search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
OCaml 4.14.0 rebuild
[arch-packages.git] / apache / repos / extra-x86_64 / apache-2.2-optionsbleed-CVE-2017-9798.patch
blob040d55705521242d0720a5a0d2b27c5b2d7574f1
1 CVE-2017-9798
2
3 Backport from https://svn.apache.org/viewvc?view=revision&revision=1807655
4
5 diff --git a/server/core.c b/server/core.c
6 index f61699e..d24542e 100644
7 --- a/server/core.c
8 +++ b/server/core.c
9 @@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
10 /* method has not been registered yet, but resorce restriction
11 * is always checked before method handling, so register it.
12 */
13 + if (cmd->pool == cmd->temp_pool) {
14 + /* In .htaccess, we can't globally register new methods. */
15 + return apr_psprintf(cmd->pool, "Could not register method '%s' "
16 + "for %s from .htaccess configuration",
17 + method, cmd->cmd->name);
18 + }
19 methnum = ap_method_register(cmd->pool,
20 apr_pstrdup(cmd->pool, method));
21
archlinux package build