A better telnet URL handler

After I wrote yesterday’s post, Philip reminded me of the dangers of not validating your inputs. Here is a better telnet/ssh handler which checks the URL passed to it.

Update 2010-08-27: don’t use this script either! See my next post for a better one.

This script only accepts telnet:// and ssh:// URLs, where the host is a valid domain name and the port is a valid port (including text aliases like “smtp” from /etc/services). It passes SSH port arguments correctly and tells Konsole to stay open after the session terminates.

You can download a more advanced form of this script here.

Tags: , ,

  1. Philip’s avatar

    I’m treating this as a game, so please don’t take this as anything but playful commentary.

    I think the script you posted still has one vulnerability: if $host is “-ntest”, and $port is “localhost”, the telnet case will overwrite the file “test” in the current directory, often the user’s home directory.

    so I’d check host and port for not starting with a “-“.

    Also, I think “:” is used in IPv6 IPs, which one might reasonably want to ssh to.

    I’d also suggest the reuse of $host is slightly confusing, and would suggest replacing the first instance with $authority (not a lovely term, but that’s what RFC3986 says).

    ($authority also includes the username, which might be good to add to ssh for those of us who didn’t get the entire internet to reserve our user name :) )

    Again, this is merely commentary, not criticism or a demand you fix your script right now. Definitely no offense intended.

    Reply

    1. tyler’s avatar

      Oh, it’s game on. :)

      Reply

    2. Sysgone’s avatar

      problem is when url are as: telnet://host:port/

      its remedium:
      # parse URL
      ($protocol,$host,$port) = ($ARGV[0] =~m|(.*)://([a-zA-Z0-9.-]*):([0-9]*)|);

      Reply

      1. Tyler Wagner’s avatar

        Thanks for the feedback, but you should see the last post in this series.

        Reply

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">