From: Jan Kaluža Date: Thu, 11 Sep 2014 09:18:38 +0000 (+0000) Subject: SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1406f165f5cacb306e7f47a246aabbd10fba19ee;p=thirdparty%2Fapache%2Fhttpd.git SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference in Content-Type handling. mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. Submitted By: Mark Montague Reviewed By: Jan Kaluza git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1624234 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7e3c478519a..deed72ceef1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) SECURITY: CVE-2014-3581 (cve.mitre.org) + mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. + [Mark Montague , Jan Kaluza] + *) mod_proxy: Now allow for 191 character worker names, with non-fatal errors if name is truncated. PR53218. [Jim Jagielski] diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c index 5b57003dd95..6862b5335d2 100644 --- a/modules/cache/cache_util.c +++ b/modules/cache/cache_util.c @@ -1276,8 +1276,10 @@ apr_table_t *cache_merge_headers_out(request_rec *r) if (r->content_type && !apr_table_get(headers_out, "Content-Type")) { - apr_table_setn(headers_out, "Content-Type", - ap_make_content_type(r, r->content_type)); + const char *ctype = ap_make_content_type(r, r->content_type); + if (ctype) { + apr_table_setn(headers_out, "Content-Type", ctype); + } } if (r->content_encoding