httpSeparateURI() did not reject URIs containing raw spaces or other chars that

are not allowed in a URI.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@10898 7a7537e8-13f0-0310-91df-b6672ffda945

diff --git a/cups/http-support.c b/cups/http-support.c
index e75881efbdadca2ccfbd781137444d787344de40..d57326f751f491234e3e2c3463e83c6fe5cd98b6 100644 (file)
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1869,6 +1869,11 @@ http_copy_decode(char       *dst,        /* O - Destination buffer */
          return (NULL);
        }
       }
+      else if ((*src & 255) <= 0x20 || (*src & 255) >= 0x7f)
+      {
+        *ptr = '\0';
+        return (NULL);
+      }
       else
        *ptr++ = *src;
     }

diff --git a/cups/testhttp.c b/cups/testhttp.c
index 5b3cb28045e8e946677a83c192938b4292a5df83..b4236e17f3064dc13fd93ab86f4c3dee9484caf8 100644 (file)
--- a/cups/testhttp.c
+++ b/cups/testhttp.c
@@ -131,6 +131,8 @@ static uri_test_t   uri_tests[] =   /* URI test data */
                            "http", "", "", "", 80, 0 },
                          { HTTP_URI_STATUS_BAD_HOSTNAME, "http://serve%7/index.html",
                            "http", "", "", "", 80, 0 },
+                         { HTTP_URI_STATUS_BAD_HOSTNAME, "http://server with spaces/index.html",
+                           "http", "", "", "", 80, 0 },
 
                          /* Bad port number */
                          { HTTP_URI_STATUS_BAD_PORT, "http://127.0.0.1:9999a/index.html",
@@ -138,6 +140,8 @@ static uri_test_t   uri_tests[] =   /* URI test data */
 
                          /* Bad resource */
                          { HTTP_URI_STATUS_BAD_RESOURCE, "http://server/index.html%",
+                           "http", "", "server", "", 80, 0 },
+                         { HTTP_URI_STATUS_BAD_RESOURCE, "http://server/index with spaces.html",
                            "http", "", "server", "", 80, 0 }
                        };
 static const char * const base64_tests[][2] =

diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 09295e4bc4c5ccc6ad0c1aa08057c605744845ae..60232325f53dc25a339baa08549b4a9098579f9b 100644 (file)
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -2411,6 +2411,21 @@ add_printer(cupsd_client_t  *con,        /* I - Client connection */
     http_uri_status_t  uri_status;     /* URI separation status */
     char               old_device_uri[1024];
                                        /* Old device URI */
+    static const char * const uri_status_strings[] =
+    {
+      "URI too large.",
+      "Bad arguments to function.",
+      "Bad resource path.",
+      "Bad port number.",
+      "Bad hostname/address.",
+      "Bad username/password.",
+      "Bad URI scheme.",
+      "Bad URI.",
+      "OK",
+      "Missing URI scheme.",
+      "Unknown URI scheme",
+      "Missing resource path."
+    };
 
 
     need_restart_job = 1;
@@ -2422,12 +2437,14 @@ add_printer(cupsd_client_t  *con,       /* I - Client connection */
                                 host, sizeof(host), &port,
                                 resource, sizeof(resource));
 
+    cupsdLogMessage(CUPSD_LOG_DEBUG,
+                   "%s device-uri: %s", printer->name,
+                   uri_status_strings[uri_status - HTTP_URI_STATUS_OVERFLOW]);
+
     if (uri_status < HTTP_URI_OK)
     {
       send_ipp_status(con, IPP_NOT_POSSIBLE, _("Bad device-uri \"%s\"."),
                      attr->values[0].string.text);
-      cupsdLogMessage(CUPSD_LOG_DEBUG,
-                      "add_printer: httpSeparateURI returned %d", uri_status);
       return;
     }