How to avoid buffer overflow in simple Assembly (nasm) application?

1

I'm wanting to avoid writing out of the application due to buffer overflow, but I do not know how. The application is simple: it shows a message that prompts the user to type something, then takes that typed data and shows it on the screen. However, when the user exceeds the established limit, the overflow occurs.

Code:

section .data
    userMsg db 'Digite um número : '
    lenUserMsg equ $ - userMsg

    dispMsg db 'O número digitado foi : '
    lenDispMsg equ $ - dispMsg

section .bss
    num resb 5

section .text
    global main

main:
    ;User prompt
    mov edx, lenUserMsg
    mov ecx, userMsg
    mov ebx, 1
    mov eax, 4
    int 80h

    ;Lendo e guaradando os dados do usuário
    mov eax, 3
    mov ebx, 2
    mov ecx, num
    mov edx, 5
    ;5 bytes (1 para sinal) da informação
    int 80h

    ;Mostra a mensagem 'O número digitado foi: '
    mov eax, 4
    mov ebx, 1
    mov ecx, dispMsg
    mov edx, lenDispMsg
    int 80h

    ;Mostra o número digitado
    mov eax, 4
    mov ebx, 1
    mov ecx, num
    mov edx, 5
    int 80h

    ;Saindo
    mov eax, 1
    mov ebx, 0
    int 80h

Example run:

Everything works fine for the byte limit - here I type 1234:

[email protected]:~ $ ./entrada 
Digite um número: 1234
O número digitado foi: 1234

Here with buffer overflow, including running an operating system command - in this example I type 12345ls to run ls (command to show files in linux) in overflow:

[email protected]:~ $ ./entrada 
Digite um número: 12345ls
O número digitado foi: [email protected]:~ $ ls
entrada  entrada.asm  entrada.o

How do I - in a simple way - so that this does not happen and at the same time maintain the byte limit? Is this possible?

    
asked by anonymous 05.02.2015 / 15:28

1 answer

2

Your program is absolutely correct and the strange output you are seeing is in fact the expected output. Note:

[email protected]:~ $ ./entrada 
Digite um número: 12345ls
O número digitado foi: [email protected]:~ $ ls
entrada  entrada.asm  entrada.o

First you run the program, it then writes "Digite um número: " and waits. You then type "12345ls\n" and press Enter . The program then reads 5 characters as it was programmed to do. Then the program gets "12345" and leaves "ls\n" untouched.

Finally, the program writes: "O número digitado foi: 12345" and ends. Notice that there is no line break at the end. Having finished the program your terminal goes on and writes "[email protected]:~ $ " , then reads the entry looking for commands, finds "ls\n" . A perfectly valid command with a Enter pressed at the end. The terminal will execute the command generating "entrada entrada.asm entrada.o" .

That is, nothing is wrong here, everything is happening as it should, and your program is completely secure against buffer overflow. It has a 5 character buffer and always reads exactly 5 characters.

Try this command: echo 12345ls | ./entrada to give an entry only and exclusively for the program.

    
05.02.2015 / 16:29