From a912e305c9814e7ee23e5506d377fdf37e835f1c Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Thu, 3 Nov 2016 16:43:28 +0300
Subject: [PATCH] Reject requests like "GET / HTTP/1a1" Numbers must be
 separated by dot. This makes life a little bit harder for attackers who would
 like to inject specially crafted packets after GET / (e.g. in nginx there are
 sometimes regular expressions like (?P<action>[^.]).html

---
 gunicorn/http/message.py        | 2 +-
 tests/requests/invalid/018.http | 3 +++
 tests/requests/invalid/018.py   | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 tests/requests/invalid/018.http
 create mode 100644 tests/requests/invalid/018.py

diff --git a/gunicorn/http/message.py b/gunicorn/http/message.py
index 39691664..0c83b89f 100644
--- a/gunicorn/http/message.py
+++ b/gunicorn/http/message.py
@@ -23,7 +23,7 @@ DEFAULT_MAX_HEADERFIELD_SIZE = 8190
 
 HEADER_RE = re.compile("[\x00-\x1F\x7F()<>@,;:\[\]={} \t\\\\\"]")
 METH_RE = re.compile(r"[A-Z0-9$-_.]{3,20}")
-VERSION_RE = re.compile(r"HTTP/(\d+).(\d+)")
+VERSION_RE = re.compile(r"HTTP/(\d+)\.(\d+)")
 
 
 class Message(object):
diff --git a/tests/requests/invalid/018.http b/tests/requests/invalid/018.http
new file mode 100644
index 00000000..a871238b
--- /dev/null
+++ b/tests/requests/invalid/018.http
@@ -0,0 +1,3 @@
+GET /test HTTP/111\r\n
+Host: localhost\r\n
+\r\n
diff --git a/tests/requests/invalid/018.py b/tests/requests/invalid/018.py
new file mode 100644
index 00000000..760840b6
--- /dev/null
+++ b/tests/requests/invalid/018.py
@@ -0,0 +1,2 @@
+from gunicorn.http.errors import InvalidHTTPVersion
+request = InvalidHTTPVersion