New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Net::Telnet::Chunk is insecure #5
Comments
Alternatively, refactor the |
I'd really love to help here, but I don't know the first thing about Telnet. I have no idea what the acronyms above mean, why that's insecure, if there's a test for that already, if someone would have to write the test before... |
It's insecure because if a telnet server is badly written or malicious, it could try to send messages like the example I gave in the OP, which this currently doesn't handle properly. The acronyms represent different telnet commands, which can be found in RFC854. The grammar used to parse telnet messages is here. At the moment, it trusts that all negotiations/subnegotations will be sent exactly as specified in the spec, which may not always be the case. Like I mentioned earlier, adding an |
Thanks, that helps. I'll see if I can do something along the weekend.
|
@JJ any progress? |
Not really. I'll see if I can do something here.
El lun., 5 nov. 2018 a las 0:27, Ben Davies (<notifications@github.com>)
escribió:
… @JJ <https://github.com/JJ> any progress?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAB9OIIKg0eYuAzpr6uGNUCpCWQ2lW7ks5ur3fvgaJpZM4VyxKa>
.
--
JJ
|
Apart from
Net::Telnet::Chunk
not being very optimized, say a server sends a message like so:IAC WILL NAWS IAC SB 0 80 0 60 IAC IAC IAC IAC IAC IAC IAC IAC IAC IAC IAC IAC
.Net::Telnet::Chunk
will parse theIAC WILL NAWS
and add the rest of the message to the parser buffer. If the server keeps sending messages, two things can happen:Grammars probably aren't suitable for parsing Telnet messages for this reason.
Net::Connection.parse
should be refactored to use a more traditional method of parsing Telnet messages to prevent this from happening.The text was updated successfully, but these errors were encountered: