# HG changeset patch
# User Ruslan Ermilov <ru@nginx.com>
# Date 1570560974 -10800
# Node ID 5a3426683251a6795bd3e7265c1b0e4f30b1174e
# Parent  7fdcf308e0f043a10b12adee6ddae11b895396c6
Improved detection of broken percent encoding in URI.

diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_requ
         }
     }
 
+    if (state == sw_quoted || state == sw_quoted_second) {
+        return NGX_HTTP_PARSE_INVALID_REQUEST;
+    }
+
 done:
 
     r->uri.len = u - r->uri.data;