diff options
Diffstat (limited to 'src/processor/exploitability_linux.cc')
-rw-r--r-- | src/processor/exploitability_linux.cc | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/src/processor/exploitability_linux.cc b/src/processor/exploitability_linux.cc index 4f98dfeb..875df165 100644 --- a/src/processor/exploitability_linux.cc +++ b/src/processor/exploitability_linux.cc @@ -36,6 +36,7 @@ #include "processor/exploitability_linux.h" +#include "google_breakpad/common/minidump_exception_linux.h" #include "google_breakpad/processor/process_state.h" #include "google_breakpad/processor/call_stack.h" #include "google_breakpad/processor/stack_frame.h" @@ -119,11 +120,23 @@ ExploitabilityRating ExploitabilityLinux::CheckPlatformExploitability() { return EXPLOITABILITY_ERR_PROCESSING; } + // Checking for the instruction pointer in a valid instruction region. if (!this->InstructionPointerInCode(instruction_ptr)) { return EXPLOITABILITY_HIGH; } - return EXPLOITABILITY_NONE; + const MDRawExceptionStream *raw_exception_stream = exception->exception(); + if (raw_exception_stream == NULL) { + BPLOG(INFO) << "No raw exception stream."; + return EXPLOITABILITY_ERR_PROCESSING; + } + + // Checking for benign exceptions that caused the crash. + if (this->BenignCrashTrigger(raw_exception_stream)) { + return EXPLOITABILITY_NONE; + } + + return EXPLOITABILITY_INTERESTING; } bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { @@ -149,4 +162,46 @@ bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) { minidump_module_list->GetModuleForAddress(instruction_ptr); } +bool ExploitabilityLinux::BenignCrashTrigger(const MDRawExceptionStream + *raw_exception_stream) { + // Here we check the cause of crash. + // If the exception of the crash is a benign exception, + // it is probably not exploitable. + switch (raw_exception_stream->exception_record.exception_code) { + case MD_EXCEPTION_CODE_LIN_SIGHUP: + case MD_EXCEPTION_CODE_LIN_SIGINT: + case MD_EXCEPTION_CODE_LIN_SIGQUIT: + case MD_EXCEPTION_CODE_LIN_SIGTRAP: + case MD_EXCEPTION_CODE_LIN_SIGABRT: + case MD_EXCEPTION_CODE_LIN_SIGFPE: + case MD_EXCEPTION_CODE_LIN_SIGKILL: + case MD_EXCEPTION_CODE_LIN_SIGUSR1: + case MD_EXCEPTION_CODE_LIN_SIGUSR2: + case MD_EXCEPTION_CODE_LIN_SIGPIPE: + case MD_EXCEPTION_CODE_LIN_SIGALRM: + case MD_EXCEPTION_CODE_LIN_SIGTERM: + case MD_EXCEPTION_CODE_LIN_SIGCHLD: + case MD_EXCEPTION_CODE_LIN_SIGCONT: + case MD_EXCEPTION_CODE_LIN_SIGSTOP: + case MD_EXCEPTION_CODE_LIN_SIGTSTP: + case MD_EXCEPTION_CODE_LIN_SIGTTIN: + case MD_EXCEPTION_CODE_LIN_SIGTTOU: + case MD_EXCEPTION_CODE_LIN_SIGURG: + case MD_EXCEPTION_CODE_LIN_SIGXCPU: + case MD_EXCEPTION_CODE_LIN_SIGXFSZ: + case MD_EXCEPTION_CODE_LIN_SIGVTALRM: + case MD_EXCEPTION_CODE_LIN_SIGPROF: + case MD_EXCEPTION_CODE_LIN_SIGWINCH: + case MD_EXCEPTION_CODE_LIN_SIGIO: + case MD_EXCEPTION_CODE_LIN_SIGPWR: + case MD_EXCEPTION_CODE_LIN_SIGSYS: + case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED: + return true; + break; + default: + return false; + break; + } +} + } // namespace google_breakpad |