Yes. I looked at the code a bit last night and it would possible, but difficult, to return a parse fail value from that logic because of how is used.
As Cynthia noted, the fundamental problem is the HOST field is not checked for validity during the initial request parsing and after that, the request is presumed to be sufficiently correct. My first impression would be to put a special check for the HOST field in http_parser_parse_req() which is the top level function for parsing and validating the incoming request. You would need to check the return value from mime_parser_parse and if DONE then check the HOST field if present. We may want to check for presence as well, since it is a required field for HTTP 1.1. As for code to do the HOST field checking, I don't know of any. For the port, I'd be tempted to re-use the logic from _fill_target_cache with a check per loop of going over 65536 (you're not going to overflow from a valid port valid on a single digit).
