]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7fdce96) | patch
CVE-2015-3183 Fix chunk header parsing defect.
authorWilliam A. Rowe Jr <wrowe@apache.org>
Tue, 9 Jun 2015 20:16:39 +0000 (20:16 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Tue, 9 Jun 2015 20:16:39 +0000 (20:16 +0000)
commitc823d46831e5b4f12eb387919f286771b18d2187
tree389a931e291a0d81842547a4568b360542a756d3tree
parent7fdce96b02d4516ad81878fdf21f3bf627e87db8commit | diff
CVE-2015-3183 Fix chunk header parsing defect.

Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.

Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.

Submitted by: minfrin, ylavic
Reviewed by: ylavic, wrowe, jim
Backports: 14848521684513
Reported by: regilero <regis.leroy makina-corpus.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1684515 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
modules/http/http_filters.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git