nginx's own HTTP/1.1 request-line and header parser does the same byte-level work you implement here, and mismatched Content-Length handling between a server and an upstream proxy is exactly the root cause of real HTTP request-smuggling CVEs. RFC 9112 (formerly RFC 7230) is the actual specification governing every header and status line you construct in this task.