From d8365b0607760d379311fbc5d5c3318e1c148446 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Tue, 24 Apr 2018 10:55:29 +0200
Subject: [PATCH] * src/ftp-ls.c (ftp_parse_unix_ls): Fix integer overflow in
 date parsing

---
 src/ftp-ls.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/ftp-ls.c b/src/ftp-ls.c
index 80533363..727f51a1 100644
--- a/src/ftp-ls.c
+++ b/src/ftp-ls.c
@@ -242,24 +242,25 @@ ftp_parse_unix_ls (FILE *fp, int ignore_perms)
               /* We must deal with digits.  */
               if (c_isdigit (*tok))
                 {
-                  /* Suppose it's year.  */
-                  for (; c_isdigit (*tok); tok++)
+                  /* Suppose it's year.  Limit to year 99999 to avoid integer overflow. */
+                  for (; c_isdigit (*tok) && year <= 99999; tok++)
                     year = (*tok - '0') + 10 * year;
                   if (*tok == ':')
                     {
+                      int n;
                       /* This means these were hours!  */
                       hour = year;
                       year = 0;
                       ptype = TT_HOUR_MIN;
                       ++tok;
                       /* Get the minutes...  */
-                      for (; c_isdigit (*tok); tok++)
+                      for (n = 0; c_isdigit (*tok) && n < 2; tok++, n++)
                         min = (*tok - '0') + 10 * min;
                       if (*tok == ':')
                         {
                           /* ...and the seconds.  */
                           ++tok;
-                          for (; c_isdigit (*tok); tok++)
+                          for (n = 0; c_isdigit (*tok) && n < 2; tok++, n++)
                             sec = (*tok - '0') + 10 * sec;
                         }
                     }