aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorBen Scarlato <benscarlato@gmail.com>2016-08-28 17:11:42 -0700
committerMike Frysinger <vapier@chromium.org>2016-08-29 18:39:01 +0000
commit968c3889223e6a6f948c4eb34a9376cfc1390811 (patch)
treef211b518df98e9b741b6966f0dcabf17db0056cf /src
parentFix breakpad compilation issue with clang on Windows (diff)
downloadbreakpad-968c3889223e6a6f948c4eb34a9376cfc1390811.tar.xz
Updating ExploitabilityLinux to check memory mapping names against a prefix
instead of a specific name. This will prevent false positives on systems which use a format such as “[stack:69616]” for stack memory mapping names. Change-Id: I51aeda2fe856c1f37f0d18ac06cce69fec2fffa2 Reviewed-on: https://chromium-review.googlesource.com/377086 Reviewed-by: Mike Frysinger <vapier@chromium.org>
Diffstat (limited to 'src')
-rw-r--r--src/processor/exploitability_linux.cc21
-rw-r--r--src/processor/exploitability_unittest.cc2
-rw-r--r--src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmpbin0 -> 38761 bytes
3 files changed, 15 insertions, 8 deletions
diff --git a/src/processor/exploitability_linux.cc b/src/processor/exploitability_linux.cc
index c520059c..63056c43 100644
--- a/src/processor/exploitability_linux.cc
+++ b/src/processor/exploitability_linux.cc
@@ -54,14 +54,18 @@
namespace {
+// Prefixes for memory mapping names.
+constexpr char kHeapPrefix[] = "[heap";
+constexpr char kStackPrefix[] = "[stack";
+
// This function in libc is called if the program was compiled with
// -fstack-protector and a function's stack canary changes.
-const char kStackCheckFailureFunction[] = "__stack_chk_fail";
+constexpr char kStackCheckFailureFunction[] = "__stack_chk_fail";
// This function in libc is called if the program was compiled with
// -D_FORTIFY_SOURCE=2, a function like strcpy() is called, and the runtime
// can determine that the call would overflow the target buffer.
-const char kBoundsCheckFailureFunction[] = "__chk_fail";
+constexpr char kBoundsCheckFailureFunction[] = "__chk_fail";
#ifndef _WIN32
const unsigned int MAX_INSTRUCTION_LEN = 15;
@@ -539,9 +543,9 @@ bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) {
// Checks if the stack pointer maps to a valid mapping and if the mapping
// is not the stack. If the mapping has no name, it is inconclusive whether
// it is off the stack.
- return !linux_maps ||
- (linux_maps->GetPathname().compare("") &&
- linux_maps->GetPathname().compare("[stack]"));
+ return !linux_maps || (linux_maps->GetPathname().compare("") &&
+ linux_maps->GetPathname().compare(
+ 0, strlen(kStackPrefix), kStackPrefix));
}
bool ExploitabilityLinux::ExecutableStackOrHeap() {
@@ -551,9 +555,10 @@ bool ExploitabilityLinux::ExecutableStackOrHeap() {
const MinidumpLinuxMaps *linux_maps =
linux_maps_list->GetLinuxMapsAtIndex(i);
// Check for executable stack or heap for each mapping.
- if (linux_maps &&
- (!linux_maps->GetPathname().compare("[stack]") ||
- !linux_maps->GetPathname().compare("[heap]")) &&
+ if (linux_maps && (!linux_maps->GetPathname().compare(
+ 0, strlen(kStackPrefix), kStackPrefix) ||
+ !linux_maps->GetPathname().compare(
+ 0, strlen(kHeapPrefix), kHeapPrefix)) &&
linux_maps->IsExecutable()) {
return true;
}
diff --git a/src/processor/exploitability_unittest.cc b/src/processor/exploitability_unittest.cc
index 502edcc7..528ee5f2 100644
--- a/src/processor/exploitability_unittest.cc
+++ b/src/processor/exploitability_unittest.cc
@@ -161,6 +161,8 @@ TEST(ExploitabilityTest, TestLinuxEngine) {
ExploitabilityFor("linux_inside_module_exe_region2.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
ExploitabilityFor("linux_stack_pointer_in_stack.dmp"));
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
+ ExploitabilityFor("linux_stack_pointer_in_stack_alt_name.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("linux_stack_pointer_in_module.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
diff --git a/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp b/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp
new file mode 100644
index 00000000..55b34e8a
--- /dev/null
+++ b/src/processor/testdata/linux_stack_pointer_in_stack_alt_name.dmp
Binary files differ