Index: src/HttpMsg.cc
===================================================================
RCS file: /server/cvs-server/squid/squid3/src/HttpMsg.cc,v
retrieving revision 1.31
diff -u -r1.31 HttpMsg.cc
--- src/HttpMsg.cc	20 Sep 2006 11:38:14 -0000	1.31
+++ src/HttpMsg.cc	26 Sep 2006 05:29:27 -0000
@@ -56,13 +56,12 @@
 
 /* find end of headers */
 int
-httpMsgIsolateHeaders(const char **parse_start, const char **blk_start, const char **blk_end)
+httpMsgIsolateHeaders(const char **parse_start, int l, const char **blk_start, const char **blk_end)
 {
     /*
      * parse_start points to the first line of HTTP message *headers*,
      * not including the request or status lines
      */
-    size_t l = strlen(*parse_start);
     size_t end = headersEnd(*parse_start, l);
     int nnl;
 
@@ -177,7 +176,7 @@
         return false;
     }
 
-    const int res = httpMsgParseStep(buf->content(), eof);
+    const int res = httpMsgParseStep(buf->content(), buf->contentSize(), eof);
 
     if (res < 0) { // error
         debugs(58, 3, "HttpMsg::parse: cannot parse isolated headers " <<
@@ -223,7 +222,7 @@
     mb.init();
     mb.append(buf, end);
     mb.terminate();
-    success = httpMsgParseStep(mb.buf, 0);
+    success = httpMsgParseStep(mb.buf, mb.size, 0);
     mb.clean();
     return success == 1;
 }
@@ -236,9 +235,10 @@
  *      -1 -- parse error
  */
 int
-HttpMsg::httpMsgParseStep(const char *buf, int atEnd)
+HttpMsg::httpMsgParseStep(const char *buf, int len, int atEnd)
 {
     const char *parse_start = buf;
+    int parse_len = len;
     const char *blk_start, *blk_end;
     const char **parse_end_ptr = &blk_end;
     assert(parse_start);
@@ -263,12 +263,18 @@
         *parse_end_ptr = parse_start;
 
         hdr_sz = *parse_end_ptr - buf;
+	parse_len = parse_len - hdr_sz;
 
         ++pstate;
     }
 
+    /*
+     * XXX This code uses parse_start; but if we're incrementally parsing then
+     * this code might not actually be given parse_start at the right spot (just
+     * after headers.) Grr.
+     */
     if (pstate == psReadyToParseHeaders) {
-        if (!httpMsgIsolateHeaders(&parse_start, &blk_start, &blk_end)) {
+        if (!httpMsgIsolateHeaders(&parse_start, parse_len, &blk_start, &blk_end)) {
             if (atEnd) {
                 blk_start = parse_start, blk_end = blk_start + strlen(blk_start);
 	    } else {
Index: src/HttpMsg.h
===================================================================
RCS file: /server/cvs-server/squid/squid3/src/HttpMsg.h,v
retrieving revision 1.9
diff -u -r1.9 HttpMsg.h
--- src/HttpMsg.h	18 Apr 2006 12:25:50 -0000	1.9
+++ src/HttpMsg.h	26 Sep 2006 05:29:27 -0000
@@ -79,7 +79,7 @@
 
     bool parseCharBuf(const char *buf, ssize_t end);
 
-    int httpMsgParseStep(const char *buf, int atEnd);
+    int httpMsgParseStep(const char *buf, int len, int atEnd);
 
     virtual int httpMsgParseError();
 
@@ -101,7 +101,7 @@
 };
 
 
-SQUIDCEXTERN int httpMsgIsolateHeaders(const char **parse_start, const char **blk_start, const char **blk_end);
+SQUIDCEXTERN int httpMsgIsolateHeaders(const char **parse_start, int len, const char **blk_start, const char **blk_end);
 
 #define HTTPMSGUNLOCK(a) if(a){(a)->_unlock();(a)=NULL;}
 #define HTTPMSGLOCK(a) (a)->_lock()
Index: src/HttpRequest.cc
===================================================================
RCS file: /server/cvs-server/squid/squid3/src/HttpRequest.cc,v
retrieving revision 1.67
diff -u -r1.67 HttpRequest.cc
--- src/HttpRequest.cc	29 May 2006 21:44:18 -0000	1.67
+++ src/HttpRequest.cc	26 Sep 2006 05:29:28 -0000
@@ -208,11 +208,11 @@
 }
 
 int
-HttpRequest::parseHeader(const char *parse_start)
+HttpRequest::parseHeader(const char *parse_start, int len)
 {
     const char *blk_start, *blk_end;
 
-    if (!httpMsgIsolateHeaders(&parse_start, &blk_start, &blk_end))
+    if (!httpMsgIsolateHeaders(&parse_start, len, &blk_start, &blk_end))
         return 0;
 
     int result = header.parse(blk_start, blk_end);
Index: src/HttpRequest.h
===================================================================
RCS file: /server/cvs-server/squid/squid3/src/HttpRequest.h,v
retrieving revision 1.23
diff -u -r1.23 HttpRequest.h
--- src/HttpRequest.h	29 May 2006 21:44:18 -0000	1.23
+++ src/HttpRequest.h	26 Sep 2006 05:29:28 -0000
@@ -136,7 +136,7 @@
 
     bool parseFirstLine(const char *start, const char *end);
 
-    int parseHeader(const char *parse_start);
+    int parseHeader(const char *parse_start, int len);
 
     virtual bool expectingBody(method_t unused, ssize_t&) const;
 
Index: src/client_side.cc
===================================================================
RCS file: /server/cvs-server/squid/squid3/src/client_side.cc,v
retrieving revision 1.736
diff -u -r1.736 client_side.cc
--- src/client_side.cc	25 Sep 2006 15:04:06 -0000	1.736
+++ src/client_side.cc	26 Sep 2006 05:29:30 -0000
@@ -2286,7 +2286,8 @@
 
     /* compile headers */
     /* we should skip request line! */
-    if (!request->parseHeader(prefix + req_line_sz)) {
+    /* XXX should actually know the damned buffer size here */
+    if (!request->parseHeader(prefix + req_line_sz, strlen(prefix + req_line_sz))) {
         clientStreamNode *node = context->getClientReplyContext();
         debug(33, 5) ("Failed to parse request headers:\n%s\n", prefix);
         clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());