From: Sergey Kandaurov <pluknet@nginx.com>
Date: Fri, 8 May 2026 15:38:43 +0000 (+0400)
Subject: Reject HTTP CONNECT method with no port after colon
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;ds=sidebyside;p=nginx.git

Reject HTTP CONNECT method with no port after colon
---

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 81f689e5b..ac10f561a 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -120,6 +120,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
         sw_host,
         sw_host_end,
         sw_host_ip_literal,
+        sw_port_start,
         sw_port,
         sw_after_slash_in_uri,
         sw_check_uri,
@@ -388,7 +389,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
         case sw_host_end:
 
             if (ch == ':') {
-                state = sw_port;
+                state = sw_port_start;
                 break;
             }
 
@@ -464,6 +465,19 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
             }
             break;
 
+        case sw_port_start:
+            state = sw_port;
+
+            if (ch >= '0' && ch <= '9') {
+                break;
+            }
+
+            if (r->method == NGX_HTTP_CONNECT) {
+                return NGX_HTTP_PARSE_INVALID_REQUEST;
+            }
+
+            /* fall through */
+
         case sw_port:
             if (ch >= '0' && ch <= '9') {
                 break;