SECURITY: CVE-2017-7668 (cve.mitre.org)

      The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.

Merge r1796350 from trunk:
short-circuit on NULL

Submitted by: jchampion, covener
Reviewed by: covener, ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1796856 13f79535-47bb-0310-9956-ffa450edef68