diff -u -r -N squid-3.5.14/ChangeLog squid-3.5.15/ChangeLog
--- squid-3.5.14/ChangeLog	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/ChangeLog	2016-02-24 05:25:46.000000000 +1300
@@ -1,3 +1,11 @@
+Changes to squid-3.5.15 (23 Feb 2016):
+
+	- Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
+	- Fix multiple assertion on String overflows
+	- Fix unit test errors on MacOS
+	- Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
+	- Log noise reduction for eCAP
+
 Changes to squid-3.5.14 (16 Feb 2016):
 
 	- Bug 4437: Fix Segfault on Certain SSL Handshake Errors
diff -u -r -N squid-3.5.14/configure squid-3.5.15/configure
--- squid-3.5.14/configure	2016-02-16 03:01:25.000000000 +1300
+++ squid-3.5.15/configure	2016-02-24 05:28:54.000000000 +1300
@@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.ac Revision.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.14.
+# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.15.
 #
 # Report bugs to <http://bugs.squid-cache.org/>.
 #
@@ -595,8 +595,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.5.14'
-PACKAGE_STRING='Squid Web Proxy 3.5.14'
+PACKAGE_VERSION='3.5.15'
+PACKAGE_STRING='Squid Web Proxy 3.5.15'
 PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
 PACKAGE_URL=''
 
@@ -1636,7 +1636,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.5.14 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.5.15 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1707,7 +1707,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 3.5.14:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 3.5.15:";;
    esac
   cat <<\_ACEOF
 
@@ -2119,7 +2119,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 3.5.14
+Squid Web Proxy configure 3.5.15
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3223,7 +3223,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 3.5.14, which was
+It was created by Squid Web Proxy $as_me 3.5.15, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4090,7 +4090,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='3.5.14'
+ VERSION='3.5.15'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -41869,7 +41869,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 3.5.14, which was
+This file was extended by Squid Web Proxy $as_me 3.5.15, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -41935,7 +41935,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-Squid Web Proxy config.status 3.5.14
+Squid Web Proxy config.status 3.5.15
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -u -r -N squid-3.5.14/configure.ac squid-3.5.15/configure.ac
--- squid-3.5.14/configure.ac	2016-02-16 03:01:24.000000000 +1300
+++ squid-3.5.15/configure.ac	2016-02-24 05:28:54.000000000 +1300
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[3.5.14],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.5.15],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.5.14/doc/release-notes/release-3.5.html squid-3.5.15/doc/release-notes/release-3.5.html
--- squid-3.5.14/doc/release-notes/release-3.5.html	2016-02-16 03:55:00.000000000 +1300
+++ squid-3.5.15/doc/release-notes/release-3.5.html	2016-02-24 06:14:19.000000000 +1300
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.71">
- <TITLE>Squid 3.5.14 release notes</TITLE>
+ <TITLE>Squid 3.5.15 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.5.14 release notes</H1>
+<H1>Squid 3.5.15 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -64,7 +64,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-3.5.14.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.5.15.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.5/">http://www.squid-cache.org/Versions/v3/3.5/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-3.5.14/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.15/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.5.14/helpers/basic_auth/DB/basic_db_auth.8	2016-02-16 03:55:04.000000000 +1300
+++ squid-3.5.15/helpers/basic_auth/DB/basic_db_auth.8	2016-02-24 06:14:23.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.15/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8
--- squid-3.5.14/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8	2016-02-16 03:55:09.000000000 +1300
+++ squid-3.5.15/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8	2016-02-24 06:14:29.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1"
-.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.15/helpers/basic_auth/POP3/basic_pop3_auth.8
--- squid-3.5.14/helpers/basic_auth/POP3/basic_pop3_auth.8	2016-02-16 03:55:15.000000000 +1300
+++ squid-3.5.15/helpers/basic_auth/POP3/basic_pop3_auth.8	2016-02-24 06:14:33.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.15/helpers/external_acl/delayer/ext_delayer_acl.8
--- squid-3.5.14/helpers/external_acl/delayer/ext_delayer_acl.8	2016-02-16 03:55:31.000000000 +1300
+++ squid-3.5.15/helpers/external_acl/delayer/ext_delayer_acl.8	2016-02-24 06:14:47.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.15/helpers/external_acl/SQL_session/ext_sql_session_acl.8
--- squid-3.5.14/helpers/external_acl/SQL_session/ext_sql_session_acl.8	2016-02-16 03:55:41.000000000 +1300
+++ squid-3.5.15/helpers/external_acl/SQL_session/ext_sql_session_acl.8	2016-02-24 06:14:54.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.15/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.5.14/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8	2016-02-16 03:55:45.000000000 +1300
+++ squid-3.5.15/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8	2016-02-24 06:14:57.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.15/helpers/log_daemon/DB/log_db_daemon.8
--- squid-3.5.14/helpers/log_daemon/DB/log_db_daemon.8	2016-02-16 03:55:48.000000000 +1300
+++ squid-3.5.15/helpers/log_daemon/DB/log_db_daemon.8	2016-02-24 06:14:59.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.15/helpers/storeid_rewrite/file/storeid_file_rewrite.8
--- squid-3.5.14/helpers/storeid_rewrite/file/storeid_file_rewrite.8	2016-02-16 03:56:05.000000000 +1300
+++ squid-3.5.15/helpers/storeid_rewrite/file/storeid_file_rewrite.8	2016-02-24 06:15:12.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2016-02-15" "perl v5.22.1" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2016-02-23" "perl v5.22.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-3.5.14/include/version.h squid-3.5.15/include/version.h
--- squid-3.5.14/include/version.h	2016-02-16 03:01:25.000000000 +1300
+++ squid-3.5.15/include/version.h	2016-02-24 05:28:55.000000000 +1300
@@ -7,7 +7,7 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1455544743
+#define SQUID_RELEASE_TIME 1456244734
 #endif
 
