From 6a7c5eac8d513331f9769e8e4167e6727feb83cc Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Thu, 20 Jul 2017 17:18:18 -0700
Subject: [PATCH] http: smarter handling of decodeURIComponent calls.

---
 lib/btc/uri.js     | 13 ++++++++++---
 lib/http/base.js   |  8 ++++++--
 lib/node/config.js |  9 ++++++---
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/lib/btc/uri.js b/lib/btc/uri.js
index ab8e24ef..addbdfcd 100644
--- a/lib/btc/uri.js
+++ b/lib/btc/uri.js
@@ -251,9 +251,16 @@ function parsePairs(str) {
 }
 
 function unescape(str) {
-  str = decodeURIComponent(str);
-  str = str.replace(/\+/g, ' ');
-  str = str.replace(/\0/g, '');
+  try {
+    str = decodeURIComponent(str);
+    str = str.replace(/\+/g, ' ');
+  } catch (e) {
+    throw new Error('Malformed URI.');
+  }
+
+  if (str.indexOf('\0') !== -1)
+    throw new Error('Malformed URI.');
+
   return str;
 }
 
diff --git a/lib/http/base.js b/lib/http/base.js
index a997263a..9fc9d863 100644
--- a/lib/http/base.js
+++ b/lib/http/base.js
@@ -1654,8 +1654,12 @@ function parsePairs(str, limit) {
 }
 
 function unescape(str) {
-  str = decodeURIComponent(str);
-  str = str.replace(/\+/g, ' ');
+  try {
+    str = decodeURIComponent(str);
+    str = str.replace(/\+/g, ' ');
+  } catch (e) {
+    ;
+  }
   str = str.replace(/\0/g, '');
   return str;
 }
diff --git a/lib/node/config.js b/lib/node/config.js
index 2a77b759..af227a22 100644
--- a/lib/node/config.js
+++ b/lib/node/config.js
@@ -923,10 +923,13 @@ Config.prototype.parseForm = function parseForm(query, map) {
 
 function unescape(str) {
   try {
-    str = decodeURIComponent(str).replace(/\+/g, ' ');
-  } finally {
-    return str.replace(/\0/g, '');
+    str = decodeURIComponent(str);
+    str = str.replace(/\+/g, ' ');
+  } catch (e) {
+    ;
   }
+  str = str.replace(/\0/g, '');
+  return str;
 }
 
 function isAlpha(str) {