You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Sebb (JIRA)" <ji...@apache.org> on 2017/02/28 21:22:45 UTC
[jira] [Resolved] (NET-618) System Information Leak in ftp parser
[ https://issues.apache.org/jira/browse/NET-618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebb resolved NET-618.
----------------------
Resolution: Fixed
Fix Version/s: 3.7
Thanks for the report - probably left-over debug
URL: http://svn.apache.org/viewvc?rev=1784819&view=rev
Log:
NET-618 System Information Leak in ftp parser
Modified:
commons/proper/net/trunk/src/changes/changes.xml
commons/proper/net/trunk/src/main/java/org/apache/commons/net/ftp/parser/MVSFTPEntryParser.java
> System Information Leak in ftp parser
> -------------------------------------
>
> Key: NET-618
> URL: https://issues.apache.org/jira/browse/NET-618
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.6
> Reporter: Donald Kwakkel
> Priority: Minor
> Fix For: 3.7
>
>
> Exception is printed to console in src/main/java/org/apache/commons/net/ftp/parser/MVSFTPEntryParser.java which can leak system information:
> {code}
> private boolean parseMemberList(FTPFile file, String entry) {
> if (matches(entry)) {
> file.setRawListing(entry);
> String name = group(1);
> String datestr = group(2) + " " + group(3);
> file.setName(name);
> file.setType(FTPFile.FILE_TYPE);
> try {
> file.setTimestamp(super.parseTimestamp(datestr));
> } catch (ParseException e) {
> e.printStackTrace();
> // just ignore parsing errors.
> // TODO check this is ok
> return false; // this is a parsing failure too.
> }
> return true;
> }
> return false;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)