How to avoid buffer overflow in simple Assembly (nasm) application?

Asked

Viewed 361 times

1

I’m trying to avoid writing off the application due to the excess buffer, but I don’t know how. The application is simple: it shows a message that asks the user to type something, then takes this typed data and shows on the screen. However, when the user exceeds the established limit the overflow occurs.

Code:

section .data
    userMsg db 'Digite um número : '
    lenUserMsg equ $ - userMsg

    dispMsg db 'O número digitado foi : '
    lenDispMsg equ $ - dispMsg

section .bss
    num resb 5

section .text
    global main

main:
    ;User prompt
    mov edx, lenUserMsg
    mov ecx, userMsg
    mov ebx, 1
    mov eax, 4
    int 80h

    ;Lendo e guaradando os dados do usuário
    mov eax, 3
    mov ebx, 2
    mov ecx, num
    mov edx, 5
    ;5 bytes (1 para sinal) da informação
    int 80h

    ;Mostra a mensagem 'O número digitado foi: '
    mov eax, 4
    mov ebx, 1
    mov ecx, dispMsg
    mov edx, lenDispMsg
    int 80h

    ;Mostra o número digitado
    mov eax, 4
    mov ebx, 1
    mov ecx, num
    mov edx, 5
    int 80h

    ;Saindo
    mov eax, 1
    mov ebx, 0
    int 80h

Example of execution:

Everything is fine for the byte limit -- here I type 1234:

rafael@Gauss:~ $ ./entrada 
Digite um número: 1234
O número digitado foi: 1234

Here with buffer overflow, even running an operating system command -- in this example I type 12345ls to run ls (command to show files in linux) in overflow:

rafael@Gauss:~ $ ./entrada 
Digite um número: 12345ls
O número digitado foi: 12345rafael@Gauss:~ $ ls
entrada  entrada.asm  entrada.o

How do I -- in a simple way -- so that this does not occur and at the same time keep the byte limit ? This is possible?

assembly buffer-overflow

  • I understand there’s a security breach in this program.

1 answer

2


Your program is absolutely correct and the strange output you are seeing is in fact the expected output. Note:

rafael@Gauss:~ $ ./entrada 
Digite um número: 12345ls
O número digitado foi: 12345rafael@Gauss:~ $ ls
entrada  entrada.asm  entrada.o

First you run the program, then it writes "Digite um número: " and waits. You then write "12345ls\n" and tighten Enter. The program then reads 5 characters as programmed to do. Then the program obtains "12345" and leaves "ls\n" untouched.

Finally, the program writes: "O número digitado foi: 12345" and ends. Note that there is no line break at the end. Having finished the program your terminal goes ahead and writes "rafael@Gauss:~ $ ", then read the entry looking for commands, find "ls\n". A perfectly valid command with a Enter pressed at the end. The terminal will execute the generating command "entrada entrada.asm entrada.o".

That is, there is nothing wrong here, everything is happening as it should be and your program is completely safe from buffer overflow. It has a 5-character buffer and always reads exactly 5 characters.

Try this command: echo 12345ls | ./entrada to give an entry only and exclusively to the program.

  • But buffer overflow wouldn’t that be? An input that should be for application, when it exceeds the write limit on the operating system? If you highlight this application is ok, how do I make it clear this buffer?

  • 1

    No. Buffer overflow is when the application does not limit what can be read and saved 10 characters in a 5-element array. That is: overwrite the memory of the application itself. There is nothing you should do in this case, what is occurring is perfectly normal. But if you want to just read loop characters and discard them until zero characters are read.

  • Thank you, I was a little more relaxed! I will give a deeper study later.

Browser other questions tagged assembly buffer-overflow

You are not signed in. Login or sign up in order to post.