]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/apache-2.4.27-CVE-2017-9798-fix.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
apache2: Import patch for CVE-2017-9798 ("optionsbleed")
[ipfire-2.x.git] / src / patches / apache-2.4.27-CVE-2017-9798-fix.patch
1 --- server/core.c 2017/08/16 16:50:29 1805223
2 +++ server/core.c 2017/09/08 13:13:11 1807754
3 @@ -2262,6 +2262,12 @@
4 /* method has not been registered yet, but resource restriction
5 * is always checked before method handling, so register it.
6 */
7 + if (cmd->pool == cmd->temp_pool) {
8 + /* In .htaccess, we can't globally register new methods. */
9 + return apr_psprintf(cmd->pool, "Could not register method '%s' "
10 + "for %s from .htaccess configuration",
11 + method, cmd->cmd->name);
12 + }
13 methnum = ap_method_register(cmd->pool,
14 apr_pstrdup(cmd->pool, method));
15 }
IPFire 2.x development tree