From f0077a12b20a6cbf3358eaeb09e528ec65e9eca9 Mon Sep 17 00:00:00 2001
From: Andreas Rumpf <rumpf_a@web.de>
Date: Wed, 6 May 2026 13:48:08 +0200
Subject: [PATCH] fixes DOS via malformed HTTP protocol (#25793)

refs https://github.com/nim-lang/Nim/pull/25568
---
 lib/pure/asynchttpserver.nim | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pure/asynchttpserver.nim b/lib/pure/asynchttpserver.nim
index a88a2d2e43..f757301ed8 100644
--- a/lib/pure/asynchttpserver.nim
+++ b/lib/pure/asynchttpserver.nim
@@ -153,7 +153,7 @@ proc parseProtocol(protocol: string): tuple[orig: string, major, minor: int] =
         protocol)
   result.orig = protocol
   i.inc protocol.parseSaturatedNatural(result.major, i)
-  i.inc # Skip .
+  if i < protocol.len: inc i # Skip .
   i.inc protocol.parseSaturatedNatural(result.minor, i)
 
 proc sendStatus(client: AsyncSocket, status: string): Future[void] =