From 5a2b3f8c4b6ca5a92e5f975c4c6ddf8564b6409c Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Sat, 20 Jun 2015 18:07:50 +0200
Subject: capture_to_close() wasn't checked (it returns -1 on error) and caused
 a panic when using a ")(" pattern.

Found by Sebastien Marie
---
 httpd/patterns.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/httpd/patterns.c b/httpd/patterns.c
index b7cb381..23c7083 100644
--- a/httpd/patterns.c
+++ b/httpd/patterns.c
@@ -291,6 +291,8 @@ end_capture(struct match_state *ms, const char *s, const char *p)
 {
 	int l = capture_to_close(ms);
 	const char *res;
+	if (l == -1)
+		return NULL;
 	/* close capture */
 	ms->capture[l].len = s - ms->capture[l].init;
 	/* undo capture if match failed */
-- 
cgit v1.2.3-54-g00ecf