Add check for executable stack/heap when rating Linux exploitability.

This CL also consequentially adds a public method to get the number of mappings in a Linux minidump. R=ivanpe@chromium.org Review URL: https://codereview.chromium.org/1291603002 git-svn-id: http://google-breakpad.googlecode.com/svn/trunk@1488 4c0a9323-5329-0410-9bdc-e9ce6186880e
2015-08-15 00:37:14 +00:00
parent ab5ffb8b6c
commit e3687f92c2
6 changed files with 33 additions and 3 deletions
--- a/src/processor/exploitability_linux.cc
+++ b/src/processor/exploitability_linux.cc
@@ -124,7 +124,8 @@ ExploitabilityRating ExploitabilityLinux::CheckPlatformExploitability() {

  // Checking for the instruction pointer in a valid instruction region.
  if (!this->InstructionPointerInCode(instruction_ptr) ||
-       this->StackPointerOffStack(stack_ptr)) {
+       this->StackPointerOffStack(stack_ptr) ||
+       this->ExecutableStackOrHeap()) {
    return EXPLOITABILITY_HIGH;
  }

@@ -149,6 +150,24 @@ bool ExploitabilityLinux::StackPointerOffStack(uint64_t stack_ptr) {
          linux_maps->GetPathname().compare("[stack]"));
 }

+bool ExploitabilityLinux::ExecutableStackOrHeap() {
+  MinidumpLinuxMapsList *linux_maps_list = dump_->GetLinuxMapsList();
+  if (linux_maps_list) {
+    for (size_t i = 0; i < linux_maps_list->get_maps_count(); i++) {
+      const MinidumpLinuxMaps *linux_maps =
+          linux_maps_list->GetLinuxMapsAtIndex(i);
+      // Check for executable stack or heap for each mapping.
+      if (linux_maps &&
+          (!linux_maps->GetPathname().compare("[stack]") ||
+           !linux_maps->GetPathname().compare("[heap]")) &&
+          linux_maps->IsExecutable()) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
 bool ExploitabilityLinux::InstructionPointerInCode(uint64_t instruction_ptr) {
  // Get Linux memory mapping from /proc/self/maps. Checking whether the
  // region the instruction pointer is in has executable permission can tell