From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 14 May 2018 22:24:13 +0000 (-0700)
Subject: Add more URI validation for scheme.
X-Git-Tag: v2.3b5~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fdaf028e8bb1aed1cfd3c9c42e963982cdc2a87c;p=thirdparty%2Fcups.git

Add more URI validation for scheme.
---

diff --git a/cups/http-support.c b/cups/http-support.c
index ca8fc87a19..2535908431 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1,10 +1,11 @@
 /*
  * HTTP support routines for CUPS.
  *
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2018 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
  */
 
 /*
@@ -1026,7 +1027,7 @@ httpSeparateURI(
 
     *ptr = '\0';
 
-    if (*uri != ':')
+    if (*uri != ':' || *scheme == '.' || !*scheme)
     {
       *scheme = '\0';
       return (HTTP_URI_STATUS_BAD_SCHEME);
diff --git a/cups/testhttp.c b/cups/testhttp.c
index 8ef06589cd..90d36d4468 100644
--- a/cups/testhttp.c
+++ b/cups/testhttp.c
@@ -143,6 +143,9 @@ static uri_test_t	uri_tests[] =	/* URI test data */
 			    HTTP_URI_CODING_MOST  },
 
 			  /* Bad scheme */
+			  { HTTP_URI_STATUS_BAD_SCHEME, "://server/ipp",
+			    "", "", "", "", 0, 0,
+			    HTTP_URI_CODING_MOST  },
 			  { HTTP_URI_STATUS_BAD_SCHEME, "bad_scheme://server/resource",
 			    "", "", "", "", 0, 0,
 			    HTTP_URI_CODING_MOST  },