Donald Kwakkel created NET-618: ---------------------------------- Summary: System Information Leak in ftp parser Key: NET-618 URL: https://issues.apache.org/jira/browse/NET-618 Project: Commons Net Issue Type: Bug Components: FTP Affects Versions: 3.6 Reporter: Donald Kwakkel Priority: Minor
Exception is printed to console in src/main/java/org/apache/commons/net/ftp/parser/MVSFTPEntryParser.java which can leak system information: {code} private boolean parseMemberList(FTPFile file, String entry) { if (matches(entry)) { file.setRawListing(entry); String name = group(1); String datestr = group(2) + " " + group(3); file.setName(name); file.setType(FTPFile.FILE_TYPE); try { file.setTimestamp(super.parseTimestamp(datestr)); } catch (ParseException e) { e.printStackTrace(); // just ignore parsing errors. // TODO check this is ok return false; // this is a parsing failure too. } return true; } return false; } {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)