diff options
author | Brad King <brad.king@kitware.com> | 2017-08-31 14:07:33 (GMT) |
---|---|---|
committer | Kitware Robot <kwrobot@kitware.com> | 2017-08-31 14:08:18 (GMT) |
commit | 96c882dcba7b26efca3fabf913a110eb630c3379 (patch) | |
tree | 3896c338254818fa2a172a4816189d8271278f1c | |
parent | b4efc1936ac4d4154c7d9215165a805b2a6056d5 (diff) | |
parent | 14d9a11be9f8f7c79397e788d09bfe35dcb55efe (diff) | |
download | CMake-96c882dcba7b26efca3fabf913a110eb630c3379.zip CMake-96c882dcba7b26efca3fabf913a110eb630c3379.tar.gz CMake-96c882dcba7b26efca3fabf913a110eb630c3379.tar.bz2 |
Merge topic 'lexer-null'
14d9a11b ListFileLexer: fix heap-buffer-overflow on malicious input
Acked-by: Kitware Robot <kwrobot@kitware.com>
Merge-request: !1153
-rw-r--r-- | Source/LexerParser/cmListFileLexer.c | 206 | ||||
-rw-r--r-- | Source/LexerParser/cmListFileLexer.in.l | 8 | ||||
-rw-r--r-- | Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt | 1 | ||||
-rw-r--r-- | Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt | 5 | ||||
-rw-r--r-- | Tests/RunCMake/Syntax/NullTerminatedArgument.cmake | bin | 0 -> 106 bytes | |||
-rw-r--r-- | Tests/RunCMake/Syntax/RunCMakeTest.cmake | 1 |
6 files changed, 123 insertions, 98 deletions
diff --git a/Source/LexerParser/cmListFileLexer.c b/Source/LexerParser/cmListFileLexer.c index 636a6fb..c6f524c 100644 --- a/Source/LexerParser/cmListFileLexer.c +++ b/Source/LexerParser/cmListFileLexer.c @@ -576,16 +576,16 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[77] = +static const flex_int16_t yy_accept[81] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 4, 25, 13, 22, 1, 16, 3, 13, 5, 6, 7, - 15, 23, 17, 19, 20, 21, 10, 11, 8, 12, - 9, 4, 13, 0, 13, 0, 22, 0, 0, 7, - 13, 0, 13, 0, 2, 0, 13, 17, 0, 18, - 10, 8, 4, 0, 14, 0, 0, 0, 0, 14, - 0, 0, 14, 0, 0, 0, 2, 14, 0, 0, - 0, 0, 0, 0, 0, 0 + 15, 23, 23, 17, 19, 20, 21, 17, 10, 11, + 8, 10, 12, 9, 24, 4, 13, 0, 13, 0, + 22, 0, 0, 7, 13, 0, 13, 0, 2, 0, + 13, 17, 0, 18, 10, 8, 4, 0, 14, 0, + 0, 0, 0, 14, 0, 0, 14, 0, 0, 0, + 2, 14, 0, 0, 0, 0, 0, 0, 0, 0 } ; static const YY_CHAR yy_ec[256] = @@ -620,104 +620,122 @@ static const YY_CHAR yy_ec[256] = 1, 1, 1, 1, 1 } ; -static const YY_CHAR yy_meta[16] = +static const YY_CHAR yy_meta[17] = { 0, 1, 1, 2, 3, 4, 3, 1, 3, 5, 6, - 1, 6, 1, 1, 7 + 1, 6, 1, 1, 7, 8 } ; -static const flex_int16_t yy_base[95] = +static const flex_int16_t yy_base[99] = { 0, - 0, 0, 13, 25, 14, 16, 17, 18, 90, 88, - 88, 39, 20, 237, 237, 74, 78, 237, 237, 13, - 54, 0, 71, 237, 237, 31, 0, 237, 73, 237, - 237, 0, 0, 65, 75, 0, 33, 30, 72, 0, - 0, 75, 70, 0, 74, 0, 0, 62, 70, 237, - 0, 63, 0, 85, 99, 65, 111, 62, 34, 0, - 54, 116, 0, 54, 127, 51, 237, 50, 0, 48, - 47, 39, 33, 29, 17, 237, 136, 143, 150, 157, - 164, 171, 178, 184, 191, 198, 201, 207, 214, 217, - 219, 225, 228, 230 + 0, 0, 14, 28, 42, 56, 70, 84, 18, 19, + 69, 100, 16, 323, 323, 55, 59, 323, 323, 13, + 115, 0, 323, 52, 323, 323, 21, 51, 0, 323, + 53, 0, 323, 323, 323, 0, 0, 126, 55, 0, + 25, 25, 53, 0, 0, 136, 53, 0, 57, 0, + 0, 42, 50, 323, 0, 43, 0, 146, 160, 45, + 172, 43, 26, 0, 42, 184, 0, 42, 195, 40, + 323, 40, 0, 38, 37, 34, 32, 31, 23, 323, + 211, 219, 227, 235, 243, 251, 259, 267, 274, 281, + 285, 291, 298, 302, 304, 310, 314, 316 } ; -static const flex_int16_t yy_def[95] = +static const flex_int16_t yy_def[99] = { 0, - 76, 1, 77, 77, 78, 78, 79, 79, 80, 80, - 76, 76, 76, 76, 76, 76, 12, 76, 76, 12, - 76, 81, 82, 76, 76, 82, 83, 76, 76, 76, - 76, 84, 12, 85, 12, 86, 76, 76, 87, 20, - 12, 88, 12, 21, 76, 89, 12, 82, 82, 76, - 83, 76, 84, 85, 76, 54, 85, 90, 76, 55, - 87, 88, 55, 62, 88, 91, 76, 55, 92, 93, - 90, 94, 91, 93, 94, 0, 76, 76, 76, 76, - 76, 76, 76, 76, 76, 76, 76, 76, 76, 76, - 76, 76, 76, 76 + 80, 1, 81, 81, 82, 82, 83, 83, 84, 84, + 80, 80, 80, 80, 80, 80, 12, 80, 80, 12, + 80, 85, 80, 86, 80, 80, 86, 86, 87, 80, + 80, 87, 80, 80, 80, 88, 12, 89, 12, 90, + 80, 80, 91, 20, 12, 92, 12, 21, 80, 93, + 12, 86, 86, 80, 87, 80, 88, 89, 80, 58, + 89, 94, 80, 59, 91, 92, 59, 66, 92, 95, + 80, 59, 96, 97, 94, 98, 95, 97, 98, 0, + 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80 } ; -static const flex_int16_t yy_nxt[253] = +static const flex_int16_t yy_nxt[340] = { 0, 12, 13, 14, 13, 15, 16, 17, 18, 19, 12, - 12, 20, 21, 22, 12, 24, 28, 25, 28, 28, - 28, 37, 40, 37, 40, 62, 26, 24, 29, 25, - 29, 31, 31, 50, 37, 48, 37, 54, 26, 33, - 59, 63, 45, 34, 59, 35, 45, 62, 33, 33, - 33, 33, 36, 33, 41, 55, 54, 58, 42, 63, - 43, 72, 60, 41, 44, 41, 45, 46, 41, 55, - 55, 56, 70, 52, 48, 49, 67, 66, 57, 63, - 60, 64, 58, 52, 49, 39, 38, 76, 65, 55, - 14, 56, 14, 76, 76, 76, 76, 76, 57, 55, - - 76, 76, 76, 34, 76, 68, 76, 76, 55, 55, - 55, 55, 69, 55, 54, 76, 54, 76, 54, 54, - 63, 76, 64, 76, 76, 76, 76, 76, 76, 65, - 62, 76, 62, 76, 62, 62, 23, 23, 23, 23, - 23, 23, 23, 27, 27, 27, 27, 27, 27, 27, - 30, 30, 30, 30, 30, 30, 30, 32, 32, 32, - 32, 32, 32, 32, 47, 76, 47, 47, 47, 47, - 47, 48, 76, 48, 76, 48, 48, 48, 51, 76, - 51, 51, 51, 51, 53, 76, 53, 53, 53, 53, - 53, 54, 76, 76, 54, 76, 54, 54, 33, 76, - - 33, 33, 33, 33, 33, 61, 61, 62, 76, 76, - 62, 76, 62, 62, 41, 76, 41, 41, 41, 41, - 41, 71, 71, 73, 73, 55, 76, 55, 55, 55, - 55, 55, 74, 74, 75, 75, 11, 76, 76, 76, - 76, 76, 76, 76, 76, 76, 76, 76, 76, 76, - 76, 76 + 12, 20, 21, 22, 12, 23, 25, 41, 26, 41, + 14, 14, 44, 54, 44, 52, 41, 27, 41, 28, + 25, 66, 26, 35, 35, 63, 63, 49, 49, 58, + 67, 27, 66, 28, 30, 59, 58, 62, 67, 76, + 64, 59, 74, 56, 52, 53, 31, 32, 30, 71, + 70, 64, 62, 56, 53, 53, 43, 42, 80, 80, + 31, 32, 30, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 34, 35, 30, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, 34, 35, + + 37, 80, 80, 80, 38, 80, 39, 80, 80, 37, + 37, 37, 37, 40, 37, 45, 80, 80, 80, 46, + 80, 47, 80, 80, 45, 48, 45, 49, 50, 45, + 59, 80, 60, 80, 80, 80, 80, 80, 80, 61, + 67, 80, 68, 80, 80, 80, 80, 80, 80, 69, + 59, 80, 60, 80, 80, 80, 80, 80, 80, 61, + 59, 80, 80, 80, 38, 80, 72, 80, 80, 59, + 59, 59, 59, 73, 59, 58, 80, 58, 80, 58, + 58, 80, 80, 80, 80, 80, 80, 58, 67, 80, + 68, 80, 80, 80, 80, 80, 80, 69, 66, 80, + + 66, 80, 66, 66, 80, 80, 80, 80, 80, 80, + 66, 24, 24, 24, 24, 24, 24, 24, 24, 29, + 29, 29, 29, 29, 29, 29, 29, 33, 33, 33, + 33, 33, 33, 33, 33, 36, 36, 36, 36, 36, + 36, 