Sorry but I reraise my objection and veto worthless cpu cycles. The correct fix to your concern is to document all expected behavior of the null but in gen_test_char.c - and in such tests a /* !c && */ notation is fine.
Due to the way we assemble the code, I'm not convinced it that any compiler can optimize away these infrequent cases. But there were only two questionable values for \0, and in this case the answer is obvious. Invert the rule to a TOKEN char from the rather dubious TOKEN_STOP definition. Solved. On Jun 20, 2017 18:08, <jchamp...@apache.org> wrote: > Author: jchampion > Date: Tue Jun 20 23:08:19 2017 > New Revision: 1799375 > > URL: http://svn.apache.org/viewvc?rev=1799375&view=rev > Log: > util.c: ensure all TEST_CHAR loops stop at the null terminator > > In the aftermath of CVE-2017-7668, decouple the business logic ("is NULL > a T_HTTP_CTRL") from the postcondition ("must not go past the end of the > string"). The NULL-byte classification in the TEST_CHAR table may change > in the future. > > Modified: > httpd/httpd/trunk/server/util.c > > Modified: httpd/httpd/trunk/server/util.c > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util. > c?rev=1799375&r1=1799374&r2=1799375&view=diff > ============================================================ > ================== > --- httpd/httpd/trunk/server/util.c (original) > +++ httpd/httpd/trunk/server/util.c Tue Jun 20 23:08:19 2017 > @@ -1526,7 +1526,7 @@ AP_DECLARE(const char *) ap_parse_token_ > while (!string_end) { > const unsigned char c = (unsigned char)*cur; > > - if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP)) { > + if (c && !TEST_CHAR(c, T_HTTP_TOKEN_STOP)) { > /* Non-separator character; we are finished with leading > * whitespace. We must never have encountered any trailing > * whitespace before the delimiter (comma) */ > @@ -1600,7 +1600,7 @@ AP_DECLARE(const char *) ap_parse_token_ > */ > AP_DECLARE(const char *) ap_scan_http_field_content(const char *ptr) > { > - for ( ; !TEST_CHAR(*ptr, T_HTTP_CTRLS); ++ptr) ; > + for ( ; *ptr && !TEST_CHAR(*ptr, T_HTTP_CTRLS); ++ptr) ; > > return ptr; > } > @@ -1610,7 +1610,7 @@ AP_DECLARE(const char *) ap_scan_http_fi > */ > AP_DECLARE(const char *) ap_scan_http_token(const char *ptr) > { > - for ( ; !TEST_CHAR(*ptr, T_HTTP_TOKEN_STOP); ++ptr) ; > + for ( ; *ptr && !TEST_CHAR(*ptr, T_HTTP_TOKEN_STOP); ++ptr) ; > > return ptr; > } > @@ -1620,7 +1620,7 @@ AP_DECLARE(const char *) ap_scan_http_to > */ > AP_DECLARE(const char *) ap_scan_vchar_obstext(const char *ptr) > { > - for ( ; TEST_CHAR(*ptr, T_VCHAR_OBSTEXT); ++ptr) ; > + for ( ; *ptr && TEST_CHAR(*ptr, T_VCHAR_OBSTEXT); ++ptr) ; > > return ptr; > } > > >
