commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Kwakkel (JIRA)" <j...@apache.org>
Subject [jira] [Created] (NET-618) System Information Leak in ftp parser
Date Tue, 28 Feb 2017 14:00:47 GMT
Donald Kwakkel created NET-618:
----------------------------------

             Summary: System Information Leak in ftp parser
                 Key: NET-618
                 URL: https://issues.apache.org/jira/browse/NET-618
             Project: Commons Net
          Issue Type: Bug
          Components: FTP
    Affects Versions: 3.6
            Reporter: Donald Kwakkel
            Priority: Minor


Exception is printed to console in src/main/java/org/apache/commons/net/ftp/parser/MVSFTPEntryParser.java
which can leak system information:
{code}
    private boolean parseMemberList(FTPFile file, String entry) {
        if (matches(entry)) {
            file.setRawListing(entry);
            String name = group(1);
            String datestr = group(2) + " " + group(3);
            file.setName(name);
            file.setType(FTPFile.FILE_TYPE);
            try {
                file.setTimestamp(super.parseTimestamp(datestr));
            } catch (ParseException e) {
                e.printStackTrace();
                // just ignore parsing errors.
                // TODO check this is ok
                return false; // this is a parsing failure too.
            }
            return true;
        }

        return false;
    }
{code}





--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message