ListFileLexer: Do not match null bytes in input

Extend the fix from commit v3.10.0-rc1~188^2 (ListFileLexer: fix
heap-buffer-overflow on malicious input, 2017-08-26) to apply to all
lexer token matches.  Replace all `.` with `[^\0\n]`.  Update all
`[^...]` match expressions to not match `\0`.

We cannot safely process null bytes in strings.

Fixes: #18124

Source/LexerParser/cmListFileLexer.c

@@ -576,16 +576,16 @@ struct yy_trans_info
 	flex_int32_t yy_verify;
 	flex_int32_t yy_nxt;
 	};
-static const flex_int16_t yy_accept[81] =
+static const flex_int16_t yy_accept[79] =
     {   0,
         0,    0,    0,    0,    0,    0,    0,    0,    4,    4,
        25,   13,   22,    1,   16,    3,   13,    5,    6,    7,
-       15,   23,   23,   17,   19,   20,   21,   17,   10,   11,
-        8,   10,   12,    9,   24,    4,   13,    0,   13,    0,
-       22,    0,    0,    7,   13,    0,   13,    0,    2,    0,
-       13,   17,    0,   18,   10,    8,    4,    0,   14,    0,
-        0,    0,    0,   14,    0,    0,   14,    0,    0,    0,
-        2,   14,    0,    0,    0,    0,    0,    0,    0,    0
+       15,   23,   23,   17,   19,   20,   21,   24,   10,   11,
+        8,   12,    9,    4,   13,    0,   13,    0,   22,    0,
+        0,    7,   13,    0,   13,    0,    2,    0,   13,   17,
+        0,   18,   10,    8,    4,    0,   14,    0,    0,    0,
+        0,   14,    0,    0,   14,    0,    0,    0,    2,   14,
+        0,    0,    0,    0,    0,    0,    0,    0
     } ;
 
 static const YY_CHAR yy_ec[256] =
@@ -623,89 +623,87 @@ static const YY_CHAR yy_ec[256] =
 static const YY_CHAR yy_meta[17] =
     {   0,
         1,    1,    2,    3,    4,    3,    1,    3,    5,    6,
-        1,    6,    1,    1,    7,    8
+        1,    6,    1,    1,    7,    2
     } ;
 
-static const flex_int16_t yy_base[99] =
+static const flex_int16_t yy_base[97] =
     {   0,
         0,    0,   14,   28,   42,   56,   70,   84,   18,   19,
-       69,  100,   16,  323,  323,   55,   59,  323,  323,   13,
-      115,    0,  323,   52,  323,  323,   21,   51,    0,  323,
-       53,    0,  323,  323,  323,    0,    0,  126,   55,    0,
-       25,   25,   53,    0,    0,  136,   53,    0,   57,    0,
-        0,   42,   50,  323,    0,   43,    0,  146,  160,   45,
-      172,   43,   26,    0,   42,  184,    0,   42,  195,   40,
-      323,   40,    0,   38,   37,   34,   32,   31,   23,  323,
-      211,  219,  227,  235,  243,  251,  259,  267,  274,  281,
-      285,  291,  298,  302,  304,  310,  314,  316
+       68,  100,   16,  298,  298,   54,   58,  298,  298,   13,
+      115,    0,  298,   51,  298,  298,   21,  298,    0,  298,
+       53,  298,  298,    0,    0,  126,   55,    0,   25,   25,
+       53,    0,    0,  136,   53,    0,   57,    0,    0,   42,
+       50,  298,    0,   43,    0,  146,  160,   45,  172,   43,
+       26,    0,   42,  177,    0,   42,  188,   40,  298,   40,
+        0,   38,   37,   34,   32,   31,   23,  298,  197,  204,
+      211,  218,  225,  232,  239,  245,  252,  259,  262,  268,
+      275,  278,  280,  286,  289,  291
 
     } ;
 
