diff --git a/apache2/msc_util.c b/apache2/msc_util.c index ca8d1385..a9fcc97a 100644 --- a/apache2/msc_util.c +++ b/apache2/msc_util.c @@ -611,7 +611,8 @@ int js_decode_nonstrict_inplace(unsigned char *input, long int input_len) { count++; i += 6; } - else if ((i + 3 < input_len) && (input[i + 1] == 'x')) { + else if ( (i + 3 < input_len) && (input[i + 1] == 'x') + && VALID_HEX(input[i + 2]) && VALID_HEX(input[i + 3])) { /* \xHH */ *d++ = x2c(&input[i + 2]); count++;