parser: security: UTF-8 and NUL handling in literals.

A null byte in regex and string literals is being processed as
a #\nul instead of correctly turning into #\pnul. Bad UTF-8 is
not being rejected.

* parser.l (REGCHAR, LITCHAR): Use utf8_from_buffer to
properly convert yytext using its true length, rather than
utf8_from which assumes a null-terminated string. Thus
null bytes (including the case of a yytext being single NUL)
are handled properly. Check that the result is exactly one
character (null-terminated buffer, two characters wide).

* utf8.c (utf8_from): Unused function removed.

* utf8.h (utf8_from): Declaration removed.

0 files changed, 0 insertions, 0 deletions