af9996ce69
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581) - mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583) - mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109)
18 lines
680 B
Diff
18 lines
680 B
Diff
diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c
|
|
index 7b7fb45..fbebb1e 100644
|
|
--- a/modules/cache/cache_util.c
|
|
+++ b/modules/cache/cache_util.c
|
|
@@ -1251,8 +1251,10 @@ CACHE_DECLARE(apr_table_t *)ap_cache_cacheable_headers_out(request_rec *r)
|
|
|
|
if (r->content_type
|
|
&& !apr_table_get(headers_out, "Content-Type")) {
|
|
- apr_table_setn(headers_out, "Content-Type",
|
|
- ap_make_content_type(r, r->content_type));
|
|
+ const char *ctype = ap_make_content_type(r, r->content_type);
|
|
+ if (ctype) {
|
|
+ apr_table_setn(headers_out, "Content-Type", ctype);
|
|
+ }
|
|
}
|
|
|
|
if (r->content_encoding
|