1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17import "console" 18import "elf" 19 20 21rule OpenHarmony_SA_2023_0301 22{ 23 meta: 24 date = "2023-03-08" 25 openharmony_sa = "OpenHarmony-SA-2023-0301" 26 cve = "CVE-2023-24465" 27 severity = "medium" 28 affacted_files = "libwifi_scan_ability.z.so" 29 affected_func = "WifiScanStub::OnScanByParams" 30 31 strings: 32 $features = "run OnScanByParams code %{public}u, datasize %{public}zu" nocase wide ascii 33 34 /* 3.1.4 vul code 35 .text:0000B0D0 01 46 MOV R1, R0 36 .text:0000B0D2 20 46 MOV R0, R4 37 */ 38 $vul = {01 46 ?? 46} 39 40 /* 3.1.4 with patch 41 .text:0000B0DA 7D 44 ADD R5, PC ; "" 42 .text:0000B0DC 08 BF IT EQ 43 .text:0000B0DE 29 46 MOVEQ R1, R5 44 */ 45 $fix = {7? 44 08 BF ?? 46} 46 47 48 condition: 49 (elf.machine == elf.EM_ARM) and $features and ((not $vul) or $fix) and console.log("OpenHarmony-SA-2023-0301 testcase pass") 50 51}