mod_mime: fix quoted pair scanning

Submitted By: ylavic
CVEID: CVE-2017-7679

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1797550 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index fe14268a922f2552b8bc3e51b8e5b950180cf5d8..d3a2ac2206081d0685d492a46773e9d6b9a71bce 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_mime: Fix error checking for quoted pairs.  [Yann Ylavic]
+
   *) core: Deprecate ap_get_basic_auth_pw() and add 
      ap_get_basic_auth_components(). 
      [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]

diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c
index f92119b633e474632efb6b48df1f99158d1b316b..28c53be132b455a5a31572d4a934705c68fbf7b9 100644 (file)
--- a/modules/http/mod_mime.c
+++ b/modules/http/mod_mime.c
@@ -528,9 +528,9 @@ static int is_quoted_pair(const char *s)
     int res = -1;
     int c;
 
-    if (((s + 1) != NULL) && (*s == '\\')) {
+    if (*s == '\\') {
         c = (int) *(s + 1);
-        if (apr_isascii(c)) {
+        if (c && apr_isascii(c)) {
             res = 1;
         }
     }