Improved detection of broken percent encoding in URI.

commit: 54b96383e3795a98e49becd5606c39975717ce40 [log] [tgz]
author: Ruslan Ermilov <ru@nginx.com> Tue Oct 08 21:56:14 2019 +0300
committer: Ruslan Ermilov <ru@nginx.com> Tue Oct 08 21:56:14 2019 +0300
tree: c5fd118131c182b4f31bbdd48b90f38c3a194212
parent: 82cd3f1dec2117be0f984a058d64ab6f8299efbc [diff]
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 8e1b118..b8a27e0 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c

@@ -1561,6 +1561,10 @@
         }
     }
 
+    if (state == sw_quoted || state == sw_quoted_second) {
+        return NGX_HTTP_PARSE_INVALID_REQUEST;
+    }
+
 done:
 
     r->uri.len = u - r->uri.data;
commit	54b96383e3795a98e49becd5606c39975717ce40	[log] [tgz]
author	Ruslan Ermilov <ru@nginx.com>	Tue Oct 08 21:56:14 2019 +0300
committer	Ruslan Ermilov <ru@nginx.com>	Tue Oct 08 21:56:14 2019 +0300
tree	c5fd118131c182b4f31bbdd48b90f38c3a194212
parent	82cd3f1dec2117be0f984a058d64ab6f8299efbc [diff]