Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/processor/exploitability_linux.cc

Issue 1291603002: Add check for executable stack/heap when rating Linux exploitability. (Closed) Base URL: http://google-breakpad.googlecode.com/svn/trunk/
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« src/processor/exploitability_linux.h ('K') | « src/processor/exploitability_linux.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 Google Inc. 1 // Copyright (c) 2013 Google Inc.
2 // All rights reserved. 2 // All rights reserved.
3 // 3 //
4 // Redistribution and use in source and binary forms, with or without 4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are 5 // modification, are permitted provided that the following conditions are
6 // met: 6 // met:
7 // 7 //
8 // * Redistributions of source code must retain the above copyright 8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer. 9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above 10 // * Redistributions in binary form must reproduce the above
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
109 return EXPLOITABILITY_ERR_PROCESSING; 109 return EXPLOITABILITY_ERR_PROCESSING;
110 } 110 }
111 111
112 // Getting the instruction pointer. 112 // Getting the instruction pointer.
113 if (!context->GetInstructionPointer(&instruction_ptr)) { 113 if (!context->GetInstructionPointer(&instruction_ptr)) {
114 BPLOG(INFO) << "Failed to retrieve instruction pointer."; 114 BPLOG(INFO) << "Failed to retrieve instruction pointer.";
115 return EXPLOITABILITY_ERR_PROCESSING; 115 return EXPLOITABILITY_ERR_PROCESSING;
116 } 116 }
117 117
118 // Checking for the instruction pointer in a valid instruction region. 118 // Checking for the instruction pointer in a valid instruction region.
119 if (!this->InstructionPointerInCode(instruction_ptr)) { 119 if (!this->InstructionPointerInCode(instruction_ptr) ||
120 this->ExecutableStackOrHeap()) {
120 return EXPLOITABILITY_HIGH; 121 return EXPLOITABILITY_HIGH;
121 } 122 }
122 123
123 // There was no strong evidence suggesting exploitability, but the minidump 124 // There was no strong evidence suggesting exploitability, but the minidump
124 // does not appear totally benign either. 125 // does not appear totally benign either.
125 return EXPLOITABILITY_INTERESTING; 126 return EXPLOITABILITY_INTERESTING;
126 } 127 }
127 128
129 bool ExploitabilityLinux::ExecutableStackOrHeap() {
130 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
131 if (linux_maps_list) {
132 for (size_t i = 0; i < linux_maps_list->mapping_count(); i++) {
133 const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex (i);
ivanpe 2015/08/12 00:26:23 Lines should not exceed 80 chars
liuandrew 2015/08/14 22:43:36 Done.
134 // Check for executable stack or heap for each mapping.
135 if (linux_maps &&
136 (!linux_maps->GetPathname().compare("[stack]") ||
137 !linux_maps->GetPathname().compare("[heap]")) &&
138 linux_maps->IsExecutable()) {
139 return true;
140 }
141 }
142 }
143 return false;
ivanpe 2015/08/12 00:26:23 Please add a unittest for this method.
liuandrew 2015/08/14 22:43:36 Done.
144 }
145
128 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { 146 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
129 // Get Linux memory mapping from /proc/self/maps. Checking whether the 147 // Get Linux memory mapping from /proc/self/maps. Checking whether the
130 // region the instruction pointer is in has executable permission can tell 148 // region the instruction pointer is in has executable permission can tell
131 // whether it is in a valid code region. If there is no mapping for the 149 // whether it is in a valid code region. If there is no mapping for the
132 // instruction pointer, it is indicative that the instruction pointer is 150 // instruction pointer, it is indicative that the instruction pointer is
133 // not within a module, which implies that it is outside a valid area. 151 // not within a module, which implies that it is outside a valid area.
134 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); 152 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
135 const MinidumpLinuxMaps *linux_maps = 153 const MinidumpLinuxMaps *linux_maps =
136 linux_maps_list ? 154 linux_maps_list ?
137 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; 155 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL;
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: 192 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
175 return true; 193 return true;
176 break; 194 break;
177 default: 195 default:
178 return false; 196 return false;
179 break; 197 break;
180 } 198 }
181 } 199 }
182 200
183 } // namespace google_breakpad 201 } // namespace google_breakpad
OLDNEW
« src/processor/exploitability_linux.h ('K') | « src/processor/exploitability_linux.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698