SECURITY: CVE-2017-7668 (cve.mitre.org)

      The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.

Merge r1796350 from trunk:
short-circuit on NULL

Submitted By: jchampion
Reviewed By: jchampion, wrowe, ylavic


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1799228 13f79535-47bb-0310-9956-ffa450edef68