CVE-2014-3581: mod_cache DoS

2 files changed, 38 insertions, 0 deletions

diff --git a/debian/patches/CVE-2014-3581.patch b/debian/patches/CVE-2014-3581.patch
new file mode 100644
index 00000000..c0d3499d
--- /dev/null
+++ b/debian/patches/CVE-2014-3581.patch
@@ -0,0 +1,37 @@
+#commit c164ca7383d5f204915d85a5826655d3f1557148
+#Author: Jim Jagielski <jim@apache.org>
+#Date:   Fri Sep 26 11:00:14 2014 +0000
+#
+#    Merge r1624234 from trunk:
+#    
+#    SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
+#    in Content-Type handling.
+#    
+#    mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+#    
+#    Submitted By: Mark Montague <mark catseye.org>
+#    Reviewed By: Jan Kaluza
+#    
+#    Submitted by: jkaluza
+#    Reviewed/backported by: jim
+#    
+#    
+#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1627749 13f79535-47bb-0310-9956-ffa450edef68
+#
+diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c
+index 6368af0..b7454ad 100644
+--- a/modules/cache/cache_util.c
++++ b/modules/cache/cache_util.c
+@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(request_rec *r)
+ 
+     if (r->content_type
+             && !apr_table_get(headers_out, "Content-Type")) {
+-        apr_table_setn(headers_out, "Content-Type",
+-                       ap_make_content_type(r, r->content_type));
++        const char *ctype = ap_make_content_type(r, r->content_type);
++        if (ctype) {
++            apr_table_setn(headers_out, "Content-Type", ctype);
++        }
+     }
+ 
+     if (r->content_encoding
diff --git a/debian/patches/series b/debian/patches/series
index 9945c54e..7f640a76 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,5 +4,6 @@ suexec-CVE-2007-1742.patch
 customize_apxs.patch
 build_suexec-custom.patch
 pull_upstream_2.4.x_branch.patch
+CVE-2014-3581.patch
 # This patch is applied manually
 #suexec-custom.patch