aboutsummaryrefslogtreecommitdiff
path: root/src/processor
diff options
context:
space:
mode:
Diffstat (limited to 'src/processor')
-rw-r--r--src/processor/exploitability_linux.cc57
-rw-r--r--src/processor/exploitability_linux.h4
-rw-r--r--src/processor/exploitability_unittest.cc4
3 files changed, 62 insertions, 3 deletions
diff --git a/src/processor/exploitability_linux.cc b/src/processor/exploitability_linux.cc
index 4f98dfeb..875df165 100644
--- a/src/processor/exploitability_linux.cc
+++ b/src/processor/exploitability_linux.cc
@@ -36,6 +36,7 @@
#include "processor/exploitability_linux.h"
+#include "google_breakpad/common/minidump_exception_linux.h"
#include "google_breakpad/processor/process_state.h"
#include "google_breakpad/processor/call_stack.h"
#include "google_breakpad/processor/stack_frame.h"
@@ -119,11 +120,23 @@ ExploitabilityRating ExploitabilityLinux::CheckPlatformExploitability() {
return EXPLOITABILITY_ERR_PROCESSING;
}
+ // Checking for the instruction pointer in a valid instruction region.
if (!this->InstructionPointerInCode(instruction_ptr)) {
return EXPLOITABILITY_HIGH;
}
- return EXPLOITABILITY_NONE;
+ const MDRawExceptionStream *raw_exception_stream = exception->exception();
+ if (raw_exception_stream == NULL) {
+ BPLOG(INFO) << "No raw exception stream.";
+ return EXPLOITABILITY_ERR_PROCESSING;
+ }
+
+ // Checking for benign exceptions that caused the crash.
+ if (this->BenignCrashTrigger(raw_exception_stream)) {
+ return EXPLOITABILITY_NONE;
+ }
+
+ return EXPLOITABILITY_INTERESTING;
}
bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
@@ -149,4 +162,46 @@ bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
minidump_module_list->GetModuleForAddress(instruction_ptr);
}
+bool ExploitabilityLinux::BenignCrashTrigger(const MDRawExceptionStream
+ *raw_exception_stream) {
+ // Here we check the cause of crash.
+ // If the exception of the crash is a benign exception,
+ // it is probably not exploitable.
+ switch (raw_exception_stream->exception_record.exception_code) {
+ case MD_EXCEPTION_CODE_LIN_SIGHUP:
+ case MD_EXCEPTION_CODE_LIN_SIGINT:
+ case MD_EXCEPTION_CODE_LIN_SIGQUIT:
+ case MD_EXCEPTION_CODE_LIN_SIGTRAP:
+ case MD_EXCEPTION_CODE_LIN_SIGABRT:
+ case MD_EXCEPTION_CODE_LIN_SIGFPE:
+ case MD_EXCEPTION_CODE_LIN_SIGKILL:
+ case MD_EXCEPTION_CODE_LIN_SIGUSR1:
+ case MD_EXCEPTION_CODE_LIN_SIGUSR2:
+ case MD_EXCEPTION_CODE_LIN_SIGPIPE:
+ case MD_EXCEPTION_CODE_LIN_SIGALRM:
+ case MD_EXCEPTION_CODE_LIN_SIGTERM:
+ case MD_EXCEPTION_CODE_LIN_SIGCHLD:
+ case MD_EXCEPTION_CODE_LIN_SIGCONT:
+ case MD_EXCEPTION_CODE_LIN_SIGSTOP:
+ case MD_EXCEPTION_CODE_LIN_SIGTSTP:
+ case MD_EXCEPTION_CODE_LIN_SIGTTIN:
+ case MD_EXCEPTION_CODE_LIN_SIGTTOU:
+ case MD_EXCEPTION_CODE_LIN_SIGURG:
+ case MD_EXCEPTION_CODE_LIN_SIGXCPU:
+ case MD_EXCEPTION_CODE_LIN_SIGXFSZ:
+ case MD_EXCEPTION_CODE_LIN_SIGVTALRM:
+ case MD_EXCEPTION_CODE_LIN_SIGPROF:
+ case MD_EXCEPTION_CODE_LIN_SIGWINCH:
+ case MD_EXCEPTION_CODE_LIN_SIGIO:
+ case MD_EXCEPTION_CODE_LIN_SIGPWR:
+ case MD_EXCEPTION_CODE_LIN_SIGSYS:
+ case MD_EXCEPTION_CODE_LIN_DUMP_REQUESTED:
+ return true;
+ break;
+ default:
+ return false;
+ break;
+ }
+}
+
} // namespace google_breakpad
diff --git a/src/processor/exploitability_linux.h b/src/processor/exploitability_linux.h
index 95607602..42f9bc52 100644
--- a/src/processor/exploitability_linux.h
+++ b/src/processor/exploitability_linux.h
@@ -53,6 +53,10 @@ class ExploitabilityLinux : public Exploitability {
// This method takes the address of the instruction pointer and returns
// whether the instruction pointer lies in a valid instruction region.
bool InstructionPointerInCode(uint64_t instruction_ptr);
+
+ // This method checks the exception that triggered the creation of the
+ // minidump and reports whether the exception suggests no exploitability.
+ bool BenignCrashTrigger(const MDRawExceptionStream *raw_exception_stream);
};
} // namespace google_breakpad
diff --git a/src/processor/exploitability_unittest.cc b/src/processor/exploitability_unittest.cc
index 509ae230..cc46f9ea 100644
--- a/src/processor/exploitability_unittest.cc
+++ b/src/processor/exploitability_unittest.cc
@@ -107,7 +107,7 @@ TEST(ExploitabilityTest, TestWindowsEngine) {
}
TEST(ExploitabilityTest, TestLinuxEngine) {
- ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
ExploitabilityFor("linux_null_read_av.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("linux_overflow.dmp"));
@@ -115,7 +115,7 @@ TEST(ExploitabilityTest, TestLinuxEngine) {
ExploitabilityFor("linux_stacksmash.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
ExploitabilityFor("linux_divide_by_zero.dmp"));
- ASSERT_EQ(google_breakpad::EXPLOITABILITY_NONE,
+ ASSERT_EQ(google_breakpad::EXPLOITABILITY_INTERESTING,
ExploitabilityFor("linux_null_dereference.dmp"));
ASSERT_EQ(google_breakpad::EXPLOITABILITY_HIGH,
ExploitabilityFor("linux_jmp_to_0.dmp"));