Opened 5 years ago
Closed 5 years ago
#12166 closed Bug report (wontfix)
Integer Overflows when Processing Directory Listing
Reported by: | Bill | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | FileZilla Client |
Keywords: | Integer overflow | Cc: | |
Component version: | 3.47.2.1 | Operating system type: | Linux |
Operating system version: | Ubuntu 18.04.4 |
Description
There are integer overflows in enging/directorylistingparser.cpp and interface/remotelistview.cpp, when converting from the string received to int64_t. A number higher than the max of int64_t as the size returned in a directory listing will be improperly parsed and produce nonsensical results, such as a negative file size.
This happens on lines 220, 2644, and 2665 in directorylistingparser and 782 in remotelistview (not an exhaustive list).
Since this value is not used, other than displayed to the user, I do not think this can be exploited, nor crash the program.
Note:
See TracTickets
for help on using tickets.
We are aware of these overflows, they are harmless. Even if it results in displaying nonsensical sizes to the user, the server could just as well have sent other, non-overflowing but still nonsensical data to the client.