Index: src/processor/exploitability_linux.cc |
=================================================================== |
--- src/processor/exploitability_linux.cc (revision 1481) |
+++ src/processor/exploitability_linux.cc (working copy) |
@@ -116,7 +116,8 @@ |
} |
// Checking for the instruction pointer in a valid instruction region. |
- if (!this->InstructionPointerInCode(instruction_ptr)) { |
+ if (!this->InstructionPointerInCode(instruction_ptr) || |
+ this->ExecutableStackOrHeap()) { |
return EXPLOITABILITY_HIGH; |
} |
@@ -125,6 +126,23 @@ |
return EXPLOITABILITY_INTERESTING; |
} |
+bool ExploitabilityLinux::ExecutableStackOrHeap() { |
+ MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList(); |
+ if (linux_maps_list) { |
+ for (size_t i = 0; i < linux_maps_list->mapping_count(); i++) { |
+ const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex(i); |
ivanpe
2015/08/12 00:26:23
Lines should not exceed 80 chars
liuandrew
2015/08/14 22:43:36
Done.
|
+ // Check for executable stack or heap for each mapping. |
+ if (linux_maps && |
+ (!linux_maps->GetPathname().compare("[stack]") || |
+ !linux_maps->GetPathname().compare("[heap]")) && |
+ linux_maps->IsExecutable()) { |
+ return true; |
+ } |
+ } |
+ } |
+ return false; |
ivanpe
2015/08/12 00:26:23
Please add a unittest for this method.
liuandrew
2015/08/14 22:43:36
Done.
|
+} |
+ |
bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { |
// Get Linux memory mapping from /proc/self/maps. Checking whether the |
// region the instruction pointer is in has executable permission can tell |