SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
in Content-Type handling.
mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
Submitted By: Mark Montague <mark catseye.org>
Reviewed By: Jan Kaluza
Submitted by: jkaluza
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1627749 13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 2.4.11
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value.
+ PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
+
*) mod_cache: Avoid sending 304 responses during failed revalidations
PR56881. [Eric Covener]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_cache: CVE-2014-3581 - Avoid a crash when Content-Type has an empty
- value. PR56924.
- trunk patch: http://svn.apache.org/r1624234
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: jkaluza, jim, ylavic
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding
projects / apache / commitdiff