scanner_get_token: robustness improvement

Patch to make scanner_get_token more robust (avoid over-reading).

ChangeLog

@@ -2,16 +2,9 @@
 Version 1.6.19
 *******************************************************************************
 
-2013-07-30 Robert Buckley <rbuckley(at)users.sf.net>
+2013-08-13 Peng <howtofly(at)gmail.com>
 
-	SF ticket #53 Action Error Response not returned
-
-	In soap_ctrlpt.c, in function get_response_value:
-
-	upnp_error_code is checked to see if it is less than 400 because that
-	would indicate a SOAP error code.
-
-	However it should be checked to see if it is greater than 400.
+	Patch to make scanner_get_token more robust (avoid over-reading).
 
 2013-07-30 Zheng Peng <darkelf2010(at)users.sf.net>
 

THANKS

@@ -54,6 +54,7 @@ exempt of errors.
 - Oskar Liljeblad
 - Michael (oxygenic)
 - Paul Vixie
+- Peng
 - Peter Hartley
 - Rene Hexel
 - Robert Buckley (rbuckley)

upnp/src/genlib/net/http/httpparser.c

@@ -243,7 +243,7 @@ static parse_status_t scanner_get_token(
 		/* scan identifier */
 		token->buf = cursor++;
 		token_type = TT_IDENTIFIER;
-		while (is_identifier_char(*cursor))
+		while (cursor < null_terminator && is_identifier_char(*cursor))
 			cursor++;
 		if (!scanner->entire_msg_loaded && cursor == null_terminator)
 			/* possibly more valid chars */
@@ -253,7 +253,7 @@ static parse_status_t scanner_get_token(
 	} else if (c == ' ' || c == '\t') {
 		token->buf = cursor++;
 		token_type = TT_WHITESPACE;
-		while (*cursor == ' ' || *cursor == '\t')
+		while (cursor < null_terminator && (*cursor == ' ' || *cursor == '\t'))
 			cursor++;
 		if (!scanner->entire_msg_loaded && cursor == null_terminator)
 			/* possibly more chars */