Add check for executable stack/heap when rating Linux exploitability.

src/processor/exploitability_linux.cc

Index: src/processor/exploitability_linux.cc
===================================================================
--- src/processor/exploitability_linux.cc	(revision 1481)
+++ src/processor/exploitability_linux.cc	(working copy)
@@ -116,7 +116,8 @@
   }
 
   // Checking for the instruction pointer in a valid instruction region.
-  if (!this->InstructionPointerInCode(instruction_ptr)) {
+  if (!this->InstructionPointerInCode(instruction_ptr) ||
+       this->ExecutableStackOrHeap()) {
     return EXPLOITABILITY_HIGH;
   }
 
@@ -125,6 +126,23 @@
   return EXPLOITABILITY_INTERESTING;
 }
 
+bool ExploitabilityLinux::ExecutableStackOrHeap() {
+  MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
+  if (linux_maps_list) {
+    for (size_t i = 0; i < linux_maps_list->mapping_count(); i++) {
+      const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex(i);

[ivanpe, 2015/08/12 00:26:23]

Lines should not exceed 80 chars

[liuandrew, 2015/08/14 22:43:36]

Done.

+      // Check for executable stack or heap for each mapping.
+      if (linux_maps &&
+          (!linux_maps->GetPathname().compare("[stack]") ||
+           !linux_maps->GetPathname().compare("[heap]")) &&
+          linux_maps->IsExecutable()) {
+        return true;
+      }
+    }
+  }
+  return false;

[ivanpe, 2015/08/12 00:26:23]

Please add a unittest for this method.

[liuandrew, 2015/08/14 22:43:36]

Done.

+}
+
 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
   // Get Linux memory mapping from /proc/self/maps. Checking whether the
   // region the instruction pointer is in has executable permission can tell