pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b9fbfaa975
apache2/httpd-2.4.10-check_null_pointer_dereference.patch

32 lines
1.2 KiB
Diff
Raw Normal View History

Accepting request 260263 from home:kstreitova:branches:Apache - added httpd-2.4.10-check_null_pointer_dereference.patch to avoid a crash when Content-Type has an empty value [bnc#899836], CVE-2014-3581 OBS-URL: https://build.opensuse.org/request/show/260263 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=418
2014-11-07 17:56:25 +01:00
Index: httpd-2.4.10/CHANGES
===================================================================
--- httpd-2.4.10.orig/CHANGES
+++ httpd-2.4.10/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.10
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+ [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
Index: httpd-2.4.10/modules/cache/cache_util.c
===================================================================
--- httpd-2.4.10.orig/modules/cache/cache_util.c
+++ httpd-2.4.10/modules/cache/cache_util.c
@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
if (r->content_type
&& !apr_table_get(headers_out, "Content-Type")) {
- apr_table_setn(headers_out, "Content-Type",
- ap_make_content_type(r, r->content_type));
+ const char *ctype = ap_make_content_type(r, r->content_type);
+ if (ctype) {
+ apr_table_setn(headers_out, "Content-Type", ctype);
+ }
}
if (r->content_encoding
Reference in New Issue Copy Permalink