diff options
| author | Ruslan Ermilov <ru@nginx.com> | 2019-10-08 21:56:14 +0300 |
|---|---|---|
| committer | Ruslan Ermilov <ru@nginx.com> | 2019-10-08 21:56:14 +0300 |
| commit | 2ac24f1c88b7cd85ee7e9b189fc524fae74e78af (patch) | |
| tree | c5fd118131c182b4f31bbdd48b90f38c3a194212 /src/http/ngx_http_parse.c | |
| parent | f7999fe6893fec58332357c12eeb02f39589b894 (diff) | |
| download | nginx-2ac24f1c88b7cd85ee7e9b189fc524fae74e78af.tar.gz nginx-2ac24f1c88b7cd85ee7e9b189fc524fae74e78af.zip | |
Improved detection of broken percent encoding in URI.
Diffstat (limited to 'src/http/ngx_http_parse.c')
| -rw-r--r-- | src/http/ngx_http_parse.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 8e1b11852..b8a27e084 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) } } + if (state == sw_quoted || state == sw_quoted_second) { + return NGX_HTTP_PARSE_INVALID_REQUEST; + } + done: r->uri.len = u - r->uri.data; |