> -----Original Message----- > From: Eric Covener [mailto:[email protected]] > Sent: Samstag, 29. August 2015 16:02 > To: Apache HTTP Server Development List > Subject: Re: svn commit: r1610674 - in /httpd/httpd/trunk: > include/ap_mmn.h include/httpd.h modules/proxy/mod_proxy_http.c > modules/proxy/proxy_util.c server/util.c > > On Sat, Aug 29, 2015 at 1:51 AM, Christophe JAILLET > <[email protected]> wrote: > > If i understand correctly, if we find an invalid char and > 'skip_invalid', we > > first look for the next comma and start searching for new token from > there. > > If no comma is found before the trailing NULL, then nothing more can be > > found and we end the processing. > > > > So shouldn't this be: > > cur = temp + 1; > > (i.e. go to the character *following* the comma) > > > > Not tested, but I think that if the invalid character is the one just > before > > the comma, then we loop forever. > > I think the bottom of the loop has cur++ and there is no break in this > path, so the next iteration will start on the separator and treat it > as an empty token?
Exactly. > > > Also if the: > > temp = ap_strchr_c(cur, '\0'); > > above is supposed to reach the end of the string and stop processing, we > > have the same problem and can loop forever if the last non-NULL char is > the > > invalid char. > > Same as above I think? My thought as well. Regards Rüdiger
