From 114605df538bc49da3778546b74a9230fc4c0908 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 10 May 2021 08:55:48 +0100 Subject: Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name --- frida_mode/src/cmplog/cmplog.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'frida_mode/src/cmplog/cmplog.c') diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 84412c0b..3fab1951 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -4,6 +4,8 @@ #include "util.h" +#define DEFAULT_MMAP_MIN_ADDR (32UL << 10) + extern struct cmp_map *__afl_cmp_map; static GArray *cmplog_ranges = NULL; @@ -55,6 +57,16 @@ gboolean cmplog_is_readable(void *addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); + /* + * The Linux kernel prevents mmap from allocating from the very bottom of the + * address space to mitigate NULL pointer dereference attacks. The exact size + * is set by sysctl by setting mmap_min_addr and 64k is suggested on most + * platforms with 32k on ARM systems. We therefore fail fast if the address + * is lower than this. This should avoid some overhead when functions are + * called where one of the parameters is a size, or a some other small value. + */ + if (GPOINTER_TO_SIZE(addr) < DEFAULT_MMAP_MIN_ADDR) { return false; } + GumAddress inner_base = GUM_ADDRESS(addr); GumAddress inner_limit = inner_base + size; -- cgit 1.4.1