1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "getsmssegmentsinfo_fuzzer.h"
17
18 #define private public
19 #include "addsmstoken_fuzzer.h"
20 #include "cdma_sms_message.h"
21 #include "ims_sms_callback_stub.h"
22 #include "sms_service.h"
23
24 using namespace OHOS::Telephony;
25 namespace OHOS {
26 static bool g_isInited = false;
27 constexpr int32_t SLOT_NUM = 2;
28 constexpr int32_t TYPE_NUM = 5;
29
IsServiceInited()30 bool IsServiceInited()
31 {
32 if (!g_isInited) {
33 DelayedSingleton<SmsService>::GetInstance()->OnStart();
34 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
35 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
36 g_isInited = true;
37 }
38 }
39 return g_isInited;
40 }
41
GetSmsSegmentsInfo(const uint8_t * data,size_t size)42 void GetSmsSegmentsInfo(const uint8_t *data, size_t size)
43 {
44 if (!IsServiceInited()) {
45 return;
46 }
47
48 MessageParcel dataParcel;
49 MessageParcel replyParcel;
50 MessageOption option(MessageOption::TF_SYNC);
51
52 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
53 std::string message(reinterpret_cast<const char *>(data), size);
54 auto messageU16 = Str8ToStr16(message);
55 bool force7BitCode = slotId == 1 ? true : false;
56
57 dataParcel.WriteInt32(slotId);
58 dataParcel.WriteString16(messageU16);
59 dataParcel.WriteBool(force7BitCode);
60 dataParcel.RewindRead(0);
61
62 DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
63
64 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
65 if (interfaceManager == nullptr) {
66 TELEPHONY_LOGE("interfaceManager nullptr error");
67 return;
68 }
69 LengthInfo lenInfo;
70 interfaceManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
71
72 auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
73 if (smsSendManager == nullptr) {
74 TELEPHONY_LOGE("failed to create SmsSendManager");
75 return;
76 }
77 smsSendManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
78 CdmaSmsMessage cdmaSmsMessage;
79 cdmaSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
80 GsmSmsMessage gsmSmsMessage;
81 gsmSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
82 }
83
IsImsSmsSupported(const uint8_t * data,size_t size)84 void IsImsSmsSupported(const uint8_t *data, size_t size)
85 {
86 if (!IsServiceInited()) {
87 return;
88 }
89
90 MessageParcel dataParcel;
91 MessageParcel replyParcel;
92 MessageOption option(MessageOption::TF_SYNC);
93
94 dataParcel.WriteBuffer(data, size);
95 dataParcel.RewindRead(0);
96 DelayedSingleton<SmsService>::GetInstance()->OnIsImsSmsSupported(dataParcel, replyParcel, option);
97
98 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
99 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
100 if (interfaceManager == nullptr) {
101 TELEPHONY_LOGE("interfaceManager nullptr error");
102 return;
103 }
104 bool isSupported = false;
105 interfaceManager->IsImsSmsSupported(slotId, isSupported);
106 auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
107 if (smsSendManager == nullptr) {
108 TELEPHONY_LOGE("failed to create SmsSendManager");
109 return;
110 }
111 smsSendManager->IsImsSmsSupported(slotId, isSupported);
112 }
113
OnRemoteRequest(const uint8_t * data,size_t size)114 void OnRemoteRequest(const uint8_t *data, size_t size)
115 {
116 if (!IsServiceInited()) {
117 return;
118 }
119
120 MessageParcel dataParcel;
121 if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
122 TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
123 return;
124 }
125
126 MessageParcel replyParcel;
127 MessageOption option(MessageOption::TF_SYNC);
128 dataParcel.RewindRead(0);
129 uint32_t code = static_cast<uint32_t>(size);
130 DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
131 return;
132 }
133
ImsSendMessageResponseInner(const uint8_t * data,size_t size)134 void ImsSendMessageResponseInner(const uint8_t *data, size_t size)
135 {
136 if (!IsServiceInited()) {
137 return;
138 }
139
140 MessageParcel dataParcel;
141 MessageParcel replyParcel;
142
143 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
144 dataParcel.WriteInt32(slotId);
145 HRilRadioResponseInfo responseInfo;
146 responseInfo.flag = static_cast<uint32_t>(size);
147 responseInfo.serial = static_cast<uint32_t>(size);
148 responseInfo.error = static_cast<HRilErrType>(size);
149 responseInfo.type = static_cast<HRilResponseTypes>(size % TYPE_NUM);
150 dataParcel.WriteRawData((const void *)&responseInfo, sizeof(HRilRadioResponseInfo));
151 SendSmsResultInfo resultInfo;
152 resultInfo.msgRef = static_cast<uint32_t>(size);