 /*
diff -u -r -N squid-3.5.14/RELEASENOTES.html squid-3.5.15/RELEASENOTES.html
--- squid-3.5.14/RELEASENOTES.html	2016-02-16 03:55:00.000000000 +1300
+++ squid-3.5.15/RELEASENOTES.html	2016-02-24 06:14:19.000000000 +1300
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.71">
- <TITLE>Squid 3.5.14 release notes</TITLE>
+ <TITLE>Squid 3.5.15 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.5.14 release notes</H1>
+<H1>Squid 3.5.15 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -64,7 +64,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-3.5.14.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.5.15.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.5/">http://www.squid-cache.org/Versions/v3/3.5/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-3.5.14/src/adaptation/ecap/Host.cc squid-3.5.15/src/adaptation/ecap/Host.cc
--- squid-3.5.14/src/adaptation/ecap/Host.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/adaptation/ecap/Host.cc	2016-02-24 05:25:46.000000000 +1300
@@ -137,7 +137,7 @@
         return DBG_DATA; // is it a good idea to ignore other flags?
 
     if (lv.application())
-        return DBG_IMPORTANT; // is it a good idea to ignore other flags?
+        return lv.normal() ? DBG_IMPORTANT : 2;
 
     return 2 + 2*lv.debugging() + 3*lv.operation() + 2*lv.xaction();
 }
diff -u -r -N squid-3.5.14/src/clients/Client.cc squid-3.5.15/src/clients/Client.cc
--- squid-3.5.14/src/clients/Client.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/clients/Client.cc	2016-02-24 05:25:46.000000000 +1300
@@ -49,6 +49,7 @@
     startedAdaptation(false),
 #endif
     receivedWholeRequestBody(false),
+    doneWithFwd(NULL),
     theVirginReply(NULL),
     theFinalReply(NULL)
 {
@@ -74,8 +75,6 @@
     HTTPMSGUNLOCK(theVirginReply);
     HTTPMSGUNLOCK(theFinalReply);
 
-    fwd = NULL; // refcounted
-
     if (responseBodyBuffer != NULL) {
         delete responseBodyBuffer;
         responseBodyBuffer = NULL;
@@ -93,6 +92,14 @@
     cleanAdaptation();
 #endif
 
