Improved detection of broken percent encoding in URI.

author Ruslan Ermilov <ru@nginx.com>

Tue, 8 Oct 2019 18:56:14 +0000 (21:56 +0300)

committer Ruslan Ermilov <ru@nginx.com>

Tue, 8 Oct 2019 18:56:14 +0000 (21:56 +0300)
author Ruslan Ermilov <ru@nginx.com>
Tue, 8 Oct 2019 18:56:14 +0000 (21:56 +0300)
committer Ruslan Ermilov <ru@nginx.com>
Tue, 8 Oct 2019 18:56:14 +0000 (21:56 +0300)
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c

index 8e1b118529a5e2af6a544c136f5ba6106e5ba9dc..b8a27e084fd7f290abf8d8b12b31bdb47f750579 100644 (file)
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
          }
      }
  
+    if (state == sw_quoted || state == sw_quoted_second) {
+        return NGX_HTTP_PARSE_INVALID_REQUEST;
+    }
+
  done:
  
      r->uri.len = u - r->uri.data;
author	Ruslan Ermilov <ru@nginx.com>
	Tue, 8 Oct 2019 18:56:14 +0000 (21:56 +0300)
committer	Ruslan Ermilov <ru@nginx.com>
	Tue, 8 Oct 2019 18:56:14 +0000 (21:56 +0300)