153 std::string pdu(reinterpret_cast<const char *>(data), size);
154 resultInfo.pdu = pdu;
155 resultInfo.errCode = static_cast<uint32_t>(size);
156 resultInfo.flag = static_cast<int64_t>(size);
157 dataParcel.WriteRawData((const void *)&resultInfo, sizeof(SendSmsResultInfo));
158 dataParcel.RewindRead(0);
159 DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSendMessageResponseInner(dataParcel, replyParcel);
160 }
161
ImsSetSmsConfigResponseInner(const uint8_t * data,size_t size)162 void ImsSetSmsConfigResponseInner(const uint8_t *data, size_t size)
163 {
164 if (!IsServiceInited()) {
165 return;
166 }
167
168 MessageParcel dataParcel;
169 MessageParcel replyParcel;
170
171 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
172 dataParcel.WriteInt32(slotId);
173 HRilRadioResponseInfo responseInfo;
174 responseInfo.flag = static_cast<uint32_t>(size);
175 responseInfo.serial = static_cast<uint32_t>(size);
176 responseInfo.error = static_cast<HRilErrType>(size);
177 responseInfo.type = static_cast<HRilResponseTypes>(size % TYPE_NUM);
178 dataParcel.WriteRawData((const void *)&responseInfo, sizeof(HRilRadioResponseInfo));
179 dataParcel.RewindRead(0);
180 DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSetSmsConfigResponseInner(dataParcel, replyParcel);
181 }
182
CreateMessage(const uint8_t * data,size_t size)183 void CreateMessage(const uint8_t *data, size_t size)
184 {
185 if (!IsServiceInited()) {
186 return;
187 }
188
189 MessageParcel dataParcel;
190 MessageParcel replyParcel;
191 MessageOption option(MessageOption::TF_SYNC);
192
193 std::string pdu(reinterpret_cast<const char *>(data), size);
194 std::string reply(reinterpret_cast<const char *>(data), size);
195 dataParcel.WriteString(pdu);
196 dataParcel.WriteString(reply);
197 dataParcel.RewindRead(0);
198 DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
199 }
200
GetBase64Encode(const uint8_t * data,size_t size)201 void GetBase64Encode(const uint8_t *data, size_t size)
202 {
203 if (!IsServiceInited()) {
204 return;
205 }
206
207 MessageParcel dataParcel;
208 MessageParcel replyParcel;
209 MessageOption option(MessageOption::TF_SYNC);
210
211 std::string message(reinterpret_cast<const char *>(data), size);
212 auto messageU16 = Str8ToStr16(message);
213 dataParcel.WriteString16(messageU16);
214 dataParcel.RewindRead(0);
215 DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
216 }
217
GetBase64Decode(const uint8_t * data,size_t size)218 void GetBase64Decode(const uint8_t *data, size_t size)
219 {
220 if (!IsServiceInited()) {
221 return;
222 }
223
224 MessageParcel dataParcel;
225 MessageParcel replyParcel;
226 MessageOption option(MessageOption::TF_SYNC);
227
228 std::string messageSrc(reinterpret_cast<const char *>(data), size);
229 auto stringU16 = Str8ToStr16(messageSrc);
230 dataParcel.WriteString16(stringU16);
231 dataParcel.RewindRead(0);
232 DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
233 }
234
GetEncodeStringFunc(const uint8_t * data,size_t size)235 void GetEncodeStringFunc(const uint8_t *data, size_t size)
236 {
237 if (!IsServiceInited()) {
238 return;
239 }
240
241 MessageParcel dataParcel;
242 MessageParcel replyParcel;
243 MessageOption option(MessageOption::TF_SYNC);
244
245 int32_t charset = static_cast<int32_t>(size);
246 int32_t valLength = static_cast<int32_t>(size);
247 std::string strEncode(reinterpret_cast<const char *>(data), size);
248 auto strEncodeU16 = Str8ToStr16(strEncode);
249 dataParcel.WriteInt32(charset);
250 dataParcel.WriteInt32(valLength);
251 dataParcel.WriteString16(strEncodeU16);
252 dataParcel.RewindRead(0);
253 DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
254 }
255
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)256 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
257 {
258 if (data == nullptr || size == 0) {
259 return;
260 }
261
262 GetSmsSegmentsInfo(data, size);
263 IsImsSmsSupported(data, size);
264 OnRemoteRequest(data, size);
265 ImsSendMessageResponseInner(data, size);
266 ImsSetSmsConfigResponseInner(data, size);
267 CreateMessage(data, size);
268 GetBase64Encode(data, size);
269 GetBase64Decode(data, size);
270 GetEncodeStringFunc(data, size);
271 }
272 } // namespace OHOS
273
274 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)275 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
276 {
277 /* Run your code on data */
278 OHOS::AddSmsTokenFuzzer token;
279 OHOS::DoSomethingInterestingWithMyAPI(data, size);
280 return 0;
281 }
282