97, 97,
- 98, 98, 80, 80, 80, 80, 80, 80, 80, 80,
- 80, 80, 80, 80, 80, 80, 80, 80, 80
+ 36, 0, 36, 0, 0, 0, 0, 0, 0, 36,
+ 44, 0, 44, 0, 0, 0, 0, 0, 0, 44,
+ 56, 0, 56, 0, 0, 0, 0, 0, 0, 56,
+ 57, 0, 0, 0, 57, 0, 57, 0, 0, 57,
+ 57, 57, 57, 57, 57, 59, 0, 59, 0, 59,
+ 59, 64, 0, 64, 0, 0, 0, 0, 0, 0,
+ 64, 67, 0, 67, 0, 67, 67, 79, 79, 79,
+
+ 79, 79, 79, 79, 80, 80, 80, 80, 80, 80,
+ 80, 81, 81, 81, 81, 81, 81, 81, 82, 82,
+ 82, 82, 82, 82, 82, 83, 0, 83, 83, 83,
+ 83, 83, 84, 0, 84, 0, 84, 84, 84, 85,
+ 0, 85, 85, 85, 85, 86, 0, 86, 86, 86,
+ 86, 86, 87, 0, 0, 87, 0, 87, 87, 88,
+ 0, 88, 88, 88, 88, 88, 89, 89, 90, 0,
+ 0, 90, 0, 90, 90, 91, 0, 91, 91, 91,
+ 91, 91, 92, 92, 93, 93, 94, 0, 94, 94,
+ 94, 94, 94, 95, 95, 96, 96, 78, 78, 78,
+
+ 78, 78, 78, 78, 78, 78, 78, 78, 78, 78,
+ 78, 78, 78, 78
} ;
/* Table of booleans, true if rule could match eol. */
@@ -1093,13 +1089,13 @@ yy_match:
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 81 )
+ if ( yy_current_state >= 79 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
++yy_cp;
}
- while ( yy_base[yy_current_state] != 323 );
+ while ( yy_base[yy_current_state] != 298 );
yy_find_action:
yy_act = yy_accept[yy_current_state];
@@ -1674,7 +1670,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 81 )
+ if ( yy_current_state >= 79 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
@@ -1703,11 +1699,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 81 )
+ if ( yy_current_state >= 79 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
- yy_is_jam = (yy_current_state == 80);
+ yy_is_jam = (yy_current_state == 78);
(void)yyg;
return yy_is_jam ? 0 : yy_current_state;
diff --git a/Source/LexerParser/cmListFileLexer.in.l b/Source/LexerParser/cmListFileLexer.in.l
index f2fd538..23c7e49 100644
--- a/Source/LexerParser/cmListFileLexer.in.l
+++ b/Source/LexerParser/cmListFileLexer.in.l
@@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer);
%x COMMENT
MAKEVAR \$\([A-Za-z0-9_]*\)
-UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.)
+UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\[^\0\n])
LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
%%
@@ -156,7 +156,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
return 1;
}
-<BRACKET>([^]\n])+ {
+<BRACKET>([^]\0\n])+ {
cmListFileLexerAppend(lexer, yytext, yyleng);
lexer->column += yyleng;
}
@@ -208,7 +208,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
BEGIN(STRING);
}
-<STRING>([^\\\n\"]|\\.)+ {
+<STRING>([^\\\0\n\"]|\\[^\0\n])+ {
cmListFileLexerAppend(lexer, yytext, yyleng);
lexer->column += yyleng;
}
diff --git a/Tests/RunCMake/Syntax/NullAfterBackslash-result.txt b/Tests/RunCMake/Syntax/NullAfterBackslash-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/Syntax/NullAfterBackslash-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/Syntax/NullAfterBackslash-stderr.txt b/Tests/RunCMake/Syntax/NullAfterBackslash-stderr.txt
new file mode 100644
index 0000000..e7ba440
--- /dev/null
+++ b/Tests/RunCMake/Syntax/NullAfterBackslash-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at NullAfterBackslash.cmake:1:
+ Parse error. Function missing ending "\)". Instead found bad character
+ with text "\\".
+Call Stack \(most recent call first\):
+ CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/Syntax/NullAfterBackslash.cmake b/Tests/RunCMake/Syntax/NullAfterBackslash.cmake
new file mode 100644
index 0000000..ed96904
--- /dev/null
+++ b/Tests/RunCMake/Syntax/NullAfterBackslash.cmake
Binary files differ
diff --git a/Tests/RunCMake/Syntax/RunCMakeTest.cmake b/Tests/RunCMake/Syntax/RunCMakeTest.cmake
index 628df91..b8f5fd0 100644
--- a/Tests/RunCMake/Syntax/RunCMakeTest.cmake
+++ b/Tests/RunCMake/Syntax/RunCMakeTest.cmake
@@ -55,6 +55,7 @@ run_cmake(BracketNoSpace5)
run_cmake(Escape1)
run_cmake(Escape2)
run_cmake(EscapeCharsAllowed)
+run_cmake(NullAfterBackslash)
run_cmake(NullTerminatedArgument)
include("${RunCMake_SOURCE_DIR}/EscapeCharsDisallowed.cmake")
run_cmake(ParenNoSpace0)