You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jk...@apache.org on 2014/09/11 11:18:38 UTC

svn commit: r1624234 - in /httpd/httpd/trunk: CHANGES modules/cache/cache_util.c

Author: jkaluza
Date: Thu Sep 11 09:18:38 2014
New Revision: 1624234

URL: http://svn.apache.org/r1624234
Log:
SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
in Content-Type handling.

mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.

Submitted By: Mark Montague <mark catseye.org>
Reviewed By: Jan Kaluza

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/cache/cache_util.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1624234&r1=1624233&r2=1624234&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Sep 11 09:18:38 2014
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+     mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+     [Mark Montague <mark catseye.org>, Jan Kaluza]
+
   *) mod_proxy: Now allow for 191 character worker names, with non-fatal
      errors if name is truncated. PR53218. [Jim Jagielski]
 

Modified: httpd/httpd/trunk/modules/cache/cache_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_util.c?rev=1624234&r1=1624233&r2=1624234&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/cache/cache_util.c (original)
+++ httpd/httpd/trunk/modules/cache/cache_util.c Thu Sep 11 09:18:38 2014
@@ -1276,8 +1276,10 @@ apr_table_t *cache_merge_headers_out(req
 
     if (r->content_type
             && !apr_table_get(headers_out, "Content-Type")) {
-        apr_table_setn(headers_out, "Content-Type",
-                       ap_make_content_type(r, r->content_type));
+        const char *ctype = ap_make_content_type(r, r->content_type);
+        if (ctype) {
+            apr_table_setn(headers_out, "Content-Type", ctype);
+        }
     }
 
     if (r->content_encoding