36, 36, 51, 80, 51, 51, 51, 51, 51, + 51, 52, 80, 52, 80, 52, 52, 52, 52, 55, + 80, 55, 55, 55, 55, 80, 55, 57, 80, 57, + 57, 57, 57, 57, 58, 80, 80, 58, 80, 58, + 58, 37, 80, 37, 37, 37, 37, 37, 37, 65, + 65, 66, 80, 80, 66, 80, 66, 66, 45, 80, + + 45, 45, 45, 45, 45, 45, 75, 75, 77, 77, + 59, 80, 59, 59, 59, 59, 59, 59, 78, 78, + 79, 79, 11, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, 80 } ; -static const flex_int16_t yy_chk[253] = +static const flex_int16_t yy_chk[340] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 3, 5, 3, 6, 7, - 8, 13, 20, 13, 20, 75, 3, 4, 5, 4, - 6, 7, 8, 26, 37, 26, 37, 74, 4, 12, - 38, 73, 38, 12, 59, 12, 59, 72, 12, 12, - 12, 12, 12, 12, 21, 71, 70, 68, 21, 66, - 21, 64, 61, 21, 21, 21, 21, 21, 21, 34, - 58, 34, 56, 52, 49, 48, 45, 43, 34, 42, - 39, 42, 35, 29, 23, 17, 16, 11, 42, 54, - 10, 54, 9, 0, 0, 0, 0, 0, 54, 55, - - 0, 0, 0, 55, 0, 55, 0, 0, 55, 55, - 55, 55, 55, 55, 57, 0, 57, 0, 57, 57, - 62, 0, 62, 0, 0, 0, 0, 0, 0, 62, - 65, 0, 65, 0, 65, 65, 77, 77, 77, 77, - 77, 77, 77, 78, 78, 78, 78, 78, 78, 78, - 79, 79, 79, 79, 79, 79, 79, 80, 80, 80, - 80, 80, 80, 80, 81, 0, 81, 81, 81, 81, - 81, 82, 0, 82, 0, 82, 82, 82, 83, 0, - 83, 83, 83, 83, 84, 0, 84, 84, 84, 84, - 84, 85, 0, 0, 85, 0, 85, 85, 86, 0, - - 86, 86, 86, 86, 86, 87, 87, 88, 0, 0, - 88, 0, 88, 88, 89, 0, 89, 89, 89, 89, - 89, 90, 90, 91, 91, 92, 0, 92, 92, 92, - 92, 92, 93, 93, 94, 94, 76, 76, 76, 76, - 76, 76, 76, 76, 76, 76, 76, 76, 76, 76, - 76, 76 + 1, 1, 1, 1, 1, 1, 3, 13, 3, 13, + 9, 10, 20, 27, 20, 27, 41, 3, 41, 3, + 4, 79, 4, 9, 10, 42, 63, 42, 63, 78, + 77, 4, 76, 4, 5, 75, 74, 72, 70, 68, + 65, 62, 60, 56, 53, 52, 5, 5, 6, 49, + 47, 43, 39, 31, 28, 24, 17, 16, 11, 0, + 6, 6, 7, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 7, 7, 8, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 8, 8, + + 12, 0, 0, 0, 12, 0, 12, 0, 0, 12, + 12, 12, 12, 12, 12, 21, 0, 0, 0, 21, + 0, 21, 0, 0, 21, 21, 21, 21, 21, 21, + 38, 0, 38, 0, 0, 0, 0, 0, 0, 38, + 46, 0, 46, 0, 0, 0, 0, 0, 0, 46, + 58, 0, 58, 0, 0, 0, 0, 0, 0, 58, + 59, 0, 0, 0, 59, 0, 59, 0, 0, 59, + 59, 59, 59, 59, 59, 61, 0, 61, 0, 61, + 61, 0, 0, 0, 0, 0, 0, 61, 66, 0, + 66, 0, 0, 0, 0, 0, 0, 66, 69, 0, + + 69, 0, 69, 69, 0, 0, 0, 0, 0, 0, + 69, 81, 81, 81, 81, 81, 81, 81, 81, 82, + 82, 82, 82, 82, 82, 82, 82, 83, 83, 83, + 83, 83, 83, 83, 83, 84, 84, 84, 84, 84, + 84, 84, 84, 85, 0, 85, 85, 85, 85, 85, + 85, 86, 0, 86, 0, 86, 86, 86, 86, 87, + 0, 87, 87, 87, 87, 0, 87, 88, 0, 88, + 88, 88, 88, 88, 89, 0, 0, 89, 0, 89, + 89, 90, 0, 90, 90, 90, 90, 90, 90, 91, + 91, 92, 0, 0, 92, 0, 92, 92, 93, 0, + + 93, 93, 93, 93, 93, 93, 94, 94, 95, 95, + 96, 0, 96, 96, 96, 96, 96, 96, 97, 97, + 98, 98, 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, 80 } ; /* Table of booleans, true if rule could match eol. */ @@ -1075,13 +1093,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 77 ) + if ( yy_current_state >= 81 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 237 ); + while ( yy_base[yy_current_state] != 323 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -1647,7 +1665,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { - YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 16); if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1656,7 +1674,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 77 ) + if ( yy_current_state >= 81 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -1676,7 +1694,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ char *yy_cp = yyg->yy_c_buf_p; - YY_CHAR yy_c = 1; + YY_CHAR yy_c = 16; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1685,11 +1703,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 77 ) + if ( yy_current_state >= 81 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 76); + yy_is_jam = (yy_current_state == 80); (void)yyg; return yy_is_jam ? 0 : yy_current_state; diff --git a/Source/LexerParser/cmListFileLexer.in.l b/Source/LexerParser/cmListFileLexer.in.l index 6ec8da4..f2fd538 100644 --- a/Source/LexerParser/cmListFileLexer.in.l +++ b/Source/LexerParser/cmListFileLexer.in.l @@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer); %x COMMENT MAKEVAR \$\([A-Za-z0-9_]*\) -UNQUOTED ([^ \t\r\n\(\)#\\\"[=]|\\.) +UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.) LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\" %% @@ -113,7 +113,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\" BEGIN(COMMENT); } -<COMMENT>.* { +<COMMENT>[^\0\n]* { lexer->column += yyleng; } @@ -168,7 +168,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\" BEGIN(BRACKET); } -<BRACKET,BRACKETEND>. { +<BRACKET,BRACKETEND>[^\0\n] { cmListFileLexerAppend(lexer, yytext, yyleng); lexer->column += yyleng; BEGIN(BRACKET); @@ -231,7 +231,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\" return 1; } -<STRING>. { +<STRING>[^\0\n] { cmListFileLexerAppend(lexer, yytext, yyleng); lexer->column += yyleng; } diff --git a/Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt b/Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt @@ -0,0 +1 @@ +1 diff --git a/Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt b/Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt new file mode 100644 index 0000000..f26754e --- /dev/null +++ b/Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt @@ -0,0 +1,5 @@ +CMake Error at NullTerminatedArgument.cmake:1: + Parse error. Function missing ending "\)". Instead found bad character + with text "". +Call Stack \(most recent call first\): + CMakeLists.txt:3 \(include\) diff --git a/Tests/RunCMake/Syntax/NullTerminatedArgument.cmake b/Tests/RunCMake/Syntax/NullTerminatedArgument.cmake Binary files differnew file mode 100644 index 0000000..c82aceb --- /dev/null +++ b/Tests/RunCMake/Syntax/NullTerminatedArgument.cmake diff --git a/Tests/RunCMake/Syntax/RunCMakeTest.cmake b/Tests/RunCMake/Syntax/RunCMakeTest.cmake index d1fbb16..628df91 100644 --- a/Tests/RunCMake/Syntax/RunCMakeTest.cmake +++ b/Tests/RunCMake/Syntax/RunCMakeTest.cmake @@ -55,6 +55,7 @@ run_cmake(BracketNoSpace5) run_cmake(Escape1) run_cmake(Escape2) run_cmake(EscapeCharsAllowed) +run_cmake(NullTerminatedArgument) include("${RunCMake_SOURCE_DIR}/EscapeCharsDisallowed.cmake") run_cmake(ParenNoSpace0) run_cmake(ParenNoSpace1) |