From: Jim Jagielski <jim@apache.org>
Date: Tue, 15 Apr 2014 19:11:57 +0000 (+0000)
Subject: Merge r1584884 from trunk:
X-Git-Tag: 2.4.10~346
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=66758a3056d11b11f4384a4a25f2f3196242c2a1;p=apache

Merge r1584884 from trunk:

Do not scan past the end of the buffer.
If no terminating delimiter is found, just leave things as it is
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587692 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 5fca883691..c0c72613a9 100644
--- a/STATUS
+++ b/STATUS
@@ -134,10 +134,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk patch works (modulo CHANGES)
      +1: jailletc36, jim, ylavic
 
-   * mod_proxy_html: Do not scan past the end of the buffer.
-     trunk patch: https://svn.apache.org/r1584884
-     2.4.x patch: trunk patch works
-     +1: jailletc36, jim, ylavic
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/filters/mod_proxy_html.c b/modules/filters/mod_proxy_html.c
index a80ee80c1b..7a61e1ca81 100644
--- a/modules/filters/mod_proxy_html.c
+++ b/modules/filters/mod_proxy_html.c
@@ -676,7 +676,10 @@ static meta *metafix(request_rec *r, const char *buf)
                     while (*p && apr_isspace(*++p));
                     if ((*p == '\'') || (*p == '"')) {
                         delim = *p++;
-                        for (q = p; *q != delim; ++q);
+                        for (q = p; *q && *q != delim; ++q);
+                        /* No terminating delimiter found? Skip the boggus directive */
+                        if (*q != delim)
+                           break;
                     } else {
                         for (q = p; *q && !apr_isspace(*q) && (*q != '>'); ++q);
                     }