Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Unified Diff: src/processor/exploitability_linux.cc

Issue 1291603002: Add check for executable stack/heap when rating Linux exploitability. (Closed) Base URL: http://google-breakpad.googlecode.com/svn/trunk/
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: src/processor/exploitability_linux.cc
===================================================================
--- src/processor/exploitability_linux.cc (revision 1481)
+++ src/processor/exploitability_linux.cc (working copy)
@@ -116,7 +116,8 @@
}
// Checking for the instruction pointer in a valid instruction region.
- if (!this->InstructionPointerInCode(instruction_ptr)) {
+ if (!this->InstructionPointerInCode(instruction_ptr) ||
+ this->ExecutableStackOrHeap()) {
return EXPLOITABILITY_HIGH;
}
@@ -125,6 +126,23 @@
return EXPLOITABILITY_INTERESTING;
}
+bool ExploitabilityLinux::ExecutableStackOrHeap() {
+ MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
+ if (linux_maps_list) {
+ for (size_t i = 0; i < linux_maps_list->mapping_count(); i++) {
+ const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex(i);
ivanpe 2015/08/12 00:26:23 Lines should not exceed 80 chars
liuandrew 2015/08/14 22:43:36 Done.
+ // Check for executable stack or heap for each mapping.
+ if (linux_maps &&
+ (!linux_maps->GetPathname().compare("[stack]") ||
+ !linux_maps->GetPathname().compare("[heap]")) &&
+ linux_maps->IsExecutable()) {
+ return true;
+ }
+ }
+ }
+ return false;
ivanpe 2015/08/12 00:26:23 Please add a unittest for this method.
liuandrew 2015/08/14 22:43:36 Done.
+}
+
bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
// Get Linux memory mapping from /proc/self/maps. Checking whether the
// region the instruction pointer is in has executable permission can tell
« src/processor/exploitability_linux.h ('K') | « src/processor/exploitability_linux.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698