| Index: src/processor/exploitability_unittest.cc
|
| ===================================================================
|
| --- src/processor/exploitability_unittest.cc (revision 1491)
|
| +++ src/processor/exploitability_unittest.cc (working copy)
|
| @@ -33,17 +33,48 @@
|
| #include <string>
|
|
|
| #include "breakpad_googletest_includes.h"
|
| +#include "common/scoped_ptr.h"
|
| #include "common/using_std_string.h"
|
| #include "google_breakpad/processor/basic_source_line_resolver.h"
|
| #include "google_breakpad/processor/minidump_processor.h"
|
| #include "google_breakpad/processor/process_state.h"
|
| +#include "processor/exploitability_linux.h"
|
| #include "processor/simple_symbol_supplier.h"
|
|
|
| +#ifndef _WIN32
|
| +namespace google_breakpad {
|
| +
|
| +class ExploitabilityLinuxTest : public ExploitabilityLinux {
|
| + public:
|
| + using ExploitabilityLinux::DisassembleBytes;
|
| + using ExploitabilityLinux::TokenizeObjdumpInstruction;
|
| + using ExploitabilityLinux::CalculateAddress;
|
| +};
|
| +
|
| +class ExploitabilityLinuxTestMinidumpContext : public MinidumpContext {
|
| + public:
|
| + explicit ExploitabilityLinuxTestMinidumpContext(const MDRawContextAMD64&
|
| + context)
|
| + : MinidumpContext(NULL) {
|
| + valid_ = true;
|
| + SetContextAMD64(new MDRawContextAMD64(context));
|
| + SetContextFlags(MD_CONTEXT_AMD64);
|
| + }
|
| +};
|
| +
|
| +} // namespace google_breakpad
|
| +#endif // _WIN32
|
| +
|
| namespace {
|
|
|
| using google_breakpad::BasicSourceLineResolver;
|
| +#ifndef _WIN32
|
| +using google_breakpad::ExploitabilityLinuxTest;
|
| +using google_breakpad::ExploitabilityLinuxTestMinidumpContext;
|
| +#endif // _WIN32
|
| using google_breakpad::MinidumpProcessor;
|
| using google_breakpad::ProcessState;
|
| +using google_breakpad::scoped_ptr;
|
| using google_breakpad::SimpleSymbolSupplier;
|
|
|
| string TestDataDir() {
|
| @@ -99,8 +130,6 @@
|
| ASSERT_EQ(google_breakpad::EXPLOITABILITY_MEDIUM,
|
| ExploitabilityFor("write_av_non_null.dmp"));
|
| ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
|
| - ExploitabilityFor("read_av_non_null.dmp"));
|
| - ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
|
| ExploitabilityFor("read_av_clobber_write.dmp"));
|
| ASSERT_EQ(google_breakpad::EXPLOITABILITY_LOW,
|
| ExploitabilityFor("read_av_conditional.dmp"));
|
| @@ -135,6 +164,98 @@
|
| ExploitabilityFor("linux_executable_stack.dmp"));
|
| ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
| ExploitabilityFor("linux_executable_heap.dmp"));
|
| + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
| + ExploitabilityFor("linux_jmp_to_module_not_exe_region.dmp"));
|
| +#ifndef _WIN32
|
| + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
| + ExploitabilityFor("linux_write_to_nonwritable_module.dmp"));
|
| + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
| + ExploitabilityFor("linux_write_to_nonwritable_region_math.dmp"));
|
| + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
| + ExploitabilityFor("linux_write_to_outside_module.dmp"));
|
| + ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
