Apache HTTP Server 2.4.7 dav_xml_get

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

--- httpd/httpd/trunk/modules/dav/main/util.c	2013/10/03 05:29:35	1528718
+++ httpd/httpd/trunk/modules/dav/main/util.c	2014/01/08 02:40:38	1556428
@@ -396,8 +396,10 @@
 
     if (strip_white) {
         /* trim leading whitespace */
-        while (apr_isspace(*cdata))     /* assume: return false for '\0' */
+        while (apr_isspace(*cdata)) {     /* assume: return false for '\0' */
             ++cdata;
+            --len;
+        }
 
         /* trim trailing whitespace */
         while (len-- > 0 && apr_isspace(cdata[len]))