1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "wlan_common_fuzzer.h"
16
17 #define WLAN_FREQ_MAX_NUM 35
18 #define ETH_ADDR_LEN 6
19 #define BITS_NUM_24 24
20 #define BITS_NUM_16 16
21 #define BITS_NUM_8 8
22
23 static uint32_t g_wlanTestSize = 0;
24
SetWlanDataSize(const uint32_t * dataSize)25 uint32_t SetWlanDataSize(const uint32_t *dataSize)
26 {
27 if (dataSize != nullptr) {
28 g_wlanTestSize = *dataSize;
29 return HDF_SUCCESS;
30 }
31 HDF_LOGE("%{public}s: set data size failed!", __FUNCTION__);
32 return HDF_FAILURE;
33 }
34
GetWlanDataSize(uint32_t * dataSize)35 uint32_t GetWlanDataSize(uint32_t *dataSize)
36 {
37 if (dataSize != nullptr) {
38 *dataSize = g_wlanTestSize;
39 return HDF_SUCCESS;
40 }
41 HDF_LOGE("%{public}s: get data size failed!", __FUNCTION__);
42 return HDF_FAILURE;
43 }
44
Convert2Uint32(const uint8_t * ptr)45 uint32_t Convert2Uint32(const uint8_t *ptr)
46 {
47 if (ptr == nullptr) {
48 return 0;
49 }
50 /*
51 * Move the 0th digit 24 to the left, the first digit 16 to the left, the second digit 8 to the left,
52 * and the third digit no left
53 */
54 return (ptr[0] << BITS_NUM_24) | (ptr[1] << BITS_NUM_16) | (ptr[2] << BITS_NUM_8) | (ptr[3]);
55 }
56
PreProcessRawData(const uint8_t * rawData,size_t size,uint8_t * tmpRawData,size_t tmpRawDataSize)57 bool PreProcessRawData(const uint8_t *rawData, size_t size, uint8_t *tmpRawData, size_t tmpRawDataSize)
58 {
59 if (rawData == nullptr || tmpRawData == nullptr) {
60 HDF_LOGE("%{public}s: rawData or tmpRawData is nullptr!", __FUNCTION__);
61 return false;
62 }
63 uint32_t dataSize = size - OFFSET;
64 if (memcpy_s(tmpRawData, tmpRawDataSize, rawData + OFFSET, dataSize) != EOK) {
65 HDF_LOGE("%{public}s: memcpy_s failed!", __FUNCTION__);
66 return false;
67 }
68 if (SetWlanDataSize(&dataSize) != HDF_SUCCESS) {
69 HDF_LOGE("%{public}s: set data size failed!", __FUNCTION__);
70 return false;
71 }
72 return true;
73 }
74
FuzzGetChipId(struct IWlanInterface * interface,const uint8_t * rawData)75 void FuzzGetChipId(struct IWlanInterface *interface, const uint8_t *rawData)
76 {
77 uint8_t chipId = 0;
78 struct HdfFeatureInfo feature;
79 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
80 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
81
82 interface->GetChipId(interface, &feature, &chipId);
83 HDF_LOGI("%{public}s: success", __FUNCTION__);
84 }
85
FuzzGetDeviceMacAddress(struct IWlanInterface * interface,const uint8_t * rawData)86 void FuzzGetDeviceMacAddress(struct IWlanInterface *interface, const uint8_t *rawData)
87 {
88 uint8_t mac[ETH_ADDR_LEN] = {0};
89 uint32_t macLen = ETH_ADDR_LEN;
90 struct HdfFeatureInfo feature;
91 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
92 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
93
94 interface->GetDeviceMacAddress(interface, &feature, mac, &macLen,
95 *const_cast<uint8_t *>(reinterpret_cast<const uint8_t *>(rawData)));
96 HDF_LOGI("%{public}s: success", __FUNCTION__);
97 }
98
FuzzGetFeatureType(struct IWlanInterface * interface,const uint8_t * rawData)99 void FuzzGetFeatureType(struct IWlanInterface *interface, const uint8_t *rawData)
100 {
101 int32_t featureType;
102 struct HdfFeatureInfo feature;
103 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
104 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
105
106 interface->GetFeatureType(interface, &feature, &featureType);
107 HDF_LOGI("%{public}s: success", __FUNCTION__);
108 }
109
FuzzGetFreqsWithBand(struct IWlanInterface * interface,const uint8_t * rawData)110 void FuzzGetFreqsWithBand(struct IWlanInterface *interface, const uint8_t *rawData)
111 {
112 struct HdfFeatureInfo feature;
113 struct HdfWifiInfo wifiInfo;
114 int32_t freq[WLAN_FREQ_MAX_NUM] = {0};
115 uint32_t freqLen = WLAN_FREQ_MAX_NUM;
116 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
117 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
118 wifiInfo.band = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
119 wifiInfo.size = *const_cast<uint32_t *>(reinterpret_cast<const uint32