Add more URI validation for scheme.

diff --git a/cups/http-support.c b/cups/http-support.c
index cbee9ab9d28ed891850b78ab0a42ee8ed90aa317..76c127222cec7fedd89662c60c16f10c5c3d967a 100644 (file)
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1,7 +1,7 @@
 /*
  * HTTP support routines for CUPS.
  *
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2018 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
  * These coded instructions, statements, and computer programs are the
@@ -1032,7 +1032,7 @@ httpSeparateURI(
 
     *ptr = '\0';
 
-    if (*uri != ':')
+    if (*uri != ':' || *scheme == '.' || !*scheme)
     {
       *scheme = '\0';
       return (HTTP_URI_STATUS_BAD_SCHEME);

diff --git a/cups/testhttp.c b/cups/testhttp.c
index f53e09e33f0edf96da33f4a9f033f6700c8b1a9c..582cfbcbc9f1d2650ab3b9225a9e13187880678e 100644 (file)
--- a/cups/testhttp.c
+++ b/cups/testhttp.c
@@ -148,6 +148,9 @@ static uri_test_t   uri_tests[] =   /* URI test data */
                            HTTP_URI_CODING_MOST  },
 
                          /* Bad scheme */
+                         { HTTP_URI_STATUS_BAD_SCHEME, "://server/ipp",
+                           "", "", "", "", 0, 0,
+                           HTTP_URI_CODING_MOST  },
                          { HTTP_URI_STATUS_BAD_SCHEME, "bad_scheme://server/resource",
                            "", "", "", "", 0, 0,
                            HTTP_URI_CODING_MOST  },