[apache2] 01/04: CVE-2014-3581: mod_cache DoS

[Stefan Fritsch]

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 421251bae25f2ec2f049efd6f171c117fd38fa58
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun Sep 28 22:25:11 2014 +0200

    CVE-2014-3581: mod_cache DoS
---
 debian/changelog                   |  1 +
 debian/patches/CVE-2014-3581.patch | 37 +++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 39 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index fbc1bd6..133af62 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 apache2 (2.4.10-3) UNRELEASED; urgency=medium
 
+  * CVE-2014-3581: Fix a DoS in mod_cache.
   * If apache2 is not configured yet, defer actions executed via
     apache2-maintscript-helper. This fixes installation failures if a
     module package is configured first. Closes: #745834
diff --git a/debian/patches/CVE-2014-3581.patch b/debian/patches/CVE-2014-3581.patch
new file mode 100644
index 0000000..c0d3499
--- /dev/null
+++ b/debian/patches/CVE-2014-3581.patch
@@ -0,0 +1,37 @@
+#commit c164ca7383d5f204915d85a5826655d3f1557148
+#Author: Jim Jagielski <jim at apache.org>
+#Date:   Fri Sep 26 11:00:14 2014 +0000
+#
+#    Merge r1624234 from trunk:
+#    
+#    SECURITY (CVE-2014-3581): Fix a mod_cache NULL pointer deference
+#    in Content-Type handling.
+#    
+#    mod_cache: Avoid a crash when Content-Type has an empty value. PR56924.
+#    
+#    Submitted By: Mark Montague <mark catseye.org>
+#    Reviewed By: Jan Kaluza
+#    
+#    Submitted by: jkaluza
+#    Reviewed/backported by: jim
+#    
+#    
+#    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1627749 13f79535-47bb-0310-9956-ffa450edef68
+#
+diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c
+index 6368af0..b7454ad 100644
+--- a/modules/cache/cache_util.c
++++ b/modules/cache/cache_util.c
+@@ -1258,8 +1258,10 @@ apr_table_t *cache_merge_headers_out(request_rec *r)
+ 
+     if (r->content_type
+             && !apr_table_get(headers_out, "Content-Type")) {
+-        apr_table_setn(headers_out, "Content-Type",
+-                       ap_make_content_type(r, r->content_type));
++        const char *ctype = ap_make_content_type(r, r->content_type);
++        if (ctype) {
++            apr_table_setn(headers_out, "Content-Type", ctype);
++        }
+     }
+ 
+     if (r->content_encoding
diff --git a/debian/patches/series b/debian/patches/series
index 9945c54..7f640a7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,5 +4,6 @@ suexec-CVE-2007-1742.patch
 customize_apxs.patch
 build_suexec-custom.patch
 pull_upstream_2.4.x_branch.patch
+CVE-2014-3581.patch
 # This patch is applied manually
 #suexec-custom.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git