ListFileLexer: Do not match null bytes in input

Extend the fix from commit v3.10.0-rc1~188^2 (ListFileLexer: fix
heap-buffer-overflow on malicious input, 2017-08-26) to apply to all
lexer token matches.  Replace all `.` with `[^\0\n]`.  Update all
`[^...]` match expressions to not match `\0`.

We cannot safely process null bytes in strings.

Fixes: #18124

1 files changed, 3 insertions, 3 deletions

diff --git a/Source/LexerParser/cmListFileLexer.in.l b/Source/LexerParser/cmListFileLexer.in.l
index f2fd538..23c7e49 100644
--- a/Source/LexerParser/cmListFileLexer.in.l
+++ b/Source/LexerParser/cmListFileLexer.in.l
@@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer);
 %x COMMENT
 
 MAKEVAR \$\([A-Za-z0-9_]*\)
-UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.)
+UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\[^\0\n])
 LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
 
 %%
@@ -156,7 +156,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   return 1;
 }
 
-<BRACKET>([^]\n])+ {
+<BRACKET>([^]\0\n])+ {
   cmListFileLexerAppend(lexer, yytext, yyleng);
   lexer->column += yyleng;
 }
@@ -208,7 +208,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   BEGIN(STRING);
 }
 
-<STRING>([^\\\n\"]|\\.)+ {
+<STRING>([^\\\0\n\"]|\\[^\0\n])+ {
   cmListFileLexerAppend(lexer, yytext, yyleng);
   lexer->column += yyleng;
 }