-static const flex_int16_t yy_def[99] =
+static const flex_int16_t yy_def[97] =
     {   0,
-       80,    1,   81,   81,   82,   82,   83,   83,   84,   84,
-       80,   80,   80,   80,   80,   80,   12,   80,   80,   12,
-       80,   85,   80,   86,   80,   80,   86,   86,   87,   80,
-       80,   87,   80,   80,   80,   88,   12,   89,   12,   90,
-       80,   80,   91,   20,   12,   92,   12,   21,   80,   93,
-       12,   86,   86,   80,   87,   80,   88,   89,   80,   58,
-       89,   94,   80,   59,   91,   92,   59,   66,   92,   95,
-       80,   59,   96,   97,   94,   98,   95,   97,   98,    0,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80
+       78,    1,   79,   79,   80,   80,   81,   81,   82,   82,
+       78,   78,   78,   78,   78,   78,   12,   78,   78,   12,
+       78,   83,   78,   84,   78,   78,   84,   78,   85,   78,
+       78,   78,   78,   86,   12,   87,   12,   88,   78,   78,
+       89,   20,   12,   90,   12,   21,   78,   91,   12,   84,
+       84,   78,   85,   78,   86,   87,   78,   56,   87,   92,
+       78,   57,   89,   90,   57,   64,   90,   93,   78,   57,
+       94,   95,   92,   96,   93,   95,   96,    0,   78,   78,
+       78,   78,   78,   78,   78,   78,   78,   78,   78,   78,
+       78,   78,   78,   78,   78,   78
 
     } ;
 
-static const flex_int16_t yy_nxt[340] =
+static const flex_int16_t yy_nxt[315] =
     {   0,
        12,   13,   14,   13,   15,   16,   17,   18,   19,   12,
-       12,   20,   21,   22,   12,   23,   25,   41,   26,   41,
-       14,   14,   44,   54,   44,   52,   41,   27,   41,   28,
-       25,   66,   26,   35,   35,   63,   63,   49,   49,   58,
-       67,   27,   66,   28,   30,   59,   58,   62,   67,   76,
-       64,   59,   74,   56,   52,   53,   31,   32,   30,   71,
-       70,   64,   62,   56,   53,   53,   43,   42,   80,   80,
-       31,   32,   30,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   34,   35,   30,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   34,   35,
-
-       37,   80,   80,   80,   38,   80,   39,   80,   80,   37,
-       37,   37,   37,   40,   37,   45,   80,   80,   80,   46,
-       80,   47,   80,   80,   45,   48,   45,   49,   50,   45,
-       59,   80,   60,   80,   80,   80,   80,   80,   80,   61,
-       67,   80,   68,   80,   80,   80,   80,   80,   80,   69,
-       59,   80,   60,   80,   80,   80,   80,   80,   80,   61,
-       59,   80,   80,   80,   38,   80,   72,   80,   80,   59,
-       59,   59,   59,   73,   59,   58,   80,   58,   80,   58,
-       58,   80,   80,   80,   80,   80,   80,   58,   67,   80,
-       68,   80,   80,   80,   80,   80,   80,   69,   66,   80,
-
-       66,   80,   66,   66,   80,   80,   80,   80,   80,   80,
-       66,   24,   24,   24,   24,   24,   24,   24,   24,   29,
-       29,   29,   29,   29,   29,   29,   29,   33,   33,   33,
-       33,   33,   33,   33,   33,   36,   36,   36,   36,   36,
-       36,   36,   36,   51,   80,   51,   51,   51,   51,   51,
-       51,   52,   80,   52,   80,   52,   52,   52,   52,   55,
-       80,   55,   55,   55,   55,   80,   55,   57,   80,   57,
-       57,   57,   57,   57,   58,   80,   80,   58,   80,   58,
-       58,   37,   80,   37,   37,   37,   37,   37,   37,   65,
-       65,   66,   80,   80,   66,   80,   66,   66,   45,   80,
-
-       45,   45,   45,   45,   45,   45,   75,   75,   77,   77,
-       59,   80,   59,   59,   59,   59,   59,   59,   78,   78,
-       79,   79,   11,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80
+       12,   20,   21,   22,   12,   23,   25,   39,   26,   39,
+       14,   14,   42,   52,   42,   50,   39,   27,   39,   28,
+       25,   64,   26,   28,   28,   61,   61,   47,   47,   56,
+       65,   27,   64,   28,   30,   57,   56,   60,   65,   74,
+       62,   57,   72,   54,   50,   51,   31,   28,   30,   69,
+       68,   62,   60,   54,   51,   41,   40,   78,   78,   78,
+       31,   28,   30,   78,   78,   78,   78,   78,   78,   78,
+       78,   78,   78,   78,   33,   28,   30,   78,   78,   78,
+       78,   78,   78,   78,   78,   78,   78,   78,   33,   28,
+
+       35,   78,   78,   78,   36,   78,   37,   78,   78,   35,
+       35,   35,   35,   38,   35,   43,   78,   78,   78,   44,
+       78,   45,   78,   78,   43,   46,   43,   47,   48,   43,
+       57,   78,   58,   78,   78,   78,   78,   78,   78,   59,
+       65,   78,   66,   78,   78,   78,   78,   78,   78,   67,
+       57,   78,   58,   78,   78,   78,   78,   78,   78,   59,
+       57,   78,   78,   78,   36,   78,   70,   78,   78,   57,
+       57,   57,   57,   71,   57,   56,   78,   56,   78,   56,
+       56,   65,   78,   66,   78,   78,   78,   78,   78,   78,
+       67,   64,   78,   64,   78,   64,   64,   24,   24,   24,
+
+       24,   24,   24,   24,   29,   29,   29,   29,   29,   29,
+       29,   32,   32,   32,   32,   32,   32,   32,   34,   34,
+       34,   34,   34,   34,   34,   49,   78,   49,   49,   49,
+       49,   49,   50,   78,   50,   78,   50,   50,   50,   53,
+       78,   53,   53,   53,   53,   55,   78,   55,   55,   55,
+       55,   55,   56,   78,   78,   56,   78,   56,   56,   35,
+       78,   35,   35,   35,   35,   35,   63,   63,   64,   78,
+       78,   64,   78,   64,   64,   43,   78,   43,   43,   43,
+       43,   43,   73,   73,   75,   75,   57,   78,   57,   57,
+       57,   57,   57,   76,   76,   77,   77,   11,   78,   78,
+
+       78,   78,   78,   78,   78,   78,   78,   78,   78,   78,
+       78,   78,   78,   78
     } ;
 
