From: Eric Covener <covener@apache.org>
Date: Sat, 3 Jun 2017 22:04:47 +0000 (+0000)
Subject: mod_mime: fix quoted pair scanning
X-Git-Tag: 2.5.0-alpha~389
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c18ad646a55a0ea3819793cb15830321ed4ab160;p=apache

mod_mime: fix quoted pair scanning


Submitted By: ylavic
CVEID: CVE-2017-7679


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1797550 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index fe14268a92..d3a2ac2206 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_mime: Fix error checking for quoted pairs.  [Yann Ylavic]
+
   *) core: Deprecate ap_get_basic_auth_pw() and add 
      ap_get_basic_auth_components(). 
      [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]
diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c
index f92119b633..28c53be132 100644
--- a/modules/http/mod_mime.c
+++ b/modules/http/mod_mime.c
@@ -528,9 +528,9 @@ static int is_quoted_pair(const char *s)
     int res = -1;
     int c;
 
-    if (((s + 1) != NULL) && (*s == '\\')) {
+    if (*s == '\\') {
         c = (int) *(s + 1);
-        if (apr_isascii(c)) {
+        if (c && apr_isascii(c)) {
             res = 1;
         }
     }