22 lines
953 B
Diff
22 lines
953 B
Diff
CVE-2017-9798
|
|
|
|
Backport from https://svn.apache.org/viewvc?view=revision&revision=1807655
|
|
|
|
diff --git a/server/core.c b/server/core.c
|
|
index f61699e..d24542e 100644
|
|
--- ./server/core.c
|
|
+++ ./server/core.c
|
|
@@ -1809,6 +1809,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
|
|
/* method has not been registered yet, but resorce restriction
|
|
* is always checked before method handling, so register it.
|
|
*/
|
|
+ if (cmd->pool == cmd->temp_pool) {
|
|
+ /* In .htaccess, we can't globally register new methods. */
|
|
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
|
|
+ "for %s from .htaccess configuration",
|
|
+ method, cmd->cmd->name);
|
|
+ }
|
|
methnum = ap_method_register(cmd->pool,
|
|
apr_pstrdup(cmd->pool, method));
|
|
|