Giter Site home page Giter Site logo

Comments (6)

JJ avatar JJ commented on July 20, 2024 1

from p6-net-telnet.

Kaiepi avatar Kaiepi commented on July 20, 2024

Alternatively, refactor the Net::Telnet::Chunk grammar to throw an error if it encounters a scenario like this. Catch x number of times in the parse method and close the connection once the number of errors thrown in a row exceeds x. The method I mentioned in the OP requires much more refactoring, but if you wish to follow that instead, follow how curl handles parsing telnet messages.

from p6-net-telnet.

JJ avatar JJ commented on July 20, 2024

I'd really love to help here, but I don't know the first thing about Telnet. I have no idea what the acronyms above mean, why that's insecure, if there's a test for that already, if someone would have to write the test before...
Could you maybe please clarify, with pointers to the code if that's convenient for you? Catching repeated elements in a list shouldn't be difficult, and writing a test for that, but I'm not sure if that's what you're needing.

from p6-net-telnet.

Kaiepi avatar Kaiepi commented on July 20, 2024

It's insecure because if a telnet server is badly written or malicious, it could try to send messages like the example I gave in the OP, which this currently doesn't handle properly. The acronyms represent different telnet commands, which can be found in RFC854. The grammar used to parse telnet messages is here. At the moment, it trusts that all negotiations/subnegotations will be sent exactly as specified in the spec, which may not always be the case. Like I mentioned earlier, adding an error method to the grammar to throw something like X::Net::Telnet::InvalidMessage if any of the tokens in the grammar fail to parse would help mitigate this.

from p6-net-telnet.

Kaiepi avatar Kaiepi commented on July 20, 2024

@JJ any progress?

from p6-net-telnet.

JJ avatar JJ commented on July 20, 2024

from p6-net-telnet.

Related Issues (17)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.