From 5beb5838ffda8a2b73ab439359a8358dc53d8de0 Mon Sep 17 00:00:00 2001
From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Date: Mon, 11 Mar 2013 18:37:27 +0000
Subject: [PATCH] httpSeparateURI() did not reject URIs containing raw spaces
 or other chars that are not allowed in a URI.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@10898 7a7537e8-13f0-0310-91df-b6672ffda945
---
 cups/http-support.c |  5 +++++
 cups/testhttp.c     |  4 ++++
 scheduler/ipp.c     | 21 +++++++++++++++++++--
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/cups/http-support.c b/cups/http-support.c
index e75881efbd..d57326f751 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1869,6 +1869,11 @@ http_copy_decode(char       *dst,	/* O - Destination buffer */
 	  return (NULL);
 	}
       }
+      else if ((*src & 255) <= 0x20 || (*src & 255) >= 0x7f)
+      {
+        *ptr = '\0';
+        return (NULL);
+      }
       else
 	*ptr++ = *src;
     }
diff --git a/cups/testhttp.c b/cups/testhttp.c
index 5b3cb28045..b4236e17f3 100644
--- a/cups/testhttp.c
+++ b/cups/testhttp.c
@@ -131,6 +131,8 @@ static uri_test_t	uri_tests[] =	/* URI test data */
 			    "http", "", "", "", 80, 0 },
 			  { HTTP_URI_STATUS_BAD_HOSTNAME, "http://serve%7/index.html",
 			    "http", "", "", "", 80, 0 },
+			  { HTTP_URI_STATUS_BAD_HOSTNAME, "http://server with spaces/index.html",
+			    "http", "", "", "", 80, 0 },
 
 			  /* Bad port number */
 			  { HTTP_URI_STATUS_BAD_PORT, "http://127.0.0.1:9999a/index.html",
@@ -138,6 +140,8 @@ static uri_test_t	uri_tests[] =	/* URI test data */
 
 			  /* Bad resource */
 			  { HTTP_URI_STATUS_BAD_RESOURCE, "http://server/index.html%",
+			    "http", "", "server", "", 80, 0 },
+			  { HTTP_URI_STATUS_BAD_RESOURCE, "http://server/index with spaces.html",
 			    "http", "", "server", "", 80, 0 }
 			};
 static const char * const base64_tests[][2] =
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 09295e4bc4..60232325f5 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -2411,6 +2411,21 @@ add_printer(cupsd_client_t  *con,	/* I - Client connection */
     http_uri_status_t	uri_status;	/* URI separation status */
     char		old_device_uri[1024];
 					/* Old device URI */
+    static const char * const uri_status_strings[] =
+    {
+      "URI too large.",
+      "Bad arguments to function.",
+      "Bad resource path.",
+      "Bad port number.",
+      "Bad hostname/address.",
+      "Bad username/password.",
+      "Bad URI scheme.",
+      "Bad URI.",
+      "OK",
+      "Missing URI scheme.",
+      "Unknown URI scheme",
+      "Missing resource path."
+    };
 
 
     need_restart_job = 1;
@@ -2422,12 +2437,14 @@ add_printer(cupsd_client_t  *con,	/* I - Client connection */
 				 host, sizeof(host), &port,
 				 resource, sizeof(resource));
 
+    cupsdLogMessage(CUPSD_LOG_DEBUG,
+		    "%s device-uri: %s", printer->name,
+		    uri_status_strings[uri_status - HTTP_URI_STATUS_OVERFLOW]);
+
     if (uri_status < HTTP_URI_OK)
     {
       send_ipp_status(con, IPP_NOT_POSSIBLE, _("Bad device-uri \"%s\"."),
 		      attr->values[0].string.text);
-      cupsdLogMessage(CUPSD_LOG_DEBUG,
-                      "add_printer: httpSeparateURI returned %d", uri_status);
       return;
     }
 
-- 
2.47.2