CVE-2015-3183 Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. Submitted by: minfrin, ylavic Reviewed by: ylavic, wrowe, jim Backports: 1484852, 1684513 Reported by: regilero <regis.leroy makina-corpus.com>
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/http/http_filters.c