OLD | NEW |
---|---|
1 // Copyright (c) 2013 Google Inc. | 1 // Copyright (c) 2013 Google Inc. |
2 // All rights reserved. | 2 // All rights reserved. |
3 // | 3 // |
4 // Redistribution and use in source and binary forms, with or without | 4 // Redistribution and use in source and binary forms, with or without |
5 // modification, are permitted provided that the following conditions are | 5 // modification, are permitted provided that the following conditions are |
6 // met: | 6 // met: |
7 // | 7 // |
8 // * Redistributions of source code must retain the above copyright | 8 // * Redistributions of source code must retain the above copyright |
9 // notice, this list of conditions and the following disclaimer. | 9 // notice, this list of conditions and the following disclaimer. |
10 // * Redistributions in binary form must reproduce the above | 10 // * Redistributions in binary form must reproduce the above |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
109 return EXPLOITABILITY_ERR_PROCESSING; | 109 return EXPLOITABILITY_ERR_PROCESSING; |
110 } | 110 } |
111 | 111 |
112 // Getting the instruction pointer. | 112 // Getting the instruction pointer. |
113 if (!context->GetInstructionPointer(&instruction_ptr)) { | 113 if (!context->GetInstructionPointer(&instruction_ptr)) { |
114 BPLOG(INFO) << "Failed to retrieve instruction pointer."; | 114 BPLOG(INFO) << "Failed to retrieve instruction pointer."; |
115 return EXPLOITABILITY_ERR_PROCESSING; | 115 return EXPLOITABILITY_ERR_PROCESSING; |
116 } | 116 } |
117 | 117 |
118 // Checking for the instruction pointer in a valid instruction region. | 118 // Checking for the instruction pointer in a valid instruction region. |
119 if (!this->InstructionPointerInCode(instruction_ptr)) { | 119 if (!this->InstructionPointerInCode(instruction_ptr) || |
120 this->ExecutableStackOrHeap()) { | |
120 return EXPLOITABILITY_HIGH; | 121 return EXPLOITABILITY_HIGH; |
121 } | 122 } |
122 | 123 |
123 // There was no strong evidence suggesting exploitability, but the minidump | 124 // There was no strong evidence suggesting exploitability, but the minidump |
124 // does not appear totally benign either. | 125 // does not appear totally benign either. |
125 return EXPLOITABILITY_INTERESTING; | 126 return EXPLOITABILITY_INTERESTING; |
126 } | 127 } |
127 | 128 |
129 bool ExploitabilityLinux::ExecutableStackOrHeap() { | |
130 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); | |
131 if (linux_maps_list) { | |
132 for (size_t i = 0; i < linux_maps_list->mapping_count(); i++) { | |
133 const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex (i); | |
ivanpe
2015/08/12 00:26:23
Lines should not exceed 80 chars
liuandrew
2015/08/14 22:43:36
Done.
| |
134 // Check for executable stack or heap for each mapping. | |
135 if (linux_maps && | |
136 (!linux_maps->GetPathname().compare("[stack]") || | |
137 !linux_maps->GetPathname().compare("[heap]")) && | |
138 linux_maps->IsExecutable()) { | |
139 return true; | |
140 } | |
141 } | |
142 } | |
143 return false; | |
ivanpe
2015/08/12 00:26:23
Please add a unittest for this method.
liuandrew
2015/08/14 22:43:36
Done.
| |
144 } | |
145 | |
128 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { | 146 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
129 // Get Linux memory mapping from /proc/self/maps. Checking whether the | 147 // Get Linux memory mapping from /proc/self/maps. Checking whether the |
130 // region the instruction pointer is in has executable permission can tell | 148 // region the instruction pointer is in has executable permission can tell |
131 // whether it is in a valid code region. If there is no mapping for the | 149 // whether it is in a valid code region. If there is no mapping for the |
132 // instruction pointer, it is indicative that the instruction pointer is | 150 // instruction pointer, it is indicative that the instruction pointer is |
133 // not within a module, which implies that it is outside a valid area. | 151 // not within a module, which implies that it is outside a valid area. |
134 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); | 152 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
135 const MinidumpLinuxMaps *linux_maps = | 153 const MinidumpLinuxMaps *linux_maps = |
136 linux_maps_list ? | 154 linux_maps_list ? |
137 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; | 155 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
174 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: | 192 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: |
175 return true; | 193 return true; |
176 break; | 194 break; |
177 default: | 195 default: |
178 return false; | 196 return false; |
179 break; | 197 break; |
180 } | 198 } |
181 } | 199 } |
182 | 200 |
183 } // namespace google_breakpad | 201 } // namespace google_breakpad |
OLD | NEW |