From d2dee97a31cf3aafae9588cb14e04982985d2398 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Wed, 19 Dec 2007 00:31:08 +0000
Subject: [PATCH] Fix jsDecode \xHH to verify HH is there and valid hex.  See
 #439.

---
 apache2/msc_util.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apache2/msc_util.c b/apache2/msc_util.c
index ca8d1385..a9fcc97a 100644
--- a/apache2/msc_util.c
+++ b/apache2/msc_util.c
@@ -611,7 +611,8 @@ int js_decode_nonstrict_inplace(unsigned char *input, long int input_len) {
                 count++;
                 i += 6;
             }
-            else if ((i + 3 < input_len) && (input[i + 1] == 'x')) {
+            else if (   (i + 3 < input_len) && (input[i + 1] == 'x')
+                     && VALID_HEX(input[i + 2]) && VALID_HEX(input[i + 3])) {
                 /* \xHH */
                 *d++ = x2c(&input[i + 2]);
                 count++;