]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a264962) | patch
SECURITY: CVE-2015-3183 (cve.mitre.org)
authorYann Ylavic <ylavic@apache.org>
Wed, 24 Jun 2015 17:58:13 +0000 (17:58 +0000)
committerYann Ylavic <ylavic@apache.org>
Wed, 24 Jun 2015 17:58:13 +0000 (17:58 +0000)
commit74231d7ca3e7961d0e4f7b8e6c156f2da5388730
tree82b1458343dcd5f537218892cf1538b2c8400f1dtree | snapshot
parenta264962e353f1d8b9e1534d7f564df2fc4139264commit | diff
SECURITY: CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.

Submitted by: minfrin, ylavic
Reviewed by: ylavic, wrowe, minfrin
Reported by: regilero <regis.leroy makina-corpus.com>
Backports: 14848521684513

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1687338 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
modules/http/http_filters.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git