reactos/CMake
1
0
Fork 0
mirror of https://github.com/reactos/CMake.git synced 2024-11-24 03:59:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ListFileLexer: Do not match null bytes in input

Browse Source 
Extend the fix from commit v3.10.0-rc1~188^2 (ListFileLexer: fix
heap-buffer-overflow on malicious input, 2017-08-26) to apply to all
lexer token matches.  Replace all `.` with `[^\0\n]`.  Update all
`[^...]` match expressions to not match `\0`.

We cannot safely process null bytes in strings.

Fixes: #18124
This commit is contained in:
Brad King 2018-06-26 11:51:44 -04:00
parent ef5e2e8a62
commit b29842a818
6 changed files with 101 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
Source/LexerParser/cmListFileLexer.c
View File

@ -576,16 +576,16 @@ struct yy_trans_info
flex_int32_t yy_verify;
flex_int32_t yy_nxt;
};
static const flex_int16_t yy_accept[81] =
static const flex_int16_t yy_accept[79] =
{ 0,
0, 0, 0, 0, 0, 0, 0, 0, 4, 4,
25, 13, 22, 1, 16, 3, 13, 5, 6, 7,
15, 23, 23, 17, 19, 20, 21, 17, 10, 11,
8, 10, 12, 9, 24, 4, 13, 0, 13, 0,
22, 0, 0, 7, 13, 0, 13, 0, 2, 0,
13, 17, 0, 18, 10, 8, 4, 0, 14, 0,
0, 0, 0, 14, 0, 0, 14, 0, 0, 0,
2, 14, 0, 0, 0, 0, 0, 0, 0, 0
15, 23, 23, 17, 19, 20, 21, 24, 10, 11,
8, 12, 9, 4, 13, 0, 13, 0, 22, 0,
0, 7, 13, 0, 13, 0, 2, 0, 13, 17,
0, 18, 10, 8, 4, 0, 14, 0, 0, 0,
0, 14, 0, 0, 14, 0, 0, 0, 2, 14,
0, 0, 0, 0, 0, 0, 0, 0
} ;
static const YY_CHAR yy_ec[256] =
@ -623,89 +623,87 @@ static const YY_CHAR yy_ec[256] =
static const YY_CHAR yy_meta[17] =
{ 0,
1, 1, 2, 3, 4, 3, 1, 3, 5, 6,
1, 6, 1, 1, 7, 8
1, 6, 1, 1, 7, 2
} ;
static const flex_int16_t yy_base[99] =
static const flex_int16_t yy_base[97] =
{ 0,
0, 0, 14, 28, 42, 56, 70, 84, 18, 19,
69, 100, 16, 323, 323, 55, 59, 323, 323, 13,
115, 0, 323, 52, 323, 323, 21, 51, 0, 323,
53, 0, 323, 323, 323, 0, 0, 126, 55, 0,
25, 25, 53, 0, 0, 136, 53, 0, 57, 0,
0, 42, 50, 323, 0, 43, 0, 146, 160, 45,
172, 43, 26, 0, 42, 184, 0, 42, 195, 40,
323, 40, 0, 38, 37, 34, 32, 31, 23, 323,
211, 219, 227, 235, 243, 251, 259, 267, 274, 281,
285, 291, 298, 302, 304, 310, 314, 316
68, 100, 16, 298, 298, 54, 58, 298, 298, 13,
115, 0, 298, 51, 298, 298, 21, 298, 0, 298,
53, 298, 298, 0, 0, 126, 55, 0, 25, 25,
53, 0, 0, 136, 53, 0, 57, 0, 0, 42,
50, 298, 0, 43, 0, 146, 160, 45, 172, 43,
26, 0, 42, 177, 0, 42, 188, 40, 298, 40,
0, 38, 37, 34, 32, 31, 23, 298, 197, 204,
211, 218, 225, 232, 239, 245, 252, 259, 262, 268,
275, 278, 280, 286, 289, 291
} ;
static const flex_int16_t yy_def[99] =
static const flex_int16_t yy_def[97] =
{ 0,
80, 1, 81, 81, 82, 82, 83, 83, 84, 84,
80, 80, 80, 80, 80, 80, 12, 80, 80, 12,
80, 85, 80, 86, 80, 80, 86, 86, 87, 80,
80, 87, 80, 80, 80, 88, 12, 89, 12, 90,
80, 80, 91, 20, 12, 92, 12, 21, 80, 93,
12, 86, 86, 80, 87, 80, 88, 89, 80, 58,
89, 94, 80, 59, 91, 92, 59, 66, 92, 95,
80, 59, 96, 97, 94, 98, 95, 97, 98, 0,
80, 80, 80, 80, 80, 80, 80, 80, 80, 80,
80, 80, 80, 80, 80, 80, 80, 80
78, 1, 79, 79, 80, 80, 81, 81, 82, 82,
78, 78, 78, 78, 78, 78, 12, 78, 78, 12,
78, 83, 78, 84, 78, 78, 84, 78, 85, 78,
