951efc68a1
- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid a crash when Content-Type has an empty value [bnc#899836], CVE-2014-3581 OBS-URL: https://build.opensuse.org/request/show/260263 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=418
32 lines
1.2 KiB
Diff
32 lines
1.2 KiB
Diff
Index: httpd-2.4.10/CHANGES
|
|
===================================================================
|
|
--- httpd-2.4.10.orig/CHANGES
|
|
+++ httpd-2.4.10/CHANGES
|
|
@@ -1,6 +1,9 @@
|
|
-*- coding: utf-8 -*-
|
|
|
|
Changes with Apache 2.4.10
|
|
+ *) SECURITY: CVE-2014-3581 (cve.mitre.org)
|
|
+ mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
|
|
+ [Mark Montague <mark catseye.org>, Jan Kaluza]
|
|
|
|
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
|
|
mod_proxy: Fix crash in Connection header handling which
|
|
Index: httpd-2.4.10/modules/cache/cache_util.c
|
|
===================================================================
|
|
--- httpd-2.4.10.orig/modules/cache/cache_util.c
|
|
+++ httpd-2.4.10/modules/cache/cache_util.c
|
|
@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(req
|
|
|
|
if (r->content_type
|
|
&& !apr_table_get(headers_out, "Content-Type")) {
|
|
- apr_table_setn(headers_out, "Content-Type",
|
|
- ap_make_content_type(r, r->content_type));
|
|
+ const char *ctype = ap_make_content_type(r, r->content_type);
|
|
+ if (ctype) {
|
|
+ apr_table_setn(headers_out, "Content-Type", ctype);
|
|
+ }
|
|
}
|
|
|
|
if (r->content_encoding
|