[nginx] Improved detection of broken percent encoding in URI.
Ruslan Ermilov
ru at nginx.com
Tue Oct 8 18:57:52 UTC 2019
details: https://hg.nginx.org/nginx/rev/5a3426683251
branches:
changeset: 7577:5a3426683251
user: Ruslan Ermilov <ru at nginx.com>
date: Tue Oct 08 21:56:14 2019 +0300
description:
Improved detection of broken percent encoding in URI.
diffstat:
src/http/ngx_http_parse.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff -r 7fdcf308e0f0 -r 5a3426683251 src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Mon Sep 30 16:39:20 2019 +0300
+++ b/src/http/ngx_http_parse.c Tue Oct 08 21:56:14 2019 +0300
@@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_requ
}
}
+ if (state == sw_quoted || state == sw_quoted_second) {
+ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ }
+
done:
r->uri.len = u - r->uri.data;
More information about the nginx-devel
mailing list