You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/09/26 13:00:14 UTC
svn commit: r1627749 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
modules/cache/cache_util.c
Author: jim
Date: Fri Sep 26 11:00:14 2014
New Revision: 1627749
URL: http://svn.apache.org/r1627749
Log:
Merge r1624234 from trunk:
SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
in Content-Type handling.
mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
Submitted By: Mark Montague <mark catseye.org>
Reviewed By: Jan Kaluza
Submitted by: jkaluza
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1624234
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1627749&r1=1627748&r2=1627749&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 26 11:00:14 2014
@@ -2,6 +2,10 @@
Changes with Apache 2.4.11
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value.
+ PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
+
*) mod_cache: Avoid sending 304 responses during failed revalidations
PR56881. [Eric Covener]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1627749&r1=1627748&r2=1627749&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 26 11:00:14 2014
@@ -102,11 +102,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_cache: CVE-2014-3581 - Avoid a crash when Content-Type has an empty
- value. PR56924.
- trunk patch: http://svn.apache.org/r1624234
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: jkaluza, jim, ylavic
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
Modified: httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/cache/cache_util.c?rev=1627749&r1=1627748&r2=1627749&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/cache/cache_util.c (original)
+++ httpd/httpd/branches/2.4.x/modules/cache/cache_util.c Fri Sep 26 11:00:14 2014
@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding
Re: svn commit: r1627749 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
STATUS modules/cache/cache_util.c
Posted by Mike Rumph <mi...@oracle.com>.
Hello Eric,
Okay. Thanks.
I must have missed that discussion.
I just now compared ap_make_content_type in both 2.2 and 2.4.
It looks like you are correct.
Some code to return NULL was added in 2.4.
So there is no need to check the return from ap_make_content_type for NULL.
Sorry for the noise.
Take care,
Mike
On 10/14/2014 10:03 AM, Eric Covener wrote:
> I thought at the time, the discussion was that ap_make_content_type
> in those releases never returned NULL.
>
> On Tue, Oct 14, 2014 at 1:01 PM, Mike Rumph <mike.rumph@oracle.com
> <ma...@oracle.com>> wrote:
>
> In 2.2 code, this problem is actually in two places.
> It is also in the store_headers function in
> modules/cache/mod_mem_cache.c.
>
>
> On 10/14/2014 8:40 AM, Mike Rumph wrote:
>
> Hello Jim and Jan,
>
> I am considering a proposal of backporting this fix to the 2.2
> branch.
> At first look, this fix doesn't apply to 2.2 code.
> But I noticed that the pertinent code has been refactored
> between 2.2 and 2.4.
> The same problem exists in 2.2, but just in a different location.
> In 2.2, the problem is in the store_headers function in
> modules/cache/mod_disk_cache.c.
>
> Are either of you interested in working a patch for this?
> Otherwise, I will look at it myself in a few days.
>
> Thanks,
>
> Mike Rumph
>
> On 9/26/2014 4:00 AM, jim@apache.org <ma...@apache.org>
> wrote:
>
> Author: jim
> Date: Fri Sep 26 11:00:14 2014
> New Revision: 1627749
>
> URL: http://svn.apache.org/r1627749
> Log:
> Merge r1624234 from trunk:
>
> SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer
> deference
> in Content-Type handling.
>
> mod_cache: Avoid a crash when Content-Type has an empty
> value. PR56924.
>
> Submitted By: Mark Montague <mark catseye.org
> <http://catseye.org>>
> Reviewed By: Jan Kaluza
>
> Submitted by: jkaluza
> Reviewed/backported by: jim
>
> Modified:
> httpd/httpd/branches/2.4.x/ (props changed)
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/STATUS
> httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
>
> Propchange: httpd/httpd/branches/2.4.x/
> ------------------------------------------------------------------------------
>
> Merged /httpd/httpd/trunk:r1624234
>
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1627749&r1=1627748&r2=1627749&view=diff
> ==============================================================================
>
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 26
> 11:00:14 2014
> @@ -2,6 +2,10 @@
> Changes with Apache 2.4.11
> + *) SECURITY: CVE-2014-3581 (cve.mitre.org
> <http://cve.mitre.org>)
> + mod_cache: Avoid a crash when Content-Type has an
> empty value.
