id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
762	procol version integer overflow, downgrade to 0.9	openid.stackexchange.com/user/9a01f091-0d6d-4e99-8f37-dcf99897dd7c		"Nginx currently supports the old RFC with :

{{{
HTTP / *DIGIT . *DIGIT
}}}

But when extracting the major and minor version there's an int16 overflow which means that currently ""HTTP/65536.9"" or ""HTTP/65536.8"" can be used and will be detected as HTTP/0.9.

This can be used to generate headless responses from Nginx (like a regular 0.9 query) while using something which does not look like a 0.9 query.

They're two ways of fixing it:
 * use the attached patch to prevent int16 overflow 
 * remove the multi-digit part in the automaton parser (as the new rfc 7230 allows only one digit for major and 1 for minor)

Note that this patch is a poc on `ngx_http_parse.c` which may need to be applied on other places like `ngx_event_openssl_stapling.c` or  `ngx_http_spdy.c` where the same issue can also be present.
"	defect	closed	minor		nginx-core	1.7.x	fixed				"nginx version: nginx/1.9.0
built by gcc 4.9.2 (Debian 4.9.2-10) 
configure arguments:
"