From 2fa69ec09458a7a6519eb1e960b1fee45da66143 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20Kalu=C5=BEa?= Date: Thu, 11 Sep 2014 09:18:38 +0000 Subject: [PATCH] SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference in Content-Type handling. mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. Submitted By: Mark Montague Reviewed By: Jan Kaluza git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1624234 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ modules/cache/cache_util.c | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 7e3c478519..deed72ceef 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) SECURITY: CVE-2014-3581 (cve.mitre.org) + mod_cache: Avoid a crash when Content-Type has an empty value. PR56924. + [Mark Montague , Jan Kaluza] + *) mod_proxy: Now allow for 191 character worker names, with non-fatal errors if name is truncated. PR53218. [Jim Jagielski] diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c index 5b57003dd9..6862b5335d 100644 --- a/modules/cache/cache_util.c +++ b/modules/cache/cache_util.c @@ -1276,8 +1276,10 @@ apr_table_t *cache_merge_headers_out(request_rec *r) if (r->content_type && !apr_table_get(headers_out, "Content-Type")) { - apr_table_setn(headers_out, "Content-Type", - ap_make_content_type(r, r->content_type)); + const char *ctype = ap_make_content_type(r, r->content_type); + if (ctype) { + apr_table_setn(headers_out, "Content-Type", ctype); + } } if (r->content_encoding -- 2.50.1