Commit f822bb3d authored by Jacob Champion's avatar Jacob Champion
Browse files

util.c: ensure all TEST_CHAR loops stop at the null terminator 

In the aftermath of CVE-2017-7668, decouple the business logic ("is NULL
a T_HTTP_CTRL") from the postcondition ("must not go past the end of the
string"). The NULL-byte classification in the TEST_CHAR table may change
in the future.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799375 13f79535-47bb-0310-9956-ffa450edef68
parent 3d23a999

server/util.c

+4 −4
Original line number Diff line number Diff line
@@ -1526,7 +1526,7 @@ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, 
    while (!string_end) {

        const unsigned char c = (unsigned char)*cur;



        if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP)) {

        if (c && !TEST_CHAR(c, T_HTTP_TOKEN_STOP)) {

            /* Non-separator character; we are finished with leading

             * whitespace. We must never have encountered any trailing

             * whitespace before the delimiter (comma) */
@@ -1600,7 +1600,7 @@ AP_DECLARE(const char *) ap_parse_token_list_strict(apr_pool_t *p, 
 */

AP_DECLARE(const char *) ap_scan_http_field_content(const char *ptr)

{

    for ( ; !TEST_CHAR(*ptr, T_HTTP_CTRLS); ++ptr) ;

    for ( ; *ptr && !TEST_CHAR(*ptr, T_HTTP_CTRLS); ++ptr) ;



    return ptr;

}
@@ -1610,7 +1610,7 @@ AP_DECLARE(const char *) ap_scan_http_field_content(const char *ptr) 
 */

AP_DECLARE(const char *) ap_scan_http_token(const char *ptr)

{

    for ( ; !TEST_CHAR(*ptr, T_HTTP_TOKEN_STOP); ++ptr) ;

    for ( ; *ptr && !TEST_CHAR(*ptr, T_HTTP_TOKEN_STOP); ++ptr) ;



    return ptr;

}
@@ -1620,7 +1620,7 @@ AP_DECLARE(const char *) ap_scan_http_token(const char *ptr) 
 */

AP_DECLARE(const char *) ap_scan_vchar_obstext(const char *ptr)

{

    for ( ; TEST_CHAR(*ptr, T_VCHAR_OBSTEXT); ++ptr) ;

    for ( ; *ptr && TEST_CHAR(*ptr, T_VCHAR_OBSTEXT); ++ptr) ;



    return ptr;

}