Merge r1796350 from trunk:

      *) SECURITY: CVE-2017-7668 (cve.mitre.org)
         The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
         bug in token list parsing, which allows ap_find_token() to search past
         the end of its input string. By maliciously crafting a sequence of
         request headers, an attacker may be able to cause a segmentation fault,
         or to force ap_find_token() to return an incorrect value.
    
    Submitted By: jchampion
    Reviewed By: jchampion, wrowe, ylavic
    
diff --git server/util.c server/util.c
index 054cc17..9a805b6 100644
--- server/util.c
+++ server/util.c
@@ -1513,10 +1513,8 @@ AP_DECLARE(int) ap_find_token(apr_pool_t *p, const char *line, const char *tok)
 
     s = (const unsigned char *)line;
     for (;;) {
-        /* find start of token, skip all stop characters, note NUL
-         * isn't a token stop, so we don't need to test for it
-         */
-        while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
+        /* find start of token, skip all stop characters */
+        while (*s && TEST_CHAR(*s, T_HTTP_TOKEN_STOP)) {
             ++s;
         }
         if (!*s) {