78, 78, 78, 86, 12, 87, 12, 88, 78, 78,
89, 20, 12, 90, 12, 21, 78, 91, 12, 84,
84, 78, 85, 78, 86, 87, 78, 56, 87, 92,
78, 57, 89, 90, 57, 64, 90, 93, 78, 57,
94, 95, 92, 96, 93, 95, 96, 0, 78, 78,
78, 78, 78, 78, 78, 78, 78, 78, 78, 78,
78, 78, 78, 78, 78, 78
} ;
static const flex_int16_t yy_nxt[340] =
static const flex_int16_t yy_nxt[315] =
{ 0,
12, 13, 14, 13, 15, 16, 17, 18, 19, 12,
12, 20, 21, 22, 12, 23, 25, 41, 26, 41,
14, 14, 44, 54, 44, 52, 41, 27, 41, 28,
25, 66, 26, 35, 35, 63, 63, 49, 49, 58,
67, 27, 66, 28, 30, 59, 58, 62, 67, 76,
64, 59, 74, 56, 52, 53, 31, 32, 30, 71,
70, 64, 62, 56, 53, 53, 43, 42, 80, 80,
31, 32, 30, 80, 80, 80, 80, 80, 80, 80,
80, 80, 80, 80, 34, 35, 30, 80, 80, 80,
80, 80, 80, 80, 80, 80, 80, 80, 34, 35,
12, 20, 21, 22, 12, 23, 25, 39, 26, 39,
14, 14, 42, 52, 42, 50, 39, 27, 39, 28,
25, 64, 26, 28, 28, 61, 61, 47, 47, 56,
65, 27, 64, 28, 30, 57, 56, 60, 65, 74,
62, 57, 72, 54, 50, 51, 31, 28, 30, 69,
68, 62, 60, 54, 51, 41, 40, 78, 78, 78,
31, 28, 30, 78, 78, 78, 78, 78, 78, 78,
78, 78, 78, 78, 33, 28, 30, 78, 78, 78,
78, 78, 78, 78, 78, 78, 78, 78, 33, 28,
37, 80, 80, 80, 38, 80, 39, 80, 80, 37,
37, 37, 37, 40, 37, 45, 80, 80, 80, 46,
80, 47, 80, 80, 45, 48, 45, 49, 50, 45,
59, 80, 60, 80, 80, 80, 80, 80, 80, 61,
67, 80, 68, 80, 80, 80, 80, 80, 80, 69,
59, 80, 60, 80, 80, 80, 80, 80, 80, 61,
59, 80, 80, 80, 38, 80, 72, 80, 80, 59,
59, 59, 59, 73, 59, 58, 80, 58, 80, 58,
58, 80, 80, 80, 80, 80, 80, 58, 67, 80,
68, 80, 80, 80, 80, 80, 80, 69, 66, 80,
35, 78, 78, 78, 36, 78, 37, 78, 78, 35,
35, 35, 35, 38, 35, 43, 78, 78, 78, 44,
78, 45, 78, 78, 43, 46, 43, 47, 48, 43,
57, 78, 58, 78, 78, 78, 78, 78, 78, 59,
65, 78, 66, 78, 78, 78, 78, 78, 78, 67,
57, 78, 58, 78, 78, 78, 78, 78, 78, 59,
57, 78, 78, 78, 36, 78, 70, 78, 78, 57,
57, 57, 57, 71, 57, 56, 78, 56, 78, 56,
56, 65, 78, 66, 78, 78, 78, 78, 78, 78,
67, 64, 78, 64, 78, 64, 64, 24, 24, 24,
66, 80, 66, 66, 80, 80, 80, 80, 80, 80,
66, 24, 24, 24, 24, 24, 24, 24, 24, 29,
29, 29, 29, 29, 29, 29, 29, 33, 33, 33,
33, 33, 33, 33, 33, 36, 36, 36, 36, 36,
36, 36, 36, 51, 80, 51, 51, 51, 51, 51,
51, 52, 80, 52, 80, 52, 52, 52, 52, 55,
80, 55, 55, 55, 55, 80, 55, 57, 80, 57,
57, 57, 57, 57, 58, 80, 80, 58, 80, 58,
58, 37, 80, 37, 37, 37, 37, 37, 37, 65,
65, 66, 80, 80, 66, 80, 66, 66, 45, 80,
24, 24, 24, 24, 29, 29, 29, 29, 29, 29,
29, 32, 32, 32, 32, 32, 32, 32, 34, 34,
34, 34, 34, 34, 34, 49, 78, 49, 49, 49,
49, 49, 50, 78, 50, 78, 50, 50, 50, 53,
78, 53, 53, 53, 53, 55, 78, 55, 55, 55,
55, 55, 56, 78, 78, 56, 78, 56, 56, 35,
78, 35, 35, 35, 35, 35, 63, 63, 64, 78,
78, 64, 78, 64, 64, 43, 78, 43, 43, 43,
43, 43, 73, 73, 75, 75, 57, 78, 57, 57,
57, 57, 57, 76, 76, 77, 77, 11, 78, 78,
45, 45, 45, 45, 45, 45, 75, 75, 77, 77,
59, 80, 59, 59, 59, 59, 59, 59, 78, 78,
79, 79, 11, 80, 80, 80, 80, 80, 80, 80,
80, 80, 80, 80, 80, 80, 80, 80, 80
78, 78, 78, 78, 78, 78, 78, 78, 78, 78,
78, 78, 78, 78
} ;
static const flex_int16_t yy_chk[340] =
static const flex_int16_t yy_chk[315] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 3, 13, 3, 13,
9, 10, 20, 27, 20, 27, 41, 3, 41, 3,
4, 79, 4, 9, 10, 42, 63, 42, 63, 78,
77, 4, 76, 4, 5, 75, 74, 72, 70, 68,
65, 62, 60, 56, 53, 52, 5, 5, 6, 49,
47, 43, 39, 31, 28, 24, 17, 16, 11, 0,
9, 10, 20, 27, 20, 27, 39, 3, 39, 3,
4, 77, 4, 9, 10, 40, 61, 40, 61, 76,
75, 4, 74, 4, 5, 73, 72, 70, 68, 66,
63, 60, 58, 54, 51, 50, 5, 5, 6, 47,
45, 41, 37, 31, 24, 17, 16, 11, 0, 0,
6, 6, 7, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 7, 7, 8, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 8, 8,
@ -713,29 +711,27 @@ static const flex_int16_t yy_chk[340] =
12, 0, 0, 0, 12, 0, 12, 0, 0, 12,
12, 12, 12, 12, 12, 21, 0, 0, 0, 21,
0, 21, 0, 0, 21, 21, 21, 21, 21, 21,
38, 0, 38, 0, 0, 0, 0, 0, 0, 38,
46, 0, 46, 0, 0, 0, 0, 0, 0, 46,
58, 0, 58, 0, 0, 0, 0, 0, 0, 58,
59, 0, 0, 0, 59, 0, 59, 0, 0, 59,
59, 59, 59, 59, 59, 61, 0, 61, 0, 61,
61, 0, 0, 0, 0, 0, 0, 61, 66, 0,
66, 0, 0, 0, 0, 0, 0, 66, 69, 0,
36, 0, 36, 0, 0, 0, 0, 0, 0, 36,
44, 0, 44, 0, 0, 0, 0, 0, 0, 44,
56, 0, 56, 0, 0, 0, 0, 0, 0, 56,
57, 0, 0, 0, 57, 0, 57, 0, 0, 57,
57, 57, 57, 57, 57, 59, 0, 59, 0, 59,
59, 64, 0, 64, 0, 0, 0, 0, 0, 0,
64, 67, 0, 67, 0, 67, 67, 79, 79, 79,
69, 0, 69, 69, 0, 0, 0, 0, 0, 0,
69, 81, 81, 81, 81, 81, 81, 81, 81, 82,
82, 82, 82, 82, 82, 82, 82, 83, 83, 83,
83, 83, 83, 83, 83, 84, 84, 84, 84, 84,
84, 84, 84, 85, 0, 85, 85, 85, 85, 85,
85, 86, 0, 86, 0, 86, 86, 86, 86, 87,
0, 87, 87, 87, 87, 0, 87, 88, 0, 88,
88, 88, 88, 88, 89, 0, 0, 89, 0, 89,
89, 90, 0, 90, 90, 90, 90, 90, 90, 91,
91, 92, 0, 0, 92, 0, 92, 92, 93, 0,
79, 79, 79, 79, 80, 80, 80, 80, 80, 80,
80, 81, 81, 81, 81, 81, 81, 81, 82, 82,
82, 82, 82, 82, 82, 83, 0, 83, 83, 83,
83, 83, 84, 0, 84, 0, 84, 84, 84, 85,
0, 85, 85, 85, 85, 86, 0, 86, 86, 86,
86, 86, 87, 0, 0, 87, 0, 87, 87, 88,
0, 88, 88, 88, 88, 88, 89, 89, 90, 0,
0, 90, 0, 90, 90, 91, 0, 91, 91, 91,
91, 91, 92, 92, 93, 93, 94, 0, 94, 94,
94, 94, 94, 95, 95, 96, 96, 78, 78, 78,
93, 93, 93, 93, 93, 93, 94, 94, 95, 95,
96, 0, 96, 96, 96, 96, 96, 96, 97, 97,
98, 98, 80, 80, 80, 80, 80, 80, 80, 80,
80, 80, 80, 80, 80, 80, 80, 80, 80
78, 78, 78, 78, 78, 78, 78, 78, 78, 78,
78, 78, 78, 78
} ;
/* Table of booleans, true if rule could match eol. */
@ -1093,13 +1089,13 @@ yy_match:
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
if ( yy_current_state >= 81 )
if ( yy_current_state >= 79 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
++yy_cp;
}
while ( yy_base[yy_current_state] != 323 );
while ( yy_base[yy_current_state] != 298 );
yy_find_action:
yy_act = yy_accept[yy_current_state];
@ -1674,7 +1670,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
if ( yy_current_state >= 81 )
if ( yy_current_state >= 79 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
@ -1703,11 +1699,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
if ( yy_current_state >= 81 )
if ( yy_current_state >= 79 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
yy_is_jam = (yy_current_state == 80);
yy_is_jam = (yy_current_state == 78);
(void)yyg;
return yy_is_jam ? 0 : yy_current_state;

