Skip to content
Commit 29779fd0 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

SECURITY: CVE-2015-3183 (cve.mitre.org)

core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.

Submitted by: minfrin, ylavic
Reviewed by: ylavic, wrowe, minfrin
Reported by: regilero <regis.leroy makina-corpus.com>
Backports: 1484852, 1684513


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1687338 13f79535-47bb-0310-9956-ffa450edef68
parent 90e465e3
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment