From c0cfa04a6601fbabd465a6c3a16a8af997706462 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Mon, 19 Aug 2024 16:42:40 -0700
Subject: [PATCH] Do not allow empty host names, as they are not allowed by RFC
 3986

Pointed out by John Hawthorn.

Fixes [Bug #20686]
---
 lib/uri/http.rb          | 12 ++++++++++++
 test/uri/test_generic.rb |  6 ++++--
 test/uri/test_http.rb    |  4 ++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/uri/http.rb b/lib/uri/http.rb
index 900b132..3c41cd4 100644
--- a/lib/uri/http.rb
+++ b/lib/uri/http.rb
@@ -61,6 +61,18 @@ def self.build(args)
       super(tmp)
     end
 
+    # Do not allow empty host names, as they are not allowed by RFC 3986.
+    def check_host(v)
+      ret = super
+
+      if ret && v.empty?
+        raise InvalidComponentError,
+          "bad component(expected host component): #{v}"
+      end
+
+      ret
+    end
+
     #
     # == Description
     #
diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb
index 8209363..ccea6cd 100644
--- a/test/uri/test_generic.rb
+++ b/test/uri/test_generic.rb
@@ -828,8 +828,10 @@ def test_ipv6
     assert_equal("http://[::1]/bar", u.to_s)
     u.hostname = "::1"
     assert_equal("http://[::1]/bar", u.to_s)
-    u.hostname = ""
-    assert_equal("http:///bar", u.to_s)
+
+    u = URI("file://foo/bar")
+    u.hostname = ''
+    assert_equal("file:///bar", u.to_s)
   end
 
   def test_build
diff --git a/test/uri/test_http.rb b/test/uri/test_http.rb
index e937b1a..96625a3 100644
--- a/test/uri/test_http.rb
+++ b/test/uri/test_http.rb
@@ -19,6 +19,10 @@ def test_build
     assert_kind_of(URI::HTTP, u)
   end
 
+  def test_build_empty_host
+    assert_raise(URI::InvalidComponentError) { URI::HTTP.build(host: '') }
+  end
+
   def test_parse
     u = URI.parse('http://a')
     assert_kind_of(URI::HTTP, u)