You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Donald Kwakkel (JIRA)" <ji...@apache.org> on 2017/02/28 14:00:47 UTC
[jira] [Created] (NET-618) System Information Leak in ftp parser
Donald Kwakkel created NET-618:
----------------------------------
Summary: System Information Leak in ftp parser
Key: NET-618
URL: https://issues.apache.org/jira/browse/NET-618
Project: Commons Net
Issue Type: Bug
Components: FTP
Affects Versions: 3.6
Reporter: Donald Kwakkel
Priority: Minor
Exception is printed to console in src/main/java/org/apache/commons/net/ftp/parser/MVSFTPEntryParser.java which can leak system information:
{code}
private boolean parseMemberList(FTPFile file, String entry) {
if (matches(entry)) {
file.setRawListing(entry);
String name = group(1);
String datestr = group(2) + " " + group(3);
file.setName(name);
file.setType(FTPFile.FILE_TYPE);
try {
file.setTimestamp(super.parseTimestamp(datestr));
} catch (ParseException e) {
e.printStackTrace();
// just ignore parsing errors.
// TODO check this is ok
return false; // this is a parsing failure too.
}
return true;
}
return false;
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)