-static const flex_int16_t yy_chk[340] =
+static const flex_int16_t yy_chk[315] =
     {   0,
         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
         1,    1,    1,    1,    1,    1,    3,   13,    3,   13,
-        9,   10,   20,   27,   20,   27,   41,    3,   41,    3,
-        4,   79,    4,    9,   10,   42,   63,   42,   63,   78,
-       77,    4,   76,    4,    5,   75,   74,   72,   70,   68,
-       65,   62,   60,   56,   53,   52,    5,    5,    6,   49,
-       47,   43,   39,   31,   28,   24,   17,   16,   11,    0,
+        9,   10,   20,   27,   20,   27,   39,    3,   39,    3,
+        4,   77,    4,    9,   10,   40,   61,   40,   61,   76,
+       75,    4,   74,    4,    5,   73,   72,   70,   68,   66,
+       63,   60,   58,   54,   51,   50,    5,    5,    6,   47,
+       45,   41,   37,   31,   24,   17,   16,   11,    0,    0,
         6,    6,    7,    0,    0,    0,    0,    0,    0,    0,
         0,    0,    0,    0,    7,    7,    8,    0,    0,    0,
         0,    0,    0,    0,    0,    0,    0,    0,    8,    8,
@@ -713,29 +711,27 @@ static const flex_int16_t yy_chk[340] =
        12,    0,    0,    0,   12,    0,   12,    0,    0,   12,
        12,   12,   12,   12,   12,   21,    0,    0,    0,   21,
         0,   21,    0,    0,   21,   21,   21,   21,   21,   21,
-       38,    0,   38,    0,    0,    0,    0,    0,    0,   38,
-       46,    0,   46,    0,    0,    0,    0,    0,    0,   46,
-       58,    0,   58,    0,    0,    0,    0,    0,    0,   58,
-       59,    0,    0,    0,   59,    0,   59,    0,    0,   59,
-       59,   59,   59,   59,   59,   61,    0,   61,    0,   61,
-       61,    0,    0,    0,    0,    0,    0,   61,   66,    0,
-       66,    0,    0,    0,    0,    0,    0,   66,   69,    0,
-
-       69,    0,   69,   69,    0,    0,    0,    0,    0,    0,
-       69,   81,   81,   81,   81,   81,   81,   81,   81,   82,
-       82,   82,   82,   82,   82,   82,   82,   83,   83,   83,
-       83,   83,   83,   83,   83,   84,   84,   84,   84,   84,
-       84,   84,   84,   85,    0,   85,   85,   85,   85,   85,
-       85,   86,    0,   86,    0,   86,   86,   86,   86,   87,
-        0,   87,   87,   87,   87,    0,   87,   88,    0,   88,
-       88,   88,   88,   88,   89,    0,    0,   89,    0,   89,
-       89,   90,    0,   90,   90,   90,   90,   90,   90,   91,
-       91,   92,    0,    0,   92,    0,   92,   92,   93,    0,
-
-       93,   93,   93,   93,   93,   93,   94,   94,   95,   95,
-       96,    0,   96,   96,   96,   96,   96,   96,   97,   97,
-       98,   98,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80
+       36,    0,   36,    0,    0,    0,    0,    0,    0,   36,
+       44,    0,   44,    0,    0,    0,    0,    0,    0,   44,
+       56,    0,   56,    0,    0,    0,    0,    0,    0,   56,
+       57,    0,    0,    0,   57,    0,   57,    0,    0,   57,
+       57,   57,   57,   57,   57,   59,    0,   59,    0,   59,
+       59,   64,    0,   64,    0,    0,    0,    0,    0,    0,
+       64,   67,    0,   67,    0,   67,   67,   79,   79,   79,
+
+       79,   79,   79,   79,   80,   80,   80,   80,   80,   80,
+       80,   81,   81,   81,   81,   81,   81,   81,   82,   82,
+       82,   82,   82,   82,   82,   83,    0,   83,   83,   83,
+       83,   83,   84,    0,   84,    0,   84,   84,   84,   85,
+        0,   85,   85,   85,   85,   86,    0,   86,   86,   86,
+       86,   86,   87,    0,    0,   87,    0,   87,   87,   88,
+        0,   88,   88,   88,   88,   88,   89,   89,   90,    0,
+        0,   90,    0,   90,   90,   91,    0,   91,   91,   91,
+       91,   91,   92,   92,   93,   93,   94,    0,   94,   94,
+       94,   94,   94,   95,   95,   96,   96,   78,   78,   78,
+
+       78,   78,   78,   78,   78,   78,   78,   78,   78,   78,
+       78,   78,   78,   78
     } ;
 
 /* Table of booleans, true if rule could match eol. */
@@ -1093,13 +1089,13 @@ yy_match:
 			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 				{
 				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 81 )
+				if ( yy_current_state >= 79 )
 					yy_c = yy_meta[yy_c];
 				}
 			yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
 			++yy_cp;
 			}
-		while ( yy_base[yy_current_state] != 323 );
+		while ( yy_base[yy_current_state] != 298 );
 
 yy_find_action:
 		yy_act = yy_accept[yy_current_state];
@@ -1674,7 +1670,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 			{
 			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 81 )
+			if ( yy_current_state >= 79 )
 				yy_c = yy_meta[yy_c];
 			}
 		yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
@@ -1703,11 +1699,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 		{
 		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 81 )
+		if ( yy_current_state >= 79 )
 			yy_c = yy_meta[yy_c];
 		}
 	yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
-	yy_is_jam = (yy_current_state == 80);
+	yy_is_jam = (yy_current_state == 78);
 
 	(void)yyg;
 	return yy_is_jam ? 0 : yy_current_state;

Source/LexerParser/cmListFileLexer.in.l

@@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer);
 %x COMMENT
 
 MAKEVAR \$\([A-Za-z0-9_]*\)
-UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.)
+UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\[^\0\n])
 LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
 
 %%
@@ -156,7 +156,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   return 1;
 }
 
-<BRACKET>([^]\n])+ {
+<BRACKET>([^]\0\n])+ {
   cmListFileLexerAppend(lexer, yytext, yyleng);
   lexer->column += yyleng;
 }
@@ -208,7 +208,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   BEGIN(STRING);
 }
 
-<STRING>([^\\\n\"]|\\.)+ {
+<STRING>([^\\\0\n\"]|\\[^\0\n])+ {
   cmListFileLexerAppend(lexer, yytext, yyleng);
   lexer->column += yyleng;
 }

Tests/RunCMake/Syntax/NullAfterBackslash-result.txt

@@ -0,0 +1 @@
+1

Tests/RunCMake/Syntax/NullAfterBackslash-stderr.txt

@@ -0,0 +1,5 @@
+CMake Error at NullAfterBackslash.cmake:1:
+  Parse error.  Function missing ending "\)".  Instead found bad character
+  with text "\\".
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)

Tests/RunCMake/Syntax/RunCMakeTest.cmake

@@ -55,6 +55,7 @@ run_cmake(BracketNoSpace5)
 run_cmake(Escape1)
 run_cmake(Escape2)
 run_cmake(EscapeCharsAllowed)
+run_cmake(NullAfterBackslash)
 run_cmake(NullTerminatedArgument)
 include("${RunCMake_SOURCE_DIR}/EscapeCharsDisallowed.cmake")
 run_cmake(ParenNoSpace0)