Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(992)

Side by Side Diff: src/processor/exploitability_unittest.cc

Issue 1273823004: Add check for Linux minidump ending on bad write for exploitability rating. (Closed) Base URL: http://google-breakpad.googlecode.com/svn/trunk/
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2010, Google Inc. 1 // Copyright (c) 2010, Google Inc.
2 // All rights reserved. 2 // All rights reserved.
3 // 3 //
4 // Redistribution and use in source and binary forms, with or without 4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are 5 // modification, are permitted provided that the following conditions are
6 // met: 6 // met:
7 // 7 //
8 // * Redistributions of source code must retain the above copyright 8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer. 9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above 10 // * Redistributions in binary form must reproduce the above
(...skipping 15 matching lines...) Expand all
26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 28 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
29 29
30 #include <stdlib.h> 30 #include <stdlib.h>
31 #include <unistd.h> 31 #include <unistd.h>
32 32
33 #include <string> 33 #include <string>
34 34
35 #include "breakpad_googletest_includes.h" 35 #include "breakpad_googletest_includes.h"
36 #include "common/scoped_ptr.h"
36 #include "common/using_std_string.h" 37 #include "common/using_std_string.h"
37 #include "google_breakpad/processor/basic_source_line_resolver.h" 38 #include "google_breakpad/processor/basic_source_line_resolver.h"
38 #include "google_breakpad/processor/minidump_processor.h" 39 #include "google_breakpad/processor/minidump_processor.h"
39 #include "google_breakpad/processor/process_state.h" 40 #include "google_breakpad/processor/process_state.h"
41 #include "processor/exploitability_linux.h"
40 #include "processor/simple_symbol_supplier.h" 42 #include "processor/simple_symbol_supplier.h"
41 43
44 #ifndef _WIN32
45 namespace google_breakpad {
46
47 class ExploitabilityLinuxTest : public ExploitabilityLinux {
48 public:
49 using ExploitabilityLinux::DisassembleBytes;
50 using ExploitabilityLinux::TokenizeObjdumpInstruction;
51 using ExploitabilityLinux::CalculateAddress;
52 };
53
54 class ExploitabilityLinuxTestMinidumpContext : public MinidumpContext {
55 public:
56 explicit ExploitabilityLinuxTestMinidumpContext(const MDRawContextAMD64&
57 context)
58 : MinidumpContext(NULL) {
59 valid_ = true;
60 SetContextAMD64(new MDRawContextAMD64(context));
61 SetContextFlags(MD_CONTEXT_AMD64);
62 }
63 };
64
65 } // namespace google_breakpad
66 #endif // _WIN32
67
42 namespace { 68 namespace {
43 69
44 using google_breakpad::BasicSourceLineResolver; 70 using google_breakpad::BasicSourceLineResolver;
71 #ifndef _WIN32
72 using google_breakpad::ExploitabilityLinuxTest;
73 using google_breakpad::ExploitabilityLinuxTestMinidumpContext;
74 #endif // _WIN32
45 using google_breakpad::MinidumpProcessor; 75 using google_breakpad::MinidumpProcessor;
46 using google_breakpad::ProcessState; 76 using google_breakpad::ProcessState;
77 using google_breakpad::scoped_ptr;
47 using google_breakpad::SimpleSymbolSupplier; 78 using google_breakpad::SimpleSymbolSupplier;
48 79
49 string TestDataDir() { 80 string TestDataDir() {
50 return string(getenv("srcdir") ? getenv("srcdir") : ".") + 81 return string(getenv("srcdir") ? getenv("srcdir") : ".") +
51 "/src/processor/testdata"; 82 "/src/processor/testdata";
52 } 83 }
53 84
54 // Find the given dump file in <srcdir>/src/processor/testdata, process it, 85 // Find the given dump file in <srcdir>/src/processor/testdata, process it,
55 // and get the exploitability rating. Returns EXPLOITABILITY_ERR_PROCESSING 86 // and get the exploitability rating. Returns EXPLOITABILITY_ERR_PROCESSING
56 // if the crash dump can't be processed. 87 // if the crash dump can't be processed.
