SECURITY: CVE-2015-3183 (cve.mitre.org)

core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. Submitted by: minfrin, ylavic Reviewed by: ylavic, wrowe, minfrin Reported by: regilero <regis.leroy makina-corpus.com> Backports: 1484852, 1684513 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1687338 13f79535-47bb-0310-9956-ffa450edef68
apache · Jun 24, 2015 · 29779fd · 29779fd
1 parent 90e465e
commit 29779fd
Show file tree

Hide file tree

Showing 2 changed files with 299 additions and 351 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,13 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.30
 
+  *) SECURITY: CVE-2015-3183 (cve.mitre.org)
+     core: Fix chunk header parsing defect.
+     Remove apr_brigade_flatten(), buffering and duplicated code from
+     the HTTP_IN filter, parse chunks in a single pass with zero copy.
+     Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
+     authorized characters.  [Graham Leggett, Yann Ylavic]
+
   *) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
      no longer send warning-level unrecognized_name(112) alerts. PR 56241.
      [Kaspar Brand]