See: http://bugs.debian.org/460097 One instance of this bug has already been fixed in commit 888358122004b9571c8fbdfa52ceee1ba5e5f4f2. (Fixed by Hilko Bengen, forwarded by Jan Wagner.)
@@ -733,7 +733,10 @@ get_content_length (const char *headers)
/* Skip to the end of the header, including continuation lines. */
while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
s++;
- s++;
+
+ /* Avoid stepping over end-of-string marker */
+ if (*s)
+ s++;
/* Process this header. */
if (value && value > field+2) {
Holger Weiss