Blame SOURCES/httpd-2.4.6-CVE-2017-9798.patch

008793
diff --git a/server/core.c b/server/core.c
008793
index f60e8fa..245fcb6 100644
008793
--- a/server/core.c
008793
+++ b/server/core.c
008793
@@ -2061,6 +2061,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
008793
             /* method has not been registered yet, but resorce restriction
008793
              * is always checked before method handling, so register it.
008793
              */
008793
+            if (cmd->pool == cmd->temp_pool) {
008793
+                /* In .htaccess, we can't globally register new methods. */
008793
+                return apr_psprintf(cmd->pool, "Could not register method '%s' "
008793
+                                    "for %s from .htaccess configuration",
008793
+                                     method, cmd->cmd->name);
008793
+            }
008793
             methnum = ap_method_register(cmd->pool,
008793
                                          apr_pstrdup(cmd->pool, method));
008793
         }