You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jk...@apache.org on 2014/09/11 11:18:38 UTC
svn commit: r1624234 - in /httpd/httpd/trunk: CHANGES
modules/cache/cache_util.c
Author: jkaluza
Date: Thu Sep 11 09:18:38 2014
New Revision: 1624234
URL: http://svn.apache.org/r1624234
Log:
SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
in Content-Type handling.
mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
Submitted By: Mark Montague <mark catseye.org>
Reviewed By: Jan Kaluza
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/cache/cache_util.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1624234&r1=1624233&r2=1624234&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Sep 11 09:18:38 2014
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+ [Mark Montague <mark catseye.org>, Jan Kaluza]
+
*) mod_proxy: Now allow for 191 character worker names, with non-fatal
errors if name is truncated. PR53218. [Jim Jagielski]
Modified: httpd/httpd/trunk/modules/cache/cache_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_util.c?rev=1624234&r1=1624233&r2=1624234&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/cache/cache_util.c (original)
+++ httpd/httpd/trunk/modules/cache/cache_util.c Thu Sep 11 09:18:38 2014
@@ -1276,8 +1276,10 @@ apr_table_t *cache_merge_headers_out(req
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding