From 2325d370726a438b39d0c7edb785bcaedf760086 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Sun, 11 Feb 2024 09:21:43 -0500
Subject: [PATCH] Return HTTP status 404 for non-existing classes and printers
 (Issue #423)

---
 CHANGES.md         |  2 ++
 scheduler/client.c | 24 +++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 21f362a4bc..64a6edef0d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,8 @@ Changes in CUPS v2.5b1 (TBA)
   handling (fixes CVE-2023-34241)
 - Fixed hanging of `lpstat` on Solaris (Issue #156)
 - Fixed Digest authentication support (Issue #260)
+- Fixed the web interface not showing an error for a non-existent printer
+  (Issue #423)
 - Fixed extensive looping in scheduler (Issue #604)
 - Fixed printing multiple files on specific printers (Issue #643)
 - Fixed printing of jobs with job name longer than 255 chars on older printers (Issue #644)
diff --git a/scheduler/client.c b/scheduler/client.c
index 534b60eef3..7d44744d72 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -1106,8 +1106,19 @@ cupsdReadClient(cupsd_client_t *con)	/* I - Client to read from */
 	      }
 	      else if (!strncmp(con->uri, "/classes", 8))
 	      {
+	        if (strlen(con->uri) > 9 && !cupsdFindClass(con->uri + 9))
+	        {
+		  if (!cupsdSendError(con, HTTP_STATUS_NOT_FOUND, CUPSD_AUTH_NONE))
+		  {
+		    cupsdCloseClient(con);
+		    return;
+		  }
+
+		  break;
+	        }
+
 		cupsdSetStringf(&con->command, "%s/cgi-bin/classes.cgi", ServerBin);
-                if (con->uri[8] && con->uri[9])
+		if (con->uri[8] && con->uri[9])
 		  cupsdSetString(&con->options, con->uri + 8);
 		else
 		  cupsdSetString(&con->options, NULL);
@@ -1122,6 +1133,17 @@ cupsdReadClient(cupsd_client_t *con)	/* I - Client to read from */
 	      }
               else if (!strncmp(con->uri, "/printers", 9))
 	      {
+	        if (strlen(con->uri) > 10 && !cupsdFindPrinter(con->uri + 10))
+	        {
+		  if (!cupsdSendError(con, HTTP_STATUS_NOT_FOUND, CUPSD_AUTH_NONE))
+		  {
+		    cupsdCloseClient(con);
+		    return;
+		  }
+
+		  break;
+	        }
+
 		cupsdSetStringf(&con->command, "%s/cgi-bin/printers.cgi", ServerBin);
                 if (con->uri[9] && con->uri[10])
 		  cupsdSetString(&con->options, con->uri + 9);
-- 
2.47.2