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
92 ExploitabilityFor("null_read_av.dmp")); 123 ExploitabilityFor("null_read_av.dmp"));
93 ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE, 124 ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
94 ExploitabilityFor("null_write_av.dmp")); 125 ExploitabilityFor("null_write_av.dmp"));
95 ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE, 126 ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
96 ExploitabilityFor("stack_exhaustion.dmp")); 127 ExploitabilityFor("stack_exhaustion.dmp"));
97 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, 128 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
98 ExploitabilityFor("exec_av_on_stack.dmp")); 129 ExploitabilityFor("exec_av_on_stack.dmp"));
99 ASSERT_EQ(google_breakpad::EXPLOITABILITY_MEDIUM, 130 ASSERT_EQ(google_breakpad::EXPLOITABILITY_MEDIUM,
100 ExploitabilityFor("write_av_non_null.dmp")); 131 ExploitabilityFor("write_av_non_null.dmp"));
101 ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW, 132 ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
102 ExploitabilityFor("read_av_non_null.dmp"));
103 ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
104 ExploitabilityFor("read_av_clobber_write.dmp")); 133 ExploitabilityFor("read_av_clobber_write.dmp"));
105 ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW, 134 ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
106 ExploitabilityFor("read_av_conditional.dmp")); 135 ExploitabilityFor("read_av_conditional.dmp"));
107 } 136 }
108 137
109 TEST(ExploitabilityTest, TestLinuxEngine) { 138 TEST(ExploitabilityTest, TestLinuxEngine) {
110 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, 139 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
111 ExploitabilityFor("linux_null_read_av.dmp")); 140 ExploitabilityFor("linux_null_read_av.dmp"));
112 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, 141 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
113 ExploitabilityFor("linux_overflow.dmp")); 142 ExploitabilityFor("linux_overflow.dmp"));
(...skipping 14 matching lines...) Expand all
128 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, 157 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
129 ExploitabilityFor("linux_inside_module_exe_region2.dmp")); 158 ExploitabilityFor("linux_inside_module_exe_region2.dmp"));
130 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, 159 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
131 ExploitabilityFor("linux_stack_pointer_in_stack.dmp")); 160 ExploitabilityFor("linux_stack_pointer_in_stack.dmp"));
132 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, 161 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
133 ExploitabilityFor("linux_stack_pointer_in_module.dmp")); 162 ExploitabilityFor("linux_stack_pointer_in_module.dmp"));
134 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, 163 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
135 ExploitabilityFor("linux_executable_stack.dmp")); 164 ExploitabilityFor("linux_executable_stack.dmp"));
136 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, 165 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
137 ExploitabilityFor("linux_executable_heap.dmp")); 166 ExploitabilityFor("linux_executable_heap.dmp"));
167 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
168 ExploitabilityFor("linux_jmp_to_module_not_exe_region.dmp"));
169 #ifndef _WIN32
170 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
171 ExploitabilityFor("linux_write_to_nonwritable_module.dmp"));
172 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
173 ExploitabilityFor("linux_write_to_nonwritable_region_math.dmp"));
174 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
175 ExploitabilityFor("linux_write_to_outside_module.dmp"));
176 ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
177 ExploitabilityFor("linux_write_to_outside_module_via_math.dmp"));
178 #endif // _WIN32
179 ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
180 ExploitabilityFor("linux_write_to_under_4k.dmp"));
181 }
138 182
183 #ifndef _WIN32
184 TEST(ExploitabilityLinuxUtilsTest, DisassembleBytesTest) {
185 ASSERT_FALSE(ExploitabilityLinuxTest::DisassembleBytes("", NULL, 5, NULL));
186 uint8_t bytes[6] = {0xc7, 0x0, 0x5, 0x0, 0x0, 0x0};
187 char buffer[1024] = {0};
188 ASSERT_TRUE(ExploitabilityLinuxTest::DisassembleBytes("i386:x86-64",
189 bytes,
190 1024,
191 buffer));
192 regex_t regex;
193 regcomp(&regex, "0:", REG_EXTENDED | REG_NOSUB);
194 std::stringstream objdump_stream;
195 objdump_stream.str(string(buffer));
196 string line;
197 while (regexec(&regex, line.c_str(), 0, NULL, 0) &&
198 getline(objdump_stream, line)) {
199 }
200 ASSERT_EQ(line, " 0:\tc7 00 05 00 00 00 \tmov DWORD PTR [rax],0x5");
139 } 201 }
202
203 TEST(ExploitabilityLinuxUtilsTest, TokenizeObjdumpInstructionTest) {
204 ASSERT_FALSE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction("",
205 NULL,
206 NULL,
207 NULL));
208 string line = "0: c7 00 05 00 00 00 mov DWORD PTR [rax],0x5";
209 string operation = "";
210 string dest = "";
211 string src = "";
212 ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
213 &operation,
214 &dest,
215 &src));
216 ASSERT_EQ(operation, "mov");
217 ASSERT_EQ(dest, "[rax]");
218 ASSERT_EQ(src, "0x5");
219 line = "0: c3 ret";
220 ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
221 &operation,
222 &dest,
223 &src));
224 ASSERT_EQ(operation, "ret");
225 ASSERT_EQ(dest, "");
226 ASSERT_EQ(src, "");
227 line = "0: 5f pop rdi";
228 ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
229 &operation,
230 &dest,
231 &src));
232 ASSERT_EQ(operation, "pop");
233 ASSERT_EQ(dest, "rdi");
234 ASSERT_EQ(src, "");
140 } 235 }
236
237 TEST(ExploitabilityLinuxUtilsTest, CalculateAddressTest) {
238 MDRawContextAMD64 raw_context;
239 raw_context.rdx = 12345;
240 ExploitabilityLinuxTestMinidumpContext context(raw_context);
241 ASSERT_EQ(context.GetContextAMD64()->rdx, 12345);
242 ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("", context, NULL));
243 uint64_t write_address = 0;
244 ASSERT_TRUE(ExploitabilityLinuxTest::CalculateAddress("rdx-0x4D2",
245 context,
246 &write_address));
247 ASSERT_EQ(write_address, 11111);
248 ASSERT_TRUE(ExploitabilityLinuxTest::CalculateAddress("rdx+0x4D2",
249 context,
250 &write_address));
251 ASSERT_EQ(write_address, 13579);
252 ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("rdx+rax",
253 context,
254 &write_address));
255 ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("0x3482+0x4D2",
256 context,
257 &write_address));
258 }
259 #endif // _WIN32
260
261 } // namespace
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698