|
| + ExploitabilityFor("linux_write_to_outside_module_via_math.dmp"));
|
| +#endif // _WIN32
|
| + ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
|
| + ExploitabilityFor("linux_write_to_under_4k.dmp"));
|
| +}
|
|
|
| +#ifndef _WIN32
|
| +TEST(ExploitabilityLinuxUtilsTest, DisassembleBytesTest) {
|
| + ASSERT_FALSE(ExploitabilityLinuxTest::DisassembleBytes("", NULL, 5, NULL));
|
| + uint8_t bytes[6] = {0xc7, 0x0, 0x5, 0x0, 0x0, 0x0};
|
| + char buffer[1024] = {0};
|
| + ASSERT_TRUE(ExploitabilityLinuxTest::DisassembleBytes("i386:x86-64",
|
| + bytes,
|
| + 1024,
|
| + buffer));
|
| + regex_t regex;
|
| + regcomp(®ex, "0:", REG_EXTENDED | REG_NOSUB);
|
| + std::stringstream objdump_stream;
|
| + objdump_stream.str(string(buffer));
|
| + string line;
|
| + while (regexec(®ex, line.c_str(), 0, NULL, 0) &&
|
| + getline(objdump_stream, line)) {
|
| + }
|
| + ASSERT_EQ(line, " 0:\tc7 00 05 00 00 00 \tmov DWORD PTR [rax],0x5");
|
| }
|
| +
|
| +TEST(ExploitabilityLinuxUtilsTest, TokenizeObjdumpInstructionTest) {
|
| + ASSERT_FALSE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction("",
|
| + NULL,
|
| + NULL,
|
| + NULL));
|
| + string line = "0: c7 00 05 00 00 00 mov DWORD PTR [rax],0x5";
|
| + string operation = "";
|
| + string dest = "";
|
| + string src = "";
|
| + ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
|
| + &operation,
|
| + &dest,
|
| + &src));
|
| + ASSERT_EQ(operation, "mov");
|
| + ASSERT_EQ(dest, "[rax]");
|
| + ASSERT_EQ(src, "0x5");
|
| + line = "0: c3 ret";
|
| + ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
|
| + &operation,
|
| + &dest,
|
| + &src));
|
| + ASSERT_EQ(operation, "ret");
|
| + ASSERT_EQ(dest, "");
|
| + ASSERT_EQ(src, "");
|
| + line = "0: 5f pop rdi";
|
| + ASSERT_TRUE(ExploitabilityLinuxTest::TokenizeObjdumpInstruction(line,
|
| + &operation,
|
| + &dest,
|
| + &src));
|
| + ASSERT_EQ(operation, "pop");
|
| + ASSERT_EQ(dest, "rdi");
|
| + ASSERT_EQ(src, "");
|
| }
|
| +
|
| +TEST(ExploitabilityLinuxUtilsTest, CalculateAddressTest) {
|
| + MDRawContextAMD64 raw_context;
|
| + raw_context.rdx = 12345;
|
| + ExploitabilityLinuxTestMinidumpContext context(raw_context);
|
| + ASSERT_EQ(context.GetContextAMD64()->rdx, 12345);
|
| + ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("", context, NULL));
|
| + uint64_t write_address = 0;
|
| + ASSERT_TRUE(ExploitabilityLinuxTest::CalculateAddress("rdx-0x4D2",
|
| + context,
|
| + &write_address));
|
| + ASSERT_EQ(write_address, 11111);
|
| + ASSERT_TRUE(ExploitabilityLinuxTest::CalculateAddress("rdx+0x4D2",
|
| + context,
|
| + &write_address));
|
| + ASSERT_EQ(write_address, 13579);
|
| + ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("rdx+rax",
|
| + context,
|
| + &write_address));
|
| + ASSERT_FALSE(ExploitabilityLinuxTest::CalculateAddress("0x3482+0x4D2",
|
| + context,
|
| + &write_address));
|
| +}
|
| +#endif // _WIN32
|
| +
|
| +} // namespace
|
|
|
Chromium Code Reviews
Issue 1273823004:
Add check for Linux minidump ending on bad write for exploitability rating. (Closed)
Base URL: http://google-breakpad.googlecode.com/svn/trunk/