> + PR 56924. [Mark Montague <mark catseye.org
> <http://catseye.org>>, Jan Kaluza]
> +
> *) mod_cache: Avoid sending 304 responses during
> failed revalidations
> PR56881. [Eric Covener]
>
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1627749&r1=1627748&r2=1627749&view=diff
> ==============================================================================
>
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 26 11:00:14 2014
> @@ -102,11 +102,6 @@ RELEASE SHOWSTOPPERS:
> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
> [ start all new proposals below, under PATCHES PROPOSED. ]
> - * mod_cache: CVE-2014-3581 - Avoid a crash when
> Content-Type has an empty
> - value. PR56924.
> - trunk patch: http://svn.apache.org/r1624234
> - 2.4.x patch: trunk works (modulo CHANGES)
> - +1: jkaluza, jim, ylavic
> PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>
> Modified:
> httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/cache/cache_util.c?rev=1627749&r1=1627748&r2=1627749&view=diff
> ==============================================================================
>
> --- httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
> (original)
> +++ httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
> Fri Sep 26 11:00:14 2014
> @@ -1258,8 +1258,10 @@ apr_table_t
> *cache_merge_headers_out(req
> if (r->content_type
> && !apr_table_get(headers_out,
> "Content-Type")) {
> - apr_table_setn(headers_out, "Content-Type",
> - ap_make_content_type(r,
> r->content_type));
> + const char *ctype = ap_make_content_type(r,
> r->content_type);
> + if (ctype) {
> + apr_table_setn(headers_out, "Content-Type",
> ctype);
> + }
> }
> if (r->content_encoding
>
>
>
>
>
>
>
>
>
>
> --
> Eric Covener
> covener@gmail.com <ma...@gmail.com>
Re: svn commit: r1627749 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
STATUS modules/cache/cache_util.c
Posted by Eric Covener <co...@gmail.com>.
I thought at the time, the discussion was that ap_make_content_type in
those releases never returned NULL.
On Tue, Oct 14, 2014 at 1:01 PM, Mike Rumph <mi...@oracle.com> wrote:
> In 2.2 code, this problem is actually in two places.
> It is also in the store_headers function in modules/cache/mod_mem_cache.c.
>
>
> On 10/14/2014 8:40 AM, Mike Rumph wrote:
>
>> Hello Jim and Jan,
>>
>> I am considering a proposal of backporting this fix to the 2.2 branch.
>> At first look, this fix doesn't apply to 2.2 code.
>> But I noticed that the pertinent code has been refactored between 2.2 and
>> 2.4.
>> The same problem exists in 2.2, but just in a different location.
>> In 2.2, the problem is in the store_headers function in
>> modules/cache/mod_disk_cache.c.
>>
>> Are either of you interested in working a patch for this?
>> Otherwise, I will look at it myself in a few days.
>>
>> Thanks,
>>
>> Mike Rumph
>>
>> On 9/26/2014 4:00 AM, jim@apache.org wrote:
>>
>>> Author: jim
>>> Date: Fri Sep 26 11:00:14 2014
>>> New Revision: 1627749
>>>
>>> URL: http://svn.apache.org/r1627749
>>> Log:
>>> Merge r1624234 from trunk:
>>>
>>> SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
>>> in Content-Type handling.
>>>
>>> mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
>>>
>>> Submitted By: Mark Montague <mark catseye.org>
>>> Reviewed By: Jan Kaluza
>>>
>>> Submitted by: jkaluza
>>> Reviewed/backported by: jim
>>>
>>> Modified:
>>> httpd/httpd/branches/2.4.x/ (props changed)
>>> httpd/httpd/branches/2.4.x/CHANGES
>>> httpd/httpd/branches/2.4.x/STATUS
>>> httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
>>>
>>> Propchange: httpd/httpd/branches/2.4.x/
>>> ------------------------------------------------------------------------------
>>>
>>> Merged /httpd/httpd/trunk:r1624234
>>>
>>> Modified: httpd/httpd/branches/2.4.x/CHANGES
>>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/
>>> CHANGES?rev=1627749&r1=1627748&r2=1627749&view=diff
>>> ==============================================================================
>>>
>>> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
>>> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 26 11:00:14 2014
>>> @@ -2,6 +2,10 @@
>>> Changes with Apache 2.4.11
>>> + *) SECURITY: CVE-2014-3581 (cve.mitre.org)
>>> + mod_cache: Avoid a crash when Content-Type has an empty value.
