Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(738)

Side by Side Diff: src/processor/exploitability_linux.cc

Issue 1291603002: Add check for executable stack/heap when rating Linux exploitability. (Closed) Base URL: http://google-breakpad.googlecode.com/svn/trunk/
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « src/processor/exploitability_linux.h ('k') | src/processor/exploitability_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 Google Inc. 1 // Copyright (c) 2013 Google Inc.
2 // All rights reserved. 2 // All rights reserved.
3 // 3 //
4 // Redistribution and use in source and binary forms, with or without 4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are 5 // modification, are permitted provided that the following conditions are
6 // met: 6 // met:
7 // 7 //
8 // * Redistributions of source code must retain the above copyright 8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer. 9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above 10 // * Redistributions in binary form must reproduce the above
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 } 117 }
118 118
119 // Getting the stack pointer. 119 // Getting the stack pointer.
120 if (!context->GetStackPointer(&stack_ptr)) { 120 if (!context->GetStackPointer(&stack_ptr)) {
121 BPLOG(INFO) << "Failed to retrieve stack pointer."; 121 BPLOG(INFO) << "Failed to retrieve stack pointer.";
122 return EXPLOITABILITY_ERR_PROCESSING; 122 return EXPLOITABILITY_ERR_PROCESSING;
123 } 123 }
124 124
125 // Checking for the instruction pointer in a valid instruction region. 125 // Checking for the instruction pointer in a valid instruction region.
126 if (!this->InstructionPointerInCode(instruction_ptr) || 126 if (!this->InstructionPointerInCode(instruction_ptr) ||
127 this->StackPointerOffStack(stack_ptr)) { 127 this->StackPointerOffStack(stack_ptr) ||
128 this->ExecutableStackOrHeap()) {
128 return EXPLOITABILITY_HIGH; 129 return EXPLOITABILITY_HIGH;
129 } 130 }
130 131
131 // There was no strong evidence suggesting exploitability, but the minidump 132 // There was no strong evidence suggesting exploitability, but the minidump
132 // does not appear totally benign either. 133 // does not appear totally benign either.
133 return EXPLOITABILITY_INTERESTING; 134 return EXPLOITABILITY_INTERESTING;
134 } 135 }
135 136
136 bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) { 137 bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) {
137 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); 138 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
138 // Inconclusive if there are no mappings available. 139 // Inconclusive if there are no mappings available.
139 if (!linux_maps_list) { 140 if (!linux_maps_list) {
140 return false; 141 return false;
141 } 142 }
142 const MinidumpLinuxMaps *linux_maps = 143 const MinidumpLinuxMaps *linux_maps =
143 linux_maps_list->GetLinuxMapsForAddress(stack_ptr); 144 linux_maps_list->GetLinuxMapsForAddress(stack_ptr);
144 // Checks if the stack pointer maps to a valid mapping and if the mapping 145 // Checks if the stack pointer maps to a valid mapping and if the mapping
145 // is not the stack. If the mapping has no name, it is inconclusive whether 146 // is not the stack. If the mapping has no name, it is inconclusive whether
146 // it is off the stack. 147 // it is off the stack.
147 return !linux_maps || 148 return !linux_maps ||
148 (linux_maps->GetPathname().compare("") && 149 (linux_maps->GetPathname().compare("") &&
149 linux_maps->GetPathname().compare("[stack]")); 150 linux_maps->GetPathname().compare("[stack]"));
150 } 151 }
151 152
153 bool ExploitabilityLinux::ExecutableStackOrHeap() {
154 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
155 if (linux_maps_list) {
156 for (size_t i = 0; i < linux_maps_list->get_maps_count(); i++) {
157 const MinidumpLinuxMaps *linux_maps =
158 linux_maps_list->GetLinuxMapsAtIndex(i);
159 // Check for executable stack or heap for each mapping.
160 if (linux_maps &&
161 (!linux_maps->GetPathname().compare("[stack]") ||
162 !linux_maps->GetPathname().compare("[heap]")) &&
163 linux_maps->IsExecutable()) {
164 return true;
165 }
166 }
167 }
168 return false;
169 }
170
152 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { 171 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
153 // Get Linux memory mapping from /proc/self/maps. Checking whether the 172 // Get Linux memory mapping from /proc/self/maps. Checking whether the
154 // region the instruction pointer is in has executable permission can tell 173 // region the instruction pointer is in has executable permission can tell
155 // whether it is in a valid code region. If there is no mapping for the 174 // whether it is in a valid code region. If there is no mapping for the
156 // instruction pointer, it is indicative that the instruction pointer is 175 // instruction pointer, it is indicative that the instruction pointer is
157 // not within a module, which implies that it is outside a valid area. 176 // not within a module, which implies that it is outside a valid area.
158 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); 177 MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
159 const MinidumpLinuxMaps *linux_maps = 178 const MinidumpLinuxMaps *linux_maps =
160 linux_maps_list ? 179 linux_maps_list ?
161 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL; 180 linux_maps_list->GetLinuxMapsForAddress(instruction_ptr) : NULL;
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: 217 case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
199 return true; 218 return true;
200 break; 219 break;
201 default: 220 default:
202 return false; 221 return false;
203 break; 222 break;
204 } 223 }
205 } 224 }
206 225
207 } // namespace google_breakpad 226 } // namespace google_breakpad
OLDNEW
« no previous file with comments | « src/processor/exploitability_linux.h ('k') | src/processor/exploitability_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698