6
Source/LexerParser/cmListFileLexer.in.l
View File

@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer);
%x COMMENT
MAKEVAR \$\([A-Za-z0-9_]*\)
UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.)
UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\[^\0\n])
LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
%%
@ -156,7 +156,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
return 1;
}
<BRACKET>([^]\n])+ {
<BRACKET>([^]\0\n])+ {
cmListFileLexerAppend(lexer, yytext, yyleng);
lexer->column += yyleng;
}
@ -208,7 +208,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
BEGIN(STRING);
}
<STRING>([^\\\n\"]|\\.)+ {
<STRING>([^\\\0\n\"]|\\[^\0\n])+ {
cmListFileLexerAppend(lexer, yytext, yyleng);
lexer->column += yyleng;
}

1
Tests/RunCMake/Syntax/NullAfterBackslash-result.txt Normal file
View File

@ -0,0 +1 @@
1

5
Tests/RunCMake/Syntax/NullAfterBackslash-stderr.txt Normal file
View File

@ -0,0 +1,5 @@
CMake Error at NullAfterBackslash.cmake:1:
Parse error. Function missing ending "\)". Instead found bad character
with text "\\".
Call Stack \(most recent call first\):
CMakeLists.txt:3 \(include\)

BIN
Tests/RunCMake/Syntax/NullAfterBackslash.cmake Normal file
View File

Binary file not shown.

1
Tests/RunCMake/Syntax/RunCMakeTest.cmake
View File

@ -55,6 +55,7 @@ run_cmake(BracketNoSpace5)
run_cmake(Escape1)
run_cmake(Escape2)
run_cmake(EscapeCharsAllowed)
run_cmake(NullAfterBackslash)
run_cmake(NullTerminatedArgument)
include("${RunCMake_SOURCE_DIR}/EscapeCharsDisallowed.cmake")
run_cmake(ParenNoSpace0)