commit - df6ca41da36c3f617cbbf3302ab120721ebfcfd2
commit + 00781742c5578afa15d0b2dbc86adf47870fb94f
blob - 1c9b75f2c471e4d3b9e67dba136bfb081e1a8d7e
blob + 16a1b3919227497d33a592eabc9e009fafc75a32
--- README.md
+++ README.md
@@ -220,3 +220,6 @@ since it's relative to the document root.
 *	a %2F sequence in the path part is indistinguishable from a literal
 	slash: this is not RFC3986-compliant.
 
+*	a %00 sequence either in the path or in the query part is treated as
+	invalid character and thus rejected.
+
blob - edf67d5281ed871d651552902d513166ee9d2d2c
blob + 5c9aeb6613600df71d049f8f1cd51af53d7c976f
--- gmid.1
+++ gmid.1
@@ -192,4 +192,7 @@ completely ignored.
 .It
 a %2F sequence in the path part is indistinguishable from a literal
 slash: this is not RFC3986-compliant.
+.It
+a %00 sequence either in the path or in the query part is treated as
+invalid character and thus rejected.
 .El
blob - 3f81b762a5c8152496864bf438e9f8c16be84c63
blob + 26e81328b43a4307db1ac7abdf026ed136ac1775
--- uri.c
+++ uri.c
@@ -172,6 +172,10 @@ parse_pct_encoded(struct parser *p)
 
 	sscanf(p->uri+1, "%2hhx", p->uri);
 	memmove(p->uri+1, p->uri+3, strlen(p->uri+3)+1);
+	if (*p->uri == '\0') {
+		p->err = "illegal percent-encoding";
+		return 0;
+	}
 
 	return 1;
 }
@@ -252,6 +256,9 @@ parse_authority(struct parser *p)
 	    || parse_pct_encoded(p))
 		p->uri++;
 
+	if (p->err != NULL)
+		return 0;
+
 	if (*p->uri == ':') {
 		*p->uri = '\0';
 		p->uri++;
@@ -356,6 +363,9 @@ parse_query(struct parser *p)
 	    || valid_multibyte_utf8(p))
 		p->uri++;
 
+	if (p->err != NULL)
+		return 0;
+
 	if (*p->uri != '\0' && *p->uri != '#') {
 		p->err = "illegal character in query";
 		return 0;
@@ -397,6 +407,9 @@ parse_path(struct parser *p)
 	    || valid_multibyte_utf8(p))
 		p->uri++;
 
+	if (p->err != NULL)
+		return 0;
+
 	if (*p->uri != '\0' && *p->uri != '?' && *p->uri != '#') {
 		p->err = "illegal character in path";
 		return 0;