diff options
Diffstat (limited to 'patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch')
| -rw-r--r-- | patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch b/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch new file mode 100644 index 00000000..be590f29 --- /dev/null +++ b/patches/source/httpd/apache-2.4.CVE-2017-9798.optionsbleed.patch @@ -0,0 +1,15 @@ +--- httpd/httpd/branches/2.4.x/server/core.c 2017/08/16 16:50:29 1805223 ++++ httpd/httpd/branches/2.4.x/server/core.c 2017/09/08 13:13:11 1807754 +@@ -2266,6 +2266,12 @@ + /* method has not been registered yet, but resource restriction + * is always checked before method handling, so register it. + */ ++ if (cmd->pool == cmd->temp_pool) { ++ /* In .htaccess, we can't globally register new methods. */ ++ return apr_psprintf(cmd->pool, "Could not register method '%s' " ++ "for %s from .htaccess configuration", ++ method, cmd->cmd->name); ++ } + methnum = ap_method_register(cmd->pool, + apr_pstrdup(cmd->pool, method)); + } |