From ac0860f6bcb524b2646b8c168dd355ec364d188e Mon Sep 17 00:00:00 2001
From: bel <bel2125@gmail.com>
Date: Mon, 18 Jan 2016 21:14:32 +0100
Subject: [PATCH] Make parse_http_headers robust against headers without :

---
 src/civetweb.c | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/civetweb.c b/src/civetweb.c
index b6cf301d..1f6ba9ee 100644
--- a/src/civetweb.c
+++ b/src/civetweb.c
@@ -6459,18 +6459,35 @@ parse_http_headers(char **buf, struct mg_request_info *ri)
 	ri->num_headers = 0;
 
 	for (i = 0; i < (int)ARRAY_SIZE(ri->http_headers); i++) {
-		char *dp = strchr(*buf, ':');
-		if (!dp) {
+		char *dp = *buf;
+		while ((*dp != ':') && (*dp != '\r') && (*dp != 0)) {
+			dp++;
+        }
+		if (!*dp) {
+			/* neither : nor \r\n. This is not a valid field. */
 			break;
 		}
-		*dp = 0;
-		ri->http_headers[i].name = *buf;
-		do {
-			dp++;
-		} while (*dp == ' ');
+		if (*dp == '\r') {
+			if (dp[1] == '\n') {
+				/* \r\n */
+				ri->http_headers[i].name = *buf;
+				ri->http_headers[i].value = 0;
+				*buf = dp;
+			} else {
+				/* stray \r. This is not valid. */
+				break;
+			}
+		} else {
+			/* (*dp == ':') */
+			*dp = 0;
+			ri->http_headers[i].name = *buf;
+			do {
+				dp++;
+			} while (*dp == ' ');
 
-		ri->http_headers[i].value = dp;
-		*buf = strstr(dp, "\r\n");
+			ri->http_headers[i].value = dp;
+			*buf = strstr(dp, "\r\n");
+		}
 
 		ri->num_headers = i + 1;
 		if (*buf) {