Assembly stdin
Hi guys,something interesting
so here is a basic NASM program that I wrote that will ask a user for his name and print it,
but something strange happens when I type "Adam Stephen Johnson the third" the program executes and prints "Adam Stephen Johnson" and then after the rest of the buffer in stdin gets printed to the terminal this will be " the third", and of course it says command "the" was not found,
so.. what is happening here? obviously I'm writing past a buffer of 20 bytes, is this a buffer overflow? and if it is could you enter shellcode after "Adam Stephen Johnson" and get lets say a calculator to run?
so here is a basic NASM program that I wrote that will ask a user for his name and print it,
but something strange happens when I type "Adam Stephen Johnson the third" the program executes and prints "Adam Stephen Johnson" and then after the rest of the buffer in stdin gets printed to the terminal this will be " the third", and of course it says command "the" was not found,
so.. what is happening here? obviously I'm writing past a buffer of 20 bytes, is this a buffer overflow? and if it is could you enter shellcode after "Adam Stephen Johnson" and get lets say a calculator to run?
|
|
Last edited on
> obviously I'm writing past a buffer of 20 bytes, is this a buffer overflow?
No and no.
It's not going to write more than 20 bytes to your buffer.
The mistake here is that your buffer is not going to be \0 terminated, so your 'strlen' in your print loop is broken. IIRC, this particular syscall will return the number of bytes actually read, and you should use this return result to add a \0 in the right place.
But in itself, it isn't going to be scribbling "the third" over the memory past the end of the buffer.
As for "the third", those bytes are just left on the input stream, and will get delivered to whatever the parent process (eg, your command line interpreter) is.
No and no.
|
|
It's not going to write more than 20 bytes to your buffer.
The mistake here is that your buffer is not going to be \0 terminated, so your 'strlen' in your print loop is broken. IIRC, this particular syscall will return the number of bytes actually read, and you should use this return result to add a \0 in the right place.
But in itself, it isn't going to be scribbling "the third" over the memory past the end of the buffer.
As for "the third", those bytes are just left on the input stream, and will get delivered to whatever the parent process (eg, your command line interpreter) is.
You claim that you'll take a max of 20 characters but then you give it more than that, so there's still shit in the buffer. You'll want a loop that goes through all the characters in the buffer until it reaches the end if you want to clear the buffer.
What happens when you leave a program in a state like this depends on the version of assembly, your terminal, etc.. It simply seems like the buffer gets flushed out into the terminal after the terminal thinks the program has ended.
What happens when you leave a program in a state like this depends on the version of assembly, your terminal, etc.. It simply seems like the buffer gets flushed out into the terminal after the terminal thinks the program has ended.
Last edited on
Topic archived. No new replies allowed.