>>> + PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
>>> +
>>> *) mod_cache: Avoid sending 304 responses during failed revalidations
>>> PR56881. [Eric Covener]
>>>
>>> Modified: httpd/httpd/branches/2.4.x/STATUS
>>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/
>>> STATUS?rev=1627749&r1=1627748&r2=1627749&view=diff
>>> ==============================================================================
>>>
>>> --- httpd/httpd/branches/2.4.x/STATUS (original)
>>> +++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 26 11:00:14 2014
>>> @@ -102,11 +102,6 @@ RELEASE SHOWSTOPPERS:
>>> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>>> [ start all new proposals below, under PATCHES PROPOSED. ]
>>> - * mod_cache: CVE-2014-3581 - Avoid a crash when Content-Type has
>>> an empty
>>> - value. PR56924.
>>> - trunk patch: http://svn.apache.org/r1624234
>>> - 2.4.x patch: trunk works (modulo CHANGES)
>>> - +1: jkaluza, jim, ylavic
>>> PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>>>
>>> Modified: httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
>>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/
>>> modules/cache/cache_util.c?rev=1627749&r1=1627748&r2=1627749&view=diff
>>> ==============================================================================
>>>
>>> --- httpd/httpd/branches/2.4.x/modules/cache/cache_util.c (original)
>>> +++ httpd/httpd/branches/2.4.x/modules/cache/cache_util.c Fri Sep 26
>>> 11:00:14 2014
>>> @@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
>>> if (r->content_type
>>> && !apr_table_get(headers_out, "Content-Type")) {
>>> - apr_table_setn(headers_out, "Content-Type",
>>> - ap_make_content_type(r, r->content_type));
>>> + const char *ctype = ap_make_content_type(r, r->content_type);
>>> + if (ctype) {
>>> + apr_table_setn(headers_out, "Content-Type", ctype);
>>> + }
>>> }
>>> if (r->content_encoding
>>>
>>>
>>>
>>>
>>
>>
>>
>
--
Eric Covener
covener@gmail.com
Re: svn commit: r1627749 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
STATUS modules/cache/cache_util.c
Posted by Mike Rumph <mi...@oracle.com>.
In 2.2 code, this problem is actually in two places.
It is also in the store_headers function in modules/cache/mod_mem_cache.c.
On 10/14/2014 8:40 AM, Mike Rumph wrote:
> Hello Jim and Jan,
>
> I am considering a proposal of backporting this fix to the 2.2 branch.
> At first look, this fix doesn't apply to 2.2 code.
> But I noticed that the pertinent code has been refactored between 2.2
> and 2.4.
> The same problem exists in 2.2, but just in a different location.
> In 2.2, the problem is in the store_headers function in
> modules/cache/mod_disk_cache.c.
>
> Are either of you interested in working a patch for this?
> Otherwise, I will look at it myself in a few days.
>
> Thanks,
>
> Mike Rumph
>
> On 9/26/2014 4:00 AM, jim@apache.org wrote:
>> Author: jim
>> Date: Fri Sep 26 11:00:14 2014
>> New Revision: 1627749
>>
>> URL: http://svn.apache.org/r1627749
>> Log:
>> Merge r1624234 from trunk:
>>
>> SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
>> in Content-Type handling.
>>
>> mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
>>
>> Submitted By: Mark Montague <mark catseye.org>
>> Reviewed By: Jan Kaluza
>>
>> Submitted by: jkaluza
>> Reviewed/backported by: jim
>>
>> Modified:
>> httpd/httpd/branches/2.4.x/ (props changed)
>> httpd/httpd/branches/2.4.x/CHANGES
>> httpd/httpd/branches/2.4.x/STATUS
>> httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
>>
>> Propchange: httpd/httpd/branches/2.4.x/
>> ------------------------------------------------------------------------------
>>
>> Merged /httpd/httpd/trunk:r1624234
>>
>> Modified: httpd/httpd/branches/2.4.x/CHANGES
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1627749&r1=1627748&r2=1627749&view=diff
>> ==============================================================================
>>
>> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
>> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 26 11:00:14 2014
>> @@ -2,6 +2,10 @@
>> Changes with Apache 2.4.11
>> + *) SECURITY: CVE-2014-3581 (cve.mitre.org)
>> + mod_cache: Avoid a crash when Content-Type has an empty value.
>> + PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
>> +
>> *) mod_cache: Avoid sending 304 responses during failed
>> revalidations
>> PR56881. [Eric Covener]
>>
>> Modified: httpd/httpd/branches/2.4.x/STATUS
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1627749&r1=1627748&r2=1627749&view=diff
>> ==============================================================================
>>
>> --- httpd/httpd/branches/2.4.x/STATUS (original)
>> +++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 26 11:00:14 2014
>> @@ -102,11 +102,6 @@ RELEASE SHOWSTOPPERS:
>> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>> [ start all new proposals below, under PATCHES PROPOSED. ]
>> - * mod_cache: CVE-2014-3581 - Avoid a crash when Content-Type
>> has an empty
>> - value. PR56924.
>> - trunk patch: http://svn.apache.org/r1624234
>> - 2.4.x patch: trunk works (modulo CHANGES)
>> - +1: jkaluza, jim, ylavic
>> PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>>
>> Modified: httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/cache/cache_util.c?rev=1627749&r1=1627748&r2=1627749&view=diff
>> ==============================================================================
>>
>> --- httpd/httpd/branches/2.4.x/modules/cache/cache_util.c (original)
>> +++ httpd/httpd/branches/2.4.x/modules/cache/cache_util.c Fri Sep 26
>> 11:00:14 2014
>> @@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
>> if (r->content_type
>> && !apr_table_get(headers_out, "Content-Type")) {
>> - apr_table_setn(headers_out, "Content-Type",
>> - ap_make_content_type(r, r->content_type));
>> + const char *ctype = ap_make_content_type(r, r->content_type);
>> + if (ctype) {
>> + apr_table_setn(headers_out, "Content-Type", ctype);
>> + }
>> }
>> if (r->content_encoding
>>
>>
>>
>
>
>
Re: svn commit: r1627749 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
STATUS modules/cache/cache_util.c
Posted by Mike Rumph <mi...@oracle.com>.
Hello Jim and Jan,
I am considering a proposal of backporting this fix to the 2.2 branch.
At first look, this fix doesn't apply to 2.2 code.
But I noticed that the pertinent code has been refactored between 2.2
and 2.4.
The same problem exists in 2.2, but just in a different location.
In 2.2, the problem is in the store_headers function in
modules/cache/mod_disk_cache.c.
Are either of you interested in working a patch for this?
Otherwise, I will look at it myself in a few days.
Thanks,
Mike Rumph
On 9/26/2014 4:00 AM, jim@apache.org wrote:
> Author: jim
> Date: Fri Sep 26 11:00:14 2014
> New Revision: 1627749
>
> URL: http://svn.apache.org/r1627749
> Log:
> Merge r1624234 from trunk:
>
> SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
> in Content-Type handling.
>
> mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
>
> Submitted By: Mark Montague <mark catseye.org>
> Reviewed By: Jan Kaluza
>
> Submitted by: jkaluza
> Reviewed/backported by: jim
>
> Modified:
> httpd/httpd/branches/2.4.x/ (props changed)
> httpd/httpd/branches/2.4.x/CHANGES
> httpd/httpd/branches/2.4.x/STATUS
> httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
>
> Propchange: httpd/httpd/branches/2.4.x/
> ------------------------------------------------------------------------------
> Merged /httpd/httpd/trunk:r1624234
>
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1627749&r1=1627748&r2=1627749&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 26 11:00:14 2014
> @@ -2,6 +2,10 @@
>
> Changes with Apache 2.4.11
>
> + *) SECURITY: CVE-2014-3581 (cve.mitre.org)
> + mod_cache: Avoid a crash when Content-Type has an empty value.
> + PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
> +
> *) mod_cache: Avoid sending 304 responses during failed revalidations
> PR56881. [Eric Covener]
>
>
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1627749&r1=1627748&r2=1627749&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 26 11:00:14 2014
> @@ -102,11 +102,6 @@ RELEASE SHOWSTOPPERS:
> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
> [ start all new proposals below, under PATCHES PROPOSED. ]
>
> - * mod_cache: CVE-2014-3581 - Avoid a crash when Content-Type has an empty
> - value. PR56924.
> - trunk patch: http://svn.apache.org/r1624234
> - 2.4.x patch: trunk works (modulo CHANGES)
> - +1: jkaluza, jim, ylavic
>
>
> PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>
> Modified: httpd/httpd/branches/2.4.x/modules/cache/cache_util.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/cache/cache_util.c?rev=1627749&r1=1627748&r2=1627749&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/cache/cache_util.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/cache/cache_util.c Fri Sep 26 11:00:14 2014
> @@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
>
> if (r->content_type
> && !apr_table_get(headers_out, "Content-Type")) {
> - apr_table_setn(headers_out, "Content-Type",
> - ap_make_content_type(r, r->content_type));
> + const char *ctype = ap_make_content_type(r, r->content_type);
> + if (ctype) {
> + apr_table_setn(headers_out, "Content-Type", ctype);
> + }
> }
>
> if (r->content_encoding
>
>
>