OLD | NEW |
1 // Copyright (c) 2013 Google Inc. | 1 // Copyright (c) 2013 Google Inc. |
2 // All rights reserved. | 2 // All rights reserved. |
3 // | 3 // |
4 // Redistribution and use in source and binary forms, with or without | 4 // Redistribution and use in source and binary forms, with or without |
5 // modification, are permitted provided that the following conditions are | 5 // modification, are permitted provided that the following conditions are |
6 // met: | 6 // met: |
7 // | 7 // |
8 // * Redistributions of source code must retain the above copyright | 8 // * Redistributions of source code must retain the above copyright |
9 // notice, this list of conditions and the following disclaimer. | 9 // notice, this list of conditions and the following disclaimer. |
10 // * Redistributions in binary form must reproduce the above | 10 // * Redistributions in binary form must reproduce the above |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
95 } | 95 } |
96 | 96 |
97 // Checking for benign exceptions that caused the crash. | 97 // Checking for benign exceptions that caused the crash. |
98 if (this->BenignCrashTrigger(raw_exception_stream)) { | 98 if (this->BenignCrashTrigger(raw_exception_stream)) { |
99 return EXPLOITABILITY_NONE; | 99 return EXPLOITABILITY_NONE; |
100 } | 100 } |
101 | 101 |
102 // Check if the instruction pointer is in a valid instruction region | 102 // Check if the instruction pointer is in a valid instruction region |
103 // by finding if it maps to an executable part of memory. | 103 // by finding if it maps to an executable part of memory. |
104 uint64_t instruction_ptr = 0; | 104 uint64_t instruction_ptr = 0; |
| 105 uint64_t stack_ptr = 0; |
105 | 106 |
106 const MinidumpContext *context = exception->GetContext(); | 107 const MinidumpContext *context = exception->GetContext(); |
107 if (context == NULL) { | 108 if (context == NULL) { |
108 BPLOG(INFO) << "No exception context."; | 109 BPLOG(INFO) << "No exception context."; |
109 return EXPLOITABILITY_ERR_PROCESSING; | 110 return EXPLOITABILITY_ERR_PROCESSING; |
110 } | 111 } |
111 | 112 |
112 // Getting the instruction pointer. | 113 // Getting the instruction pointer. |
113 if (!context->GetInstructionPointer(&instruction_ptr)) { | 114 if (!context->GetInstructionPointer(&instruction_ptr)) { |
114 BPLOG(INFO) << "Failed to retrieve instruction pointer."; | 115 BPLOG(INFO) << "Failed to retrieve instruction pointer."; |
115 return EXPLOITABILITY_ERR_PROCESSING; | 116 return EXPLOITABILITY_ERR_PROCESSING; |
116 } | 117 } |
117 | 118 |
| 119 // Getting the stack pointer. |
| 120 if (!context->GetStackPointer(&stack_ptr)) { |
| 121 BPLOG(INFO) << "Failed to retrieve stack pointer."; |
| 122 return EXPLOITABILITY_ERR_PROCESSING; |
| 123 } |
| 124 |
118 // Checking for the instruction pointer in a valid instruction region. | 125 // Checking for the instruction pointer in a valid instruction region. |
119 if (!this->InstructionPointerInCode(instruction_ptr)) { | 126 if (!this->InstructionPointerInCode(instruction_ptr) || |
| 127 this->StackPointerOffStack(stack_ptr)) { |
120 return EXPLOITABILITY_HIGH; | 128 return EXPLOITABILITY_HIGH; |
121 } | 129 } |
122 | 130 |
123 // There was no strong evidence suggesting exploitability, but the minidump | 131 // There was no strong evidence suggesting exploitability, but the minidump |
124 // does not appear totally benign either. | 132 // does not appear totally benign either. |
125 return EXPLOITABILITY_INTERESTING; | 133 return EXPLOITABILITY_INTERESTING; |
126 } | 134 } |
127 | 135 |
| 136 bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) { |
| 137 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
| 138 // Inconclusive if there are no mappings available. |
| 139 if (!linux_maps_list) { |
| 140 return false; |
| 141 } |
| 142 const MinidumpLinuxMaps *linux_maps = |
| 143 linux_maps_list->GetLinuxMapsForAddress(stack_ptr); |
| 144 // Checks if the stack pointer maps to a valid mapping and if the mapping |
| 145 // is not the stack. If the mapping has no name, it is inconclusive whether |
| 146 // it is off the stack. |
| 147 return !linux_maps || |
| 148 (linux_maps->GetPathname().compare("") && |
| 149 linux_maps->GetPathname().compare("[stack]")); |
| 150 } |
| 151 |
128 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { | 152 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
129 // Get Linux memory mapping from /proc/self/maps. Checking whether the | 153 // Get Linux memory mapping from /proc/self/maps. Checking whether the |
130 // region the instruction pointer is in has executable permission can tell | 154 // region the instruction pointer is in has executable permission can tell |
131 // whether it is in a valid code region. If there is no mapping for the | 155 // whether it is in a valid code region. If there is no mapping for the |
132 // instruction pointer, it is indicative that the instruction pointer is | 156 // instruction pointer, it is indicative that the instruction pointer is |
133 // not within a module, which implies that it is outside a valid area. | 157 // not within a module, which implies that it is outside a valid area. |
134 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); | 158 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
135 const MinidumpLinuxMaps *linux_maps = | 159 const MinidumpLinuxMaps *linux_maps = |
136 linux_maps_list ? | 160 linux_maps_list ? |
137 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; | 161 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
174 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: | 198 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: |
175 return true; | 199 return true; |
176 break; | 200 break; |
177 default: | 201 default: |
178 return false; | 202 return false; |
179 break; | 203 break; |
180 } | 204 } |
181 } | 205 } |
182 | 206 |
183 } // namespace google_breakpad | 207 } // namespace google_breakpad |
OLD | NEW |