Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where

libcurl always and unconditionally overwrote a stack-based array with 3 zero
bytes. I edited the fix to make it less likely to occur again (and added
a comment explaining the reason to the buffer size).