Cycloctane
diff --git a/‎CHANGES/10600.bugfix.rst‎
Lines changed: 2 additions & 0 deletions b/‎CHANGES/10600.bugfix.rst‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎aiohttp/_http_parser.pyx‎
Lines changed: 5 additions & 2 deletions b/‎aiohttp/_http_parser.pyx‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎aiohttp/http_parser.py‎
Lines changed: 4 additions & 1 deletion b/‎aiohttp/http_parser.py‎
Lines changed: 4 additions & 1 deletion
@@ -0,0 +1,2 @@
+Fixed http parser not rejecting HTTP/1.1 requests that do not have valid Host header.
+-- by :user:`Cycloctane`.
@@ -457,6 +457,7 @@ cdef class HttpParser:
     cdef _on_headers_complete(self):
         self._process_header()
 
+        http_version = self.http_version()
         should_close = not cparser.llhttp_should_keep_alive(self._cparser)
         upgrade = self._cparser.upgrade
         chunked = self._cparser.flags & cparser.F_CHUNKED
@@ -465,6 +466,8 @@ cdef class HttpParser:
         headers = CIMultiDictProxy(CIMultiDict(self._headers))
 
         if self._cparser.type == cparser.HTTP_REQUEST:
+            if http_version == HttpVersion11 and hdrs.HOST not in headers:
+                raise BadHttpMessage("Missing 'Host' header in request.")
             h_upg = headers.get("upgrade", "")
             allowed = upgrade and h_upg.isascii() and h_upg.lower() in ALLOWED_UPGRADES
             if allowed or self._cparser.method == cparser.HTTP_CONNECT:
@@ -488,11 +491,11 @@ cdef class HttpParser:
             method = http_method_str(self._cparser.method)
             msg = _new_request_message(
                 method, self._path,
-                self.http_version(), headers, raw_headers,
+                http_version, headers, raw_headers,
                 should_close, encoding, upgrade, chunked, self._url)
         else:
             msg = _new_response_message(
-                self.http_version(), self._cparser.status_code, self._reason,
+                http_version, self._cparser.status_code, self._reason,
                 headers, raw_headers, should_close, encoding,
                 upgrade, chunked)
 
 
@@ -49,7 +49,7 @@
     LineTooLong,
     TransferEncodingError,
 )
-from .http_writer import HttpVersion, HttpVersion10
+from .http_writer import HttpVersion, HttpVersion10, HttpVersion11
 from .streams import EMPTY_PAYLOAD, StreamReader
 from .typedefs import RawHeaders
 
@@ -686,6 +686,9 @@ def parse_message(self, lines: list[bytes]) -> RawRequestMessage:
             chunked,
         ) = self.parse_headers(lines[1:])
 
+        if version_o == HttpVersion11 and hdrs.HOST not in headers:
+            raise BadHttpMessage("Missing 'Host' header in request.")
+
         if close is None:  # then the headers weren't set in the request
             if version_o <= HttpVersion10:  # HTTP 1.0 must asks to not close
                 close = True
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Fixed http parser not rejecting HTTP/1.1 requests that do not have valid Host header.`
	`2`	+-- by :user:`Cycloctane`.