A better telnet URL handler

After I wrote yesterday’s post, Philip reminded me of the dangers of not validating your inputs. Here is a better telnet/ssh handler which checks the URL passed to it.

Update 2010-08-27: don’t use this script either! See my next post for a better one.

This script only accepts telnet:// and ssh:// URLs, where the host is a valid domain name and the port is a valid port (including text aliases like “smtp” from /etc/services). It passes SSH port arguments correctly and tells Konsole to stay open after the session terminates.

You can download a more advanced form of this script here.

Tags: , ,

  1. Philip’s avatar

    I’m treating this as a game, so please don’t take this as anything but playful commentary.

    I think the script you posted still has one vulnerability: if $host is “-ntest”, and $port is “localhost”, the telnet case will overwrite the file “test” in the current directory, often the user’s home directory.

    so I’d check host and port for not starting with a “-“.

    Also, I think “:” is used in IPv6 IPs, which one might reasonably want to ssh to.

    I’d also suggest the reuse of $host is slightly confusing, and would suggest replacing the first instance with $authority (not a lovely term, but that’s what RFC3986 says).

    ($authority also includes the username, which might be good to add to ssh for those of us who didn’t get the entire internet to reserve our user name :) )

    Again, this is merely commentary, not criticism or a demand you fix your script right now. Definitely no offense intended.


    1. tyler’s avatar

      Oh, it’s game on. :)


    2. Sysgone’s avatar

      problem is when url are as: telnet://host:port/

      its remedium:
      # parse URL
      ($protocol,$host,$port) = ($ARGV[0] =~m|(.*)://([a-zA-Z0-9.-]*):([0-9]*)|);


      1. Tyler Wagner’s avatar

        Thanks for the feedback, but you should see the last post in this series.



Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">