diff options
author | Ben Scarlato <benscarlato@gmail.com> | 2016-08-28 17:11:42 -0700 |
---|---|---|
committer | Mike Frysinger <vapier@chromium.org> | 2016-08-29 18:39:01 +0000 |
commit | 968c3889223e6a6f948c4eb34a9376cfc1390811 (patch) | |
tree | f211b518df98e9b741b6966f0dcabf17db0056cf /src | |
parent | Fix breakpad compilation issue with clang on Windows (diff) | |
download | breakpad-968c3889223e6a6f948c4eb34a9376cfc1390811.tar.xz |
Updating ExploitabilityLinux to check memory mapping names against a prefix
instead of a specific name.
This will prevent false positives on systems which use a format such as
“[stack:69616]” for stack memory mapping names.
Change-Id: I51aeda2fe856c1f37f0d18ac06cce69fec2fffa2
Reviewed-on: https://chromium-review.googlesource.com/377086
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/processor/exploitability_linux.cc | 21 | ||||
-rw-r--r-- | src/processor/exploitability_unittest.cc | 2 | ||||
-rw-r--r-- | src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp | bin | 0 -> 38761 bytes |
3 files changed, 15 insertions, 8 deletions
diff --git a/src/processor/exploitability_linux.cc b/src/processor/exploitability_linux.cc index c520059c..63056c43 100644 --- a/src/processor/exploitability_linux.cc +++ b/src/processor/exploitability_linux.cc @@ -54,14 +54,18 @@ namespace { +// Prefixes for memory mapping names. +constexpr char kHeapPrefix[] = "[heap"; +constexpr char kStackPrefix[] = "[stack"; + // This function in libc is called if the program was compiled with // -fstack-protector and a function's stack canary changes. -const char kStackCheckFailureFunction[] = "__stack_chk_fail"; +constexpr char kStackCheckFailureFunction[] = "__stack_chk_fail"; // This function in libc is called if the program was compiled with // -D_FORTIFY_SOURCE=2, a function like strcpy() is called, and the runtime // can determine that the call would overflow the target buffer. -const char kBoundsCheckFailureFunction[] = "__chk_fail"; +constexpr char kBoundsCheckFailureFunction[] = "__chk_fail"; #ifndef _WIN32 const unsigned int MAX_INSTRUCTION_LEN = 15; @@ -539,9 +543,9 @@ bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) { // Checks if the stack pointer maps to a valid mapping and if the mapping // is not the stack. If the mapping has no name, it is inconclusive whether // it is off the stack. - return !linux_maps || - (linux_maps->GetPathname().compare("") && - linux_maps->GetPathname().compare("[stack]")); + return !linux_maps || (linux_maps->GetPathname().compare("") && + linux_maps->GetPathname().compare( + 0, strlen(kStackPrefix), kStackPrefix)); } bool ExploitabilityLinux::ExecutableStackOrHeap() { @@ -551,9 +555,10 @@ bool ExploitabilityLinux::ExecutableStackOrHeap() { const MinidumpLinuxMaps *linux_maps = linux_maps_list->GetLinuxMapsAtIndex(i); // Check for executable stack or heap for each mapping. - if (linux_maps && - (!linux_maps->GetPathname().compare("[stack]") || - !linux_maps->GetPathname().compare("[heap]")) && + if (linux_maps && (!linux_maps->GetPathname().compare( + 0, strlen(kStackPrefix), kStackPrefix) || + !linux_maps->GetPathname().compare( + 0, strlen(kHeapPrefix), kHeapPrefix)) && linux_maps->IsExecutable()) { return true; } diff --git a/src/processor/exploitability_unittest.cc b/src/processor/exploitability_unittest.cc index 502edcc7..528ee5f2 100644 --- a/src/processor/exploitability_unittest.cc +++ b/src/processor/exploitability_unittest.cc @@ -161,6 +161,8 @@ TEST(ExploitabilityTest, TestLinuxEngine) { ExploitabilityFor("linux_inside_module_exe_region2.dmp")); ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, ExploitabilityFor("linux_stack_pointer_in_stack.dmp")); + ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING, + ExploitabilityFor("linux_stack_pointer_in_stack_alt_name.dmp")); ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, ExploitabilityFor("linux_stack_pointer_in_module.dmp")); ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH, diff --git a/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp b/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp Binary files differnew file mode 100644 index 00000000..55b34e8a --- /dev/null +++ b/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp |