Improved detection of broken percent encoding in URI.

lzlrd · Oct 8, 2019 · 2ac24f1 · 2ac24f1
1 parent f7999fe
commit 2ac24f1
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
@@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
         }
     }
 
+    if (state == sw_quoted || state == sw_quoted_second) {
+        return NGX_HTTP_PARSE_INVALID_REQUEST;
+    }
+
 done:
 
     r->uri.len = u - r->uri.data;