OLD | NEW |
1 // Copyright (c) 2013 Google Inc. | 1 // Copyright (c) 2013 Google Inc. |
2 // All rights reserved. | 2 // All rights reserved. |
3 // | 3 // |
4 // Redistribution and use in source and binary forms, with or without | 4 // Redistribution and use in source and binary forms, with or without |
5 // modification, are permitted provided that the following conditions are | 5 // modification, are permitted provided that the following conditions are |
6 // met: | 6 // met: |
7 // | 7 // |
8 // * Redistributions of source code must retain the above copyright | 8 // * Redistributions of source code must retain the above copyright |
9 // notice, this list of conditions and the following disclaimer. | 9 // notice, this list of conditions and the following disclaimer. |
10 // * Redistributions in binary form must reproduce the above | 10 // * Redistributions in binary form must reproduce the above |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 } | 117 } |
118 | 118 |
119 // Getting the stack pointer. | 119 // Getting the stack pointer. |
120 if (!context->GetStackPointer(&stack_ptr)) { | 120 if (!context->GetStackPointer(&stack_ptr)) { |
121 BPLOG(INFO) << "Failed to retrieve stack pointer."; | 121 BPLOG(INFO) << "Failed to retrieve stack pointer."; |
122 return EXPLOITABILITY_ERR_PROCESSING; | 122 return EXPLOITABILITY_ERR_PROCESSING; |
123 } | 123 } |
124 | 124 |
125 // Checking for the instruction pointer in a valid instruction region. | 125 // Checking for the instruction pointer in a valid instruction region. |
126 if (!this->InstructionPointerInCode(instruction_ptr) || | 126 if (!this->InstructionPointerInCode(instruction_ptr) || |
127 this->StackPointerOffStack(stack_ptr)) { | 127 this->StackPointerOffStack(stack_ptr) || |
| 128 this->ExecutableStackOrHeap()) { |
128 return EXPLOITABILITY_HIGH; | 129 return EXPLOITABILITY_HIGH; |
129 } | 130 } |
130 | 131 |
131 // There was no strong evidence suggesting exploitability, but the minidump | 132 // There was no strong evidence suggesting exploitability, but the minidump |
132 // does not appear totally benign either. | 133 // does not appear totally benign either. |
133 return EXPLOITABILITY_INTERESTING; | 134 return EXPLOITABILITY_INTERESTING; |
134 } | 135 } |
135 | 136 |
136 bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) { | 137 bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) { |
137 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); | 138 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
138 // Inconclusive if there are no mappings available. | 139 // Inconclusive if there are no mappings available. |
139 if (!linux_maps_list) { | 140 if (!linux_maps_list) { |
140 return false; | 141 return false; |
141 } | 142 } |
142 const MinidumpLinuxMaps *linux_maps = | 143 const MinidumpLinuxMaps *linux_maps = |
143 linux_maps_list->GetLinuxMapsForAddress(stack_ptr); | 144 linux_maps_list->GetLinuxMapsForAddress(stack_ptr); |
144 // Checks if the stack pointer maps to a valid mapping and if the mapping | 145 // Checks if the stack pointer maps to a valid mapping and if the mapping |
145 // is not the stack. If the mapping has no name, it is inconclusive whether | 146 // is not the stack. If the mapping has no name, it is inconclusive whether |
146 // it is off the stack. | 147 // it is off the stack. |
147 return !linux_maps || | 148 return !linux_maps || |
148 (linux_maps->GetPathname().compare("") && | 149 (linux_maps->GetPathname().compare("") && |
149 linux_maps->GetPathname().compare("[stack]")); | 150 linux_maps->GetPathname().compare("[stack]")); |
150 } | 151 } |
151 | 152 |
| 153 bool ExploitabilityLinux::ExecutableStackOrHeap() { |
| 154 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
| 155 if (linux_maps_list) { |
| 156 for (size_t i = 0; i < linux_maps_list->get_maps_count(); i++) { |
| 157 const MinidumpLinuxMaps *linux_maps = |
| 158 linux_maps_list->GetLinuxMapsAtIndex(i); |
| 159 // Check for executable stack or heap for each mapping. |
| 160 if (linux_maps && |
| 161 (!linux_maps->GetPathname().compare("[stack]") || |
| 162 !linux_maps->GetPathname().compare("[heap]")) && |
| 163 linux_maps->IsExecutable()) { |
| 164 return true; |
| 165 } |
| 166 } |
| 167 } |
| 168 return false; |
| 169 } |
| 170 |
152 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { | 171 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
153 // Get Linux memory mapping from /proc/self/maps. Checking whether the | 172 // Get Linux memory mapping from /proc/self/maps. Checking whether the |
154 // region the instruction pointer is in has executable permission can tell | 173 // region the instruction pointer is in has executable permission can tell |
155 // whether it is in a valid code region. If there is no mapping for the | 174 // whether it is in a valid code region. If there is no mapping for the |
156 // instruction pointer, it is indicative that the instruction pointer is | 175 // instruction pointer, it is indicative that the instruction pointer is |
157 // not within a module, which implies that it is outside a valid area. | 176 // not within a module, which implies that it is outside a valid area. |
158 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); | 177 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
159 const MinidumpLinuxMaps *linux_maps = | 178 const MinidumpLinuxMaps *linux_maps = |
160 linux_maps_list ? | 179 linux_maps_list ? |
161 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; | 180 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
198 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: | 217 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: |
199 return true; | 218 return true; |
200 break; | 219 break; |
201 default: | 220 default: |
202 return false; | 221 return false; |
203 break; | 222 break; |
204 } | 223 } |
205 } | 224 } |
206 | 225 |
207 } // namespace google_breakpad | 226 } // namespace google_breakpad |
OLD | NEW |