diff -up http-parser-2.7.1/http_parser.c.cve http-parser-2.7.1/http_parser.c
--- http-parser-2.7.1/http_parser.c.cve	2019-03-23 09:08:12.831806096 +0100
+++ http-parser-2.7.1/http_parser.c	2019-03-23 09:09:45.047875248 +0100
@@ -1483,6 +1483,11 @@ reexecute:
             parser->header_state = h_content_length_num;
             break;
 
+          /* when obsolete line folding is encountered for content length
+           * continue to the s_header_value state */
+          case h_content_length_ws:
+            break;
+
           case h_connection:
             /* looking for 'Connection: keep-alive' */
             if (c == 'k') {
@@ -1727,6 +1732,10 @@ reexecute:
       case s_header_value_lws:
       {
         if (ch == ' ' || ch == '\t') {
+          if (parser->header_state == h_content_length_num) {
+              /* treat obsolete line folding as space */
+              parser->header_state = h_content_length_ws;
+          }
           UPDATE_STATE(s_header_value_start);
           REEXECUTE();
         }
diff -up http-parser-2.7.1/test.c.cve http-parser-2.7.1/test.c
--- http-parser-2.7.1/test.c.cve	2019-03-23 09:08:12.831806096 +0100
+++ http-parser-2.7.1/test.c	2019-03-23 09:09:45.049875249 +0100
@@ -3968,6 +3968,20 @@ main (void)
       HPE_INVALID_CONTENT_LENGTH,
       HTTP_REQUEST);
 
+  test_simple_type(
+      "POST / HTTP/1.1\r\n"
+      "Content-Length:  42\r\n"
+      " Hello world!\r\n",
+      HPE_INVALID_CONTENT_LENGTH,
+      HTTP_REQUEST);
+
+  test_simple_type(
+      "POST / HTTP/1.1\r\n"
+      "Content-Length:  42\r\n"
+      " \r\n",
+      HPE_OK,
+      HTTP_REQUEST);
+
   //// RESPONSES
 
   for (i = 0; i < response_count; i++) {