short-circuit on NULL

Submitted By: jchampion CVEID: CVE-2017-7668 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1796350 13f79535-47bb-0310-9956-ffa450edef68
author: Eric Covener <covener@apache.org> 2017-05-26 23:40:11 +0200
committer: Eric Covener <covener@apache.org> 2017-05-26 23:40:11 +0200
commit: 41b123254c49c2ab29cad344eee8f7978dfce0f7 (patch)
tree: cddef0b353a29d3f1fd5917da462badca899438e /server/util.c
parent: core: deprecate and replace ap_get_basic_auth_pw (diff)
download: apache2-41b123254c49c2ab29cad344eee8f7978dfce0f7.tar.xz
apache2-41b123254c49c2ab29cad344eee8f7978dfce0f7.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/server/util.c b/server/util.c
index 24062ca111..5130a7b28a 100644
--- a/server/util.c
+++ b/server/util.c
@@ -1680,10 +1680,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t *p, const char *line, const char *tok)
 
     s = (const unsigned char *)line;
     for (;;) {
-        /* find start of token, skip all stop characters, note NUL
-         * isn't a token stop, so we don't need to test for it
-         */
-        while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
+        /* find start of token, skip all stop characters */
+        while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
             ++s;
         }
         if (!*s) {
author	Eric Covener <covener@apache.org>	2017-05-26 23:40:11 +0200
committer	Eric Covener <covener@apache.org>	2017-05-26 23:40:11 +0200
commit	41b123254c49c2ab29cad344eee8f7978dfce0f7 (patch)
tree	cddef0b353a29d3f1fd5917da462badca899438e /server/util.c
parent	core: deprecate and replace ap_get_basic_auth_pw (diff)
download	apache2-41b123254c49c2ab29cad344eee8f7978dfce0f7.tar.xz apache2-41b123254c49c2ab29cad344eee8f7978dfce0f7.zip