Edit: The name has been changed since @Gunner noted that this is not a buffer overflow.
When reading user input from stdin with NR_read in an Intel 64-bit assembly in Intel, I wonder how I can avoid that an input that does not fit in the input buffer is sent to the Linux shell, for example. bash? For example, in this example program, I defined an input buffer of 255 bytes (the buffer size can be any> = 1). The rest of the input longer than 255 bytes is sent to bash (if executed from bash), and this is obviously a serious vulnerability. How should data be read in a 64-bit Linux build to avoid this vulnerability?
Here is my code:
[bits 64] section .text global _start ; can be compiled eg. with nasm or yasm. ; nasm: ; nasm -f elf64 read_stdin_64.asm; ld read_stdin_64.o -o read_stdin_64 ; yasm: ; yasm -f elf64 -m amd64 read_stdin_64.asm -o read_stdin_64.o; ld read_stdin_64.o -o read_stdin_64 NR_read equ 0 NR_exit equ 60 STDIN equ 1 ; input: ; rax number of syscall ; rdi parameter 1 ; rsi parameter 2 ; rdx parameter 3 ; r10 parameter 4 ; r8 parameter 5 ; r9 parameter 6 ; ; output: ; rax syscall output @do_syscall: push rcx push r11 syscall ; 64-bit syscall, overwrites rcx and r11 pop r11 ; syscall return value in rax pop rcx ret @read_stdin: push rdi push rsi push rdx mov rdi,STDIN ; file handle to read. STDIN = 1. lea rsi,[input_buffer] mov rdx,input_buffer_length ; length of string mov rax,NR_read ; number of syscall (0) call @do_syscall sub rax,1 ; get the number of writable characters. pop rdx pop rsi pop rdi ret _start: ; linker entry point call @read_stdin @end_program: xor rdi,rdi mov rax,NR_exit ; number of syscall (60) syscall section .data input_buffer times 255 db 0 input_buffer_length equ $-input_buffer
source share