+    if (!doneWithServer())
+        closeServer();
+
+    if (!doneWithFwd) {
+        doneWithFwd = "swanSong()";
+        fwd->handleUnregisteredServerEnd();
+    }
+
     BodyConsumer::swanSong();
 #if USE_ADAPTATION
     Initiator::swanSong();
@@ -218,6 +225,7 @@
 {
     debugs(11,5, HERE << "completing forwarding for "  << fwd);
     assert(fwd != NULL);
+    doneWithFwd = "completeForwarding()";
     fwd->complete();
 }
 
diff -u -r -N squid-3.5.14/src/clients/Client.h squid-3.5.15/src/clients/Client.h
--- squid-3.5.14/src/clients/Client.h	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/clients/Client.h	2016-02-24 05:25:46.000000000 +1300
@@ -176,6 +176,10 @@
 #endif
     bool receivedWholeRequestBody; ///< handleRequestBodyProductionEnded called
 
+    /// whether we should not be talking to FwdState; XXX: clear fwd instead
+    /// points to a string literal which is used only for debugging
+    const char *doneWithFwd;
+
 private:
     void sendBodyIsTooLargeError();
     void maybePurgeOthers();
diff -u -r -N squid-3.5.14/src/clients/FtpClient.cc squid-3.5.15/src/clients/FtpClient.cc
--- squid-3.5.14/src/clients/FtpClient.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/clients/FtpClient.cc	2016-02-24 05:25:46.000000000 +1300
@@ -839,6 +839,7 @@
 {
     debugs(9, 4, status());
     ctrl.clear();
+    doneWithFwd = "ctrlClosed()"; // assume FwdState is monitoring too
     mustStop("Ftp::Client::ctrlClosed");
 }
 
@@ -991,24 +992,12 @@
     scheduleReadControlReply(1);
 }
 
-/**
- * Quickly abort the transaction
- *
- \todo destruction should be sufficient as the destructor should cleanup,
- * including canceling close handlers
- */
 void
 Ftp::Client::abortAll(const char *reason)
 {
     debugs(9, 3, "aborting transaction for " << reason <<
            "; FD " << (ctrl.conn!=NULL?ctrl.conn->fd:-1) << ", Data FD " << (data.conn!=NULL?data.conn->fd:-1) << ", this " << this);
-    if (Comm::IsConnOpen(ctrl.conn)) {
-        ctrl.conn->close();
-        return;
-    }
-
-    fwd->handleUnregisteredServerEnd();
-    mustStop("Ftp::Client::abortTransaction");
+    mustStop(reason);
 }
 
 /**
diff -u -r -N squid-3.5.14/src/esi/CustomParser.cc squid-3.5.15/src/esi/CustomParser.cc
--- squid-3.5.14/src/esi/CustomParser.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/esi/CustomParser.cc	2016-02-24 05:25:46.000000000 +1300
@@ -89,9 +89,11 @@
     }
 
     size_t openESITags (0);
-    //erring on the safe side. Probably rawBuf would be ok too
-    char const *currentPos = content.termedBuf();
-    size_t remainingCount = content.size();
+    // TODO: convert to Tokenizer parse
+    // erring on the safe side for now. Probably rawContent would be ok too
+    // note that operations below do *X='\0' ... altering the 'const' buffer content.
+    char const *currentPos = content.c_str();
+    SBuf::size_type remainingCount = content.length();
     char const *tag = NULL;
 
     while ((tag = findTag(currentPos, remainingCount))) {
diff -u -r -N squid-3.5.14/src/esi/CustomParser.h squid-3.5.15/src/esi/CustomParser.h
--- squid-3.5.14/src/esi/CustomParser.h	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/esi/CustomParser.h	2016-02-24 05:25:46.000000000 +1300
@@ -14,7 +14,7 @@
 /* inherits from */
 #include "esi/Parser.h"
 
-/* for String variables */
+#include "SBuf.h"
 #include "SquidString.h"
 
 /**
@@ -46,7 +46,7 @@
     ESIParserClient *theClient;
     String error;
     /* cheap n dirty - buffer it all */
-    String content;
+    SBuf content;
     /* TODO: make a class of this type code */
     ESITAG_t lastTag;
 };
diff -u -r -N squid-3.5.14/src/http.cc squid-3.5.15/src/http.cc
--- squid-3.5.14/src/http.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/http.cc	2016-02-24 05:25:46.000000000 +1300
@@ -152,6 +152,7 @@
 HttpStateData::httpStateConnClosed(const CommCloseCbParams &params)
 {
     debugs(11, 5, "httpStateFree: FD " << params.fd << ", httpState=" << params.data);
+    doneWithFwd = "httpStateConnClosed()"; // assume FwdState is monitoring too
     mustStop("HttpStateData::httpStateConnClosed");
 }
 
