Do not perform a p+= 7 that could go past the end of the buffer in ca…

…se we find a 'content' without a corresponding '='. Should we need to deal with this case, a new search should be performed to find the real starting position of another potential 'content=' pattern. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1584896 13f79535-47bb-0310-9956-ffa450edef68
apache · Apr 4, 2014 · 69061d8 · 69061d8
1 parent 769f04c
commit 69061d8
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/modules/filters/mod_proxy_html.c b/modules/filters/mod_proxy_html.c
@@ -672,8 +672,9 @@ static meta *metafix(request_rec *r, const char *buf)
                     p += 7;
                     while (apr_isspace(*p))
                         ++p;
+                    /* XXX Should we search for another content= pattern? */
                     if (*p != '=')
-                        continue;
+                        break;
                     while (*p && apr_isspace(*++p));
                     if ((*p == '\'') || (*p == '"')) {
                         delim = *p++;