Skip to content
Permalink
Browse files

SECURITY: CVE-2015-3183 (cve.mitre.org)

core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.

Submitted by: minfrin, ylavic
Reviewed by: ylavic, wrowe, minfrin
Reported by: regilero <regis.leroy makina-corpus.com>
Backports: 1484852, 1684513


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1687338 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
ylavic committed Jun 24, 2015
1 parent 90e465e commit 29779fd08c18b18efc5e640d74cbe297c7ec007e
Showing with 299 additions and 351 deletions.
  1. +7 −0 CHANGES
  2. +292 −351 modules/http/http_filters.c
@@ -1,6 +1,13 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.30

*) SECURITY: CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters. [Graham Leggett, Yann Ylavic]

*) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts. PR 56241.
[Kaspar Brand]

0 comments on commit 29779fd

Please sign in to comment.
You can’t perform that action at this time.