--- tomcat6-6.0.35/java/org/apache/coyote/http11/InternalNioInputBuffer.java	2012/07/02 12:47:54	1356207
+++ tomcat6-6.0.35/java/org/apache/coyote/http11/InternalNioInputBuffer.java	2012/07/02 13:01:28	1356208
@@ -673,10 +673,6 @@
         
         do {
             status = parseHeader();
-        } while ( status == HeaderParseStatus.HAVE_MORE_HEADERS );
-        if (status == HeaderParseStatus.DONE) {
-            parsingHeader = false;
-            end = pos;
             // Checking that
             // (1) Headers plus request line size does not exceed its limit
             // (2) There are enough bytes to avoid expanding the buffer when
@@ -685,11 +681,15 @@
             // limitation to enforce the meaning of headerBufferSize
             // From the way how buf is allocated and how blank lines are being
             // read, it should be enough to check (1) only.
-            if (end - skipBlankLinesBytes > headerBufferSize
-                    || buf.length - end < socketReadBufferSize) {
+            if (pos - skipBlankLinesBytes > headerBufferSize
+                    || buf.length - pos < socketReadBufferSize) {
                 throw new IllegalArgumentException(
                         sm.getString("iib.requestheadertoolarge.error"));
             }
+        } while ( status == HeaderParseStatus.HAVE_MORE_HEADERS );
+        if (status == HeaderParseStatus.DONE) {
+            parsingHeader = false;
+            end = pos;
             return true;
         } else {
             return false;