From fdaf028e8bb1aed1cfd3c9c42e963982cdc2a87c Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 14 May 2018 15:24:13 -0700
Subject: [PATCH] Add more URI validation for scheme.

---
 cups/http-support.c | 7 ++++---
 cups/testhttp.c     | 3 +++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/cups/http-support.c b/cups/http-support.c
index ca8fc87a19..2535908431 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1,10 +1,11 @@
 /*
  * HTTP support routines for CUPS.
  *
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2018 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
  */
 
 /*
@@ -1026,7 +1027,7 @@ httpSeparateURI(
 
     *ptr = '\0';
 
-    if (*uri != ':')
+    if (*uri != ':' || *scheme == '.' || !*scheme)
     {
       *scheme = '\0';
       return (HTTP_URI_STATUS_BAD_SCHEME);
diff --git a/cups/testhttp.c b/cups/testhttp.c
index 8ef06589cd..90d36d4468 100644
--- a/cups/testhttp.c
+++ b/cups/testhttp.c
@@ -143,6 +143,9 @@ static uri_test_t	uri_tests[] =	/* URI test data */
 			    HTTP_URI_CODING_MOST  },
 
 			  /* Bad scheme */
+			  { HTTP_URI_STATUS_BAD_SCHEME, "://server/ipp",
+			    "", "", "", "", 0, 0,
+			    HTTP_URI_CODING_MOST  },
 			  { HTTP_URI_STATUS_BAD_SCHEME, "bad_scheme://server/resource",
 			    "", "", "", "", 0, 0,
 			    HTTP_URI_CODING_MOST  },
-- 
2.47.2