Add more URI validation for scheme.

diff --git a/cups/http-support.c b/cups/http-support.c
index ca8fc87a194bad8a4b2fa00e675c76a84f914210..2535908431e1e0928012141b7935e556714e3329 100644 (file)
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1,10 +1,11 @@
 /*
  * HTTP support routines for CUPS.
  *
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2018 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
  */
 
 /*
@@ -1026,7 +1027,7 @@ httpSeparateURI(
 
     *ptr = '\0';
 
-    if (*uri != ':')
+    if (*uri != ':' || *scheme == '.' || !*scheme)
     {
       *scheme = '\0';
       return (HTTP_URI_STATUS_BAD_SCHEME);

diff --git a/cups/testhttp.c b/cups/testhttp.c
index 8ef06589cdc4a1894189ff1b37880ca87211705a..90d36d4468b259b581ed8e3b339f9ad252240cbc 100644 (file)
--- a/cups/testhttp.c
+++ b/cups/testhttp.c
@@ -143,6 +143,9 @@ static uri_test_t   uri_tests[] =   /* URI test data */
                            HTTP_URI_CODING_MOST  },
 
                          /* Bad scheme */
+                         { HTTP_URI_STATUS_BAD_SCHEME, "://server/ipp",
+                           "", "", "", "", 0, 0,
+                           HTTP_URI_CODING_MOST  },
                          { HTTP_URI_STATUS_BAD_SCHEME, "bad_scheme://server/resource",
                            "", "", "", "", 0, 0,
                            HTTP_URI_CODING_MOST  },