软件安全OpenHarmony开源贡献操作步骤

环境准备

1.下载SSTS套件:https://www.openharmony.cn/systematic?tab=xts

2.安装git,配置相关信息。

镜像获取

1.在网址https://gitee.com/openharmony/security/tree/master/zh/security-disclosure/2025选择感兴趣的issue:CVE-2025-37959

图1

2.根据所选取的issue,前往载https://gitee.com/openharmony/docs/blob/master/zh-cn/release-notes/Readme.md,对应版本的镜像,这里下载存在漏洞的版本v5.0.3和不存在漏洞的版本v5.1.0。

图2

图3

图4

3.使用解压文件(注意下载文件为.tar.gz格式,需要解压两次),得到boot_linux.img文件,将boot_linux.img再次解压后找到Image文件,如下图。

图5

4.使用SSTS套件resourse文件夹下的vml inux_to_elf.exe文件将Image转化为elf文件,为便于区分,分别命名为unfix_5.0.3.elf和unfix_5.1.0.elf见下图。

图6

图7

图8

图9

确定问题,编写规则

1.根据issue描述,使用ida定位问题机器码(找到我们漏洞的修复链接,这里展示的是CVE-2025-37959:查找问题函数skb_do_redirect即可找到),根据机器码不同编写在SSTS套件的\testcases目录下编写相应的规则,和漏洞信息json文件。

图10

2.这样我们就找到了修改的函数名,再去IDA中根据函数名寻找函数,根据逻辑判断,5.0.3中的这个函数是未修改的版本,5.1.0的对应函数我们发现已修改。现在我们提取特征的16进制子串。

图11

图12

图13

3.接下来编写yara

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/*  
  * Copyright (c) 2024 Beijing University of Posts and Telecommunications.
  *  
  * Licensed under the Apache License, Version 2.0 (the "License");  
  * you may not use this file except in compliance with the License.  
  * You may obtain a copy of the License at  
  *  
  * http://www.apache.org/licenses/LICENSE-2.0  
  *  
  * Unless required by applicable law or agreed to in writing, software  
  * distributed under the License is distributed on an "AS IS" BASIS,  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
  * See the License for the specific language governing permissions and  
  * limitations under the License.  
  */ 

import "console"

rule TestCaseRule_CVE_2025_37959
{
    meta:
        date="2025-11"
        openharmony_sa=""
        cve="CVE-2025-37959"
        file="/dev/block/platform/fe310000.sdhci/by-name/boot_linux"
  
    strings:
        $fix = {42 53 FF 97 A8 02 1E 12 1F 00 00 F1 00 19 40 7A DF 02 00 F9 A0 00 00 54 E0 03 14 AA F8 00 FF 97}

    condition: 
        $fix and console.log("CVE-2025-37959 testcase pass") 
}

4.使用编写的规则进行SSTS测试,测试通过。

1
2
./yara64.exe "C:\\Users\\1\\Desktop\\security\\vulntest\\SSTSTestcases\\2025\\CVE-2025-37959\\TestCaseRule-CVE-2025-37959.yara" "G:\\5.0.3\\boot_linux\\extlinux\\unfix_5.0.3.elf"
./yara64.exe "C:\\Users\\1\\Desktop\\security\\vulntest\\SSTSTestcases\\2025\\CVE-2025-37959\\TestCaseRule-CVE-2025-37959.yara" "G:\\5.0.3\\boot_linux\\fixed\\fixed_5.0.3.elf"

图14

5.编写json文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
{
    "month": "2025-09",
    "release_time": "",
    "vulnerabilities": [
        {
            "month": "2025-09",
            "vul_id": {
                "cve": "CVE-2025-37959",
                "openharmony-sa": " "
            },
            "severity": "medium",
            "vul_description": {
                "zh": "bpf_redirect_peer在跨网络命名空间重定向数据包时缺少必要的skb清理操作,导致XFRM解密状态等扩展信息在命名空间间泄露,引发目标命名空间中的XFRM策略检查异常。",
                "en": "bpf_redirect_peer lacks necessary skb scrubbing when redirecting packets across network namespaces, causing leakage of extension information such as XFRM decryption state between namespaces and triggering XFRM policy check anomalies in the target namespace."
            },

            "vul_impact": {
                "zh": "该漏洞破坏网络命名空间隔离性,可能导致加密通信数据包被错误丢弃,影响基于BPF重定向的容器网络功能的正常运行。",
                "en": "This vulnerability breaks network namespace isolation, potentially causing encrypted communication packets to be incorrectly dropped, affecting the normal operation of BPF-based container networking features."
            },

            "disclosure": {
                "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-09.md",
                "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2025/2025-09.md"
            },

            "patch_info": {
                "5.0.x": {
                    "patch_url": [
                        "https://gitee.com/openharmony/kernel_linux_5.10/commit/<commit-for-5.0.x>"
                    ],
                    "patch_file": [
                        "https://gitee.com/openharmony/kernel_linux_5.10/commit/<commit-for-5.0.x>.patch"
                    ],
                    "diff_file": [
                        "https://gitee.com/openharmony/kernel_linux_5.10/commit/<commit-for-5.0.x>.diff"
                    ]
                }
            },

            "affected_projects": "kernel_linux_5.10",
            "object_type": "kernel_linux",
            "affected_versions": [
                "5.0.0-5.0.3"
            ],

            "affected_device": {
                "mini": {
                    "liteos": {
                        "rics-v": {
                            "scan_strategy": {
                                "ssts": {
                                    "enable": false
                                },
                                "ists": {
                                    "enable": false
                                }
                            }
                        }
                    }
                },

                "small": {
                    "liteos": {
                        "rics-v": {
                            "scan_strategy": {
                                "ssts": {
                                    "enable": false
                                },
                                "ists": {
                                    "enable": false
                                }
                            }
                        }
                    },
                    "linux": {
                        "arm": {
                            "scan_strategy": {
                                "ssts": {
                                    "enable": false
                                },
                                "ists": {
                                    "enable": false
                                }
                            }
                        }
                    }
                },

                "standard": {
                    "linux": {
                        "arm": {
                            "scan_strategy": {
                                "ssts": {
                                    "enable": false
                                },
                                "ists": {
                                    "enable": true,
                                    "yara": {
                                        "affected_files": [
                                            "/dev/block/platform/fe310000.sdhci/by-name/boot_linux"
                                        ],
                                        "yara_rules": [
                                            "TestCaseRule-CVE-2025-37959.yara"
                                        ]
                                    }
                                }
                            }
                        },
                        "arm64": {
                            "scan_strategy": {
                                "ssts": {
                                    "enable": false
                                },
                                "ists": {
                                    "enable": false
                                }
                            }
                        }
                    }
                }
            }
        }
    ]
}

创建PR

1.Fork开源SSTS测试的库https://gitcode.com/openharmony/security到自己的仓库,克隆Fork后的仓库,进行将相关文件按照格式要求提交,commit为“SSTS新增规则:CVE-2025-37959”。

1
2
3
git add .
git commit --signoff -m "SSTS新增规则:CVE-2025-37959"
git push

图15

图16

图17

2.发起Pull Request。

图18

图19

3.贡献完成,获得合入。

图20

相关链接:https://gitcode.com/openharmony/security/pull/459

实验报告持续更新中…