@@ -719,11 +720,8 @@
         if (!parsed && error > 0) { // unrecoverable parsing error
             debugs(11, 3, "processReplyHeader: Non-HTTP-compliant header: '" <<  readBuf->content() << "'");
             flags.headers_parsed = true;
-            // XXX: when sanityCheck is gone and Http::StatusLine is used to parse,
-            //   the sline should be already set the appropriate values during that parser stage
             newrep->sline.set(Http::ProtocolVersion(1,1), error);
-            HttpReply *vrep = setVirginReply(newrep);
-            entry->replaceHttpReply(vrep);
+            setVirginReply(newrep);
             ctx_exit(ctx);
             return;
         }
@@ -1759,7 +1757,8 @@
 
         String strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
 
-        if (strFwd.size() > 65536/2) {
+        // if we cannot double strFwd size, then it grew past 50% of the limit
+        if (!strFwd.canGrowBy(strFwd.size())) {
             // There is probably a forwarding loop with Via detection disabled.
             // If we do nothing, String will assert on overflow soon.
             // TODO: Terminate all transactions with huge XFF?
@@ -2410,21 +2409,11 @@
     Client::sentRequestBody(io);
 }
 
-// Quickly abort the transaction
-// TODO: destruction should be sufficient as the destructor should cleanup,
-// including canceling close handlers
 void
 HttpStateData::abortAll(const char *reason)
 {
     debugs(11,5, HERE << "aborting transaction for " << reason <<
            "; " << serverConnection << ", this " << this);
-
-    if (Comm::IsConnOpen(serverConnection)) {
-        serverConnection->close();
-        return;
-    }
-
-    fwd->handleUnregisteredServerEnd();
-    mustStop("HttpStateData::abortAll");
+    mustStop(reason);
 }
 
diff -u -r -N squid-3.5.14/src/SquidString.h squid-3.5.15/src/SquidString.h
--- squid-3.5.14/src/SquidString.h	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/SquidString.h	2016-02-24 05:25:46.000000000 +1300
@@ -80,6 +80,13 @@
     _SQUID_INLINE_ int caseCmp(char const *, size_type count) const;
     _SQUID_INLINE_ int caseCmp(String const &) const;
 
+    /// Whether creating a totalLen-character string is safe (i.e., unlikely to assert).
+    /// Optional extras can be used for overflow-safe length addition.
+    /// Implementation has to add 1 because many String allocation methods do.
+    static bool CanGrowTo(size_type totalLen, const size_type extras = 0) { return SafeAdd(totalLen, extras) && SafeAdd(totalLen, 1); }
+    /// whether appending growthLen characters is safe (i.e., unlikely to assert)
+    bool canGrowBy(const size_type growthLen) const { return CanGrowTo(size(), growthLen); }
+
     String substr(size_type from, size_type to) const;
 
     _SQUID_INLINE_ void cut(size_type newLength);
@@ -95,10 +102,14 @@
     _SQUID_INLINE_ bool nilCmp(bool, bool, int &) const;
 
     /* never reference these directly! */
-    size_type size_; /* buffer size; 64K limit */
+    size_type size_; /* buffer size; limited by SizeMax_ */
 
     size_type len_;  /* current length  */
 
+    static const size_type SizeMax_ = 65535; ///< 64K limit protects some fixed-size buffers
+    /// returns true after increasing the first argument by extra if the sum does not exceed SizeMax_
+    static bool SafeAdd(size_type &base, size_type extra) { if (extra <= SizeMax_ && base <= SizeMax_ - extra) { base += extra; return true; } return false; }
+
     char *buf_;
 
     _SQUID_INLINE_ void set(char const *loc, char const ch);
diff -u -r -N squid-3.5.14/src/String.cc squid-3.5.15/src/String.cc
--- squid-3.5.14/src/String.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/String.cc	2016-02-24 05:25:46.000000000 +1300
@@ -42,7 +42,7 @@
 String::setBuffer(char *aBuf, String::size_type aSize)
 {
     assert(undefined());
-    assert(aSize < 65536);
+    assert(aSize <= SizeMax_);
     buf_ = aBuf;
     size_ = aSize;
 }
@@ -171,7 +171,7 @@
     } else {
         // Create a temporary string and absorb it later.
         String snew;
-        assert(len_ + len < 65536); // otherwise snew.len_ overflows below
+        assert(canGrowBy(len)); // otherwise snew.len_ may overflow below
         snew.len_ = len_ + len;
         snew.allocBuffer(snew.len_ + 1);
 
diff -u -r -N squid-3.5.14/src/StrList.cc squid-3.5.15/src/StrList.cc
--- squid-3.5.14/src/StrList.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/StrList.cc	2016-02-24 05:25:46.000000000 +1300
@@ -9,6 +9,7 @@
 /* DEBUG: section 66    HTTP Header Tools */
 
 #include "squid.h"
+#include "base/TextException.h"
 #include "SquidString.h"
 #include "StrList.h"
 
@@ -17,14 +18,17 @@
 strListAdd(String * str, const char *item, char del)
 {
     assert(str && item);
+    const String::size_type itemSize = strlen(item);
     if (str->size()) {
         char buf[3];
         buf[0] = del;
         buf[1] = ' ';
         buf[2] = '\0';
+        Must(str->canGrowBy(2));
         str->append(buf, 2);
     }
-    str->append(item, strlen(item));
+    Must(str->canGrowBy(itemSize));
+    str->append(item, itemSize);
 }
 
 /** returns true iff "m" is a member of the list */
diff -u -r -N squid-3.5.14/src/tests/stub_tools.cc squid-3.5.15/src/tests/stub_tools.cc
--- squid-3.5.14/src/tests/stub_tools.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/tests/stub_tools.cc	2016-02-24 05:25:46.000000000 +1300
@@ -15,7 +15,7 @@
 
 int DebugSignal = -1;
 SBuf service_name(APP_SHORTNAME);
-void releaseServerSockets(void) STUB
+void releaseServerSockets(void) STUB_NOP
 char * dead_msg(void) STUB_RETVAL(NULL)
 void mail_warranty(void) STUB
 void dumpMallocStats(void) STUB
@@ -32,7 +32,7 @@
 void sig_shutdown(int sig) STUB
 const char * getMyHostname(void) STUB_RETVAL(NULL)
 const char * uniqueHostname(void) STUB_RETVAL(NULL)
-void leave_suid(void) STUB
+void leave_suid(void) STUB_NOP
 void enter_suid(void) STUB
 void no_suid(void) STUB
 
diff -u -r -N squid-3.5.14/src/tests/testRock.cc squid-3.5.15/src/tests/testRock.cc
--- squid-3.5.14/src/tests/testRock.cc	2016-02-16 02:59:11.000000000 +1300
+++ squid-3.5.15/src/tests/testRock.cc	2016-02-24 05:25:46.000000000 +1300
@@ -33,7 +33,7 @@
 #include <unistd.h>
 #endif
 
-#define TESTDIR "testRock_Store"
+#define TESTDIR "tr"
 
 CPPUNIT_TEST_SUITE_REGISTRATION( testRock );
 
diff -u -r -N squid-3.5.14/test-suite/stub_tools.cc squid-3.5.15/test-suite/stub_tools.cc
--- squid-3.5.14/test-suite/stub_tools.cc	2016-02-16 03:57:38.000000000 +1300
+++ squid-3.5.15/test-suite/stub_tools.cc	2016-02-24 06:16:20.000000000 +1300
@@ -15,7 +15,7 @@
 
 int DebugSignal = -1;
 SBuf service_name(APP_SHORTNAME);
-void releaseServerSockets(void) STUB
+void releaseServerSockets(void) STUB_NOP
 char * dead_msg(void) STUB_RETVAL(NULL)
 void mail_warranty(void) STUB
 void dumpMallocStats(void) STUB
@@ -32,7 +32,7 @@
 void sig_shutdown(int sig) STUB
 const char * getMyHostname(void) STUB_RETVAL(NULL)
 const char * uniqueHostname(void) STUB_RETVAL(NULL)
-void leave_suid(void) STUB
+void leave_suid(void) STUB_NOP
 void enter_suid(void) STUB
 void no_suid(void) STUB