From: Ruslan Ermilov <ru@nginx.com>
Date: Tue, 8 Oct 2019 18:56:14 +0000 (+0300)
Subject: Improved detection of broken percent encoding in URI.
X-Git-Tag: release-1.17.5~10
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=2ac24f1c88b7cd85ee7e9b189fc524fae74e78af;p=nginx.git

Improved detection of broken percent encoding in URI.
---

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 8e1b11852..b8a27e084 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
         }
     }
 
+    if (state == sw_quoted || state == sw_quoted_second) {
+        return NGX_HTTP_PARSE_INVALID_REQUEST;
+    }
+
 done:
 
     r->uri.len = u - r->uri.data;