diff --git a/CHANGES b/CHANGES
index aae1ec2..9d339eb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4.1:
+	Fix 0.9 not detected with query_string (Alyssa Milburn).
+
 4.0:
 	Fix directory traversal vulnerability (Alyssa Milburn).
 
diff --git a/eris.c b/eris.c
index da99dc5..90df5f6 100644
--- a/eris.c
+++ b/eris.c
@@ -782,33 +782,31 @@ handle_request()
 		*(fsp++) = '.';
 		*(fsp++) = '/';
 		for (; *p != ' '; p += 1) {
-			if (! query_string) {
-				char c = *p;
+			char c = *p;
 
-				switch (c) {
-					case 0:
-						badrequest(413, "Request Entity Too Large", "The HTTP request was too long");
-					case '\n':
-						badrequest(505, "Version Not Supported", "HTTP/0.9 not supported");
-					case '?':
-						query_string = p + 1;
-						continue;
-					case '%':
-						if (p[1] && p[2]) {
-							int a = fromhex(p[1]);
-							int b = fromhex(p[2]);
+			switch (c) {
+				case 0:
+					badrequest(413, "Request Entity Too Large", "The HTTP request was too long");
+				case '\n':
+					badrequest(505, "Version Not Supported", "HTTP/0.9 not supported");
+				case '?':
+					query_string = p + 1;
+					break;
+				case '%':
+					if ((! query_string) && p[1] && p[2]) {
+						int a = fromhex(p[1]);
+						int b = fromhex(p[2]);
 
-							if ((a >= 0) && (b >= 0)) {
-								c = (a << 4) | b;
-								p += 2;
-							}
+						if ((a >= 0) && (b >= 0)) {
+							c = (a << 4) | b;
+							p += 2;
 						}
-						break;
-				}
+					}
+					break;
+			}
 
-				if (fsp - fspath + 1 < sizeof fspath) {
-					*(fsp++) = c;
-				}
+			if ((! query_string) && (fsp - fspath + 1 < sizeof fspath)) {
+				*(fsp++) = c;
 			}
 		}
 		*fsp = 0;
diff --git a/test.sh b/test.sh
index e6585ed..403979a 100755
--- a/test.sh
+++ b/test.sh
@@ -112,6 +112,9 @@ printf 'GET / HTTP/1.0\n\n' | $HTTPD 2>/dev/null | grep -q 'james' && pass || fa
 title "No trailing slash"
 printf 'GET /empty HTTP/1.0\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q '301 Redirect#%.*Location: /empty/#%#%' && pass || fail
 
+title "No version after query_string"
+printf 'GET /?\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q 'HTTP/0.9' && pass || fail
+
 title "Logging /"
 (printf 'GET / HTTP/1.1\r\nHost: host\r\n\r\n' | 
     PROTO=TCP TCPREMOTEPORT=1234 TCPREMOTEIP=10.0.0.2 $HTTPD >/dev/null) 2>&1 | grep -q '^10.0.0.2:1234 200 6 host (null) (null) /$' && pass || fail