From 41b123254c49c2ab29cad344eee8f7978dfce0f7 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Fri, 26 May 2017 21:40:11 +0000 Subject: [PATCH] short-circuit on NULL Submitted By: jchampion CVEID: CVE-2017-7668 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1796350 13f79535-47bb-0310-9956-ffa450edef68 --- server/util.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/server/util.c b/server/util.c index 24062ca111..5130a7b28a 100644 --- a/server/util.c +++ b/server/util.c @@ -1680,10 +1680,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t *p, const char *line, const char *tok) s = (const unsigned char *)line; for (;;) { - /* find start of token, skip all stop characters, note NUL - * isn't a token stop, so we don't need to test for it - */ - while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) { + /* find start of token, skip all stop characters */ + while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) { ++s; } if (!*s) { -- 2.50.1