current/SOURCES/apache-2.4.10-CVE-2017-7668.diff

#commit a585e36e06a53170be6d2d462ceb5b30b8382988
#Author: Jim Jagielski <jim@apache.org>
#Date:   Tue May 30 12:28:20 2017 +0000
#
#    Merge r1796350 from trunk:
#    
#    short-circuit on NULL
#    
#    Submitted By: jchampion
#    
#    
#    Submitted by: covener
#    Reviewed by: covener, ylavic, jim
#    
#    
#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796856 13f79535-47bb-0310-9956-ffa450edef68
#
--- apache2.orig/server/util.c
+++ apache2/server/util.c
@@ -1506,10 +1506,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t
 
     s = (const unsigned char *)line;
     for (;;) {
-        /* find start of token, skip all stop characters, note NUL
-         * isn't a token stop, so we don't need to test for it
-         */
-        while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
+        /* find start of token, skip all stop characters */
+        while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
             ++s;
         }
         if (!*s) {
1	#commit a585e36e06a53170be6d2d462ceb5b30b8382988
2	#Author: Jim Jagielski <jim@apache.org>
3	#Date: Tue May 30 12:28:20 2017 +0000
4	#
5	# Merge r1796350 from trunk:
6	#
7	# short-circuit on NULL
8	#
9	# Submitted By: jchampion
10	#
11	#
12	# Submitted by: covener
13	# Reviewed by: covener, ylavic, jim
14	#
15	#
16	# git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796856 13f79535-47bb-0310-9956-ffa450edef68
17	#
18	--- apache2.orig/server/util.c
19	+++ apache2/server/util.c
20	@@ -1506,10 +1506,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t
21
22	s = (const unsigned char *)line;
23	for (;;) {
24	- /* find start of token, skip all stop characters, note NUL
25	- * isn't a token stop, so we don't need to test for it
26	- */
27	- while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
28	+ /* find start of token, skip all stop characters */
29	+ while (s && TEST_CHAR(s, T_HTTP_TOKEN_STOP)) {
30	++s;
31	}
32	if (!*s) {