diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
index 0faf2bbb645924..8174c86856df17 100644
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -1059,6 +1059,16 @@ def test_splithost(self):
         self.assertEqual(splithost("//example.net/file#"),
                          ('example.net', '/file#'))
 
+        # bpo-35906: disallow line breaks
+        self.assertEqual(splithost('//127.0.0.1:1234/?q=HTTP/1.1\r\nHeader: Value'),
+                         (None, '//127.0.0.1:1234/?q=HTTP/1.1\r\nHeader: Value'))
+
+        self.assertEqual(splithost('//127.0.0.1:1234?q=HTTP/1.1\r\nHeader: Value'),
+                         (None, '//127.0.0.1:1234?q=HTTP/1.1\r\nHeader: Value'))
+
+        self.assertEqual(splithost('//127.0.0.1:1234#q=HTTP/1.1\r\nHeader: Value'),
+                         (None, '//127.0.0.1:1234#q=HTTP/1.1\r\nHeader: Value'))
+
     def test_splituser(self):
         splituser = urllib.parse._splituser
         self.assertEqual(splituser('User:Pass@www.python.org:080'),
diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
index 8b6c9b10609152..42a4029d8ee049 100644
--- a/Lib/urllib/parse.py
+++ b/Lib/urllib/parse.py
@@ -1016,7 +1016,7 @@ def _splithost(url):
     """splithost('//host[:port]/path') --> 'host[:port]', '/path'."""
     global _hostprog
     if _hostprog is None:
-        _hostprog = re.compile('//([^/#?]*)(.*)', re.DOTALL)
+        _hostprog = re.compile('//([^/#?]*)(.*)$')
 
     match = _hostprog.match(url)
     if match:
diff --git a/Misc/NEWS.d/next/Library/2019-03-24-14-36-23.bpo-35906.TU53mt.rst b/Misc/NEWS.d/next/Library/2019-03-24-14-36-23.bpo-35906.TU53mt.rst
new file mode 100644
index 00000000000000..a3c8f4e309b723
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2019-03-24-14-36-23.bpo-35906.TU53mt.rst
@@ -0,0 +1 @@
+Fix CRLF injection in urllib as disallowing line breaks in parse
\ No newline at end of file