diff -r 40ecc0a6b280 -r b26bec196a2e src/server/util/io.c
--- a/src/server/util/io.c	Thu Aug 15 22:16:05 2024 +0200
+++ b/src/server/util/io.c	Thu Aug 15 22:38:03 2024 +0200
@@ -620,7 +620,7 @@
     if(!hdr_end || i == len) {
         return 0; // incomplete
     }
-    
+       
     if(*hdr_end == '\r') {
         // we also need '\n'
         if(hdr_end[1] != '\n') {
@@ -629,6 +629,12 @@
         i++; // '\n' found
     }
     
+    // check if the first character is a number
+    char f = hdr_start[0];
+    if(!(isdigit(f) || (f >= 'A' && f <= 'F') || (f >= 'a' && f <= 'f'))) {
+        return -1;
+    }
+    
     // parse
     char save_c = *hdr_end;
     *hdr_end = '\0';
@@ -637,7 +643,7 @@
     errno = 0;
     clen = strtoll(hdr_start, &end, 16);
     *hdr_end = save_c;
-    if(end != hdr_end) {
+    if(errno == 0 && end != hdr_end) {
         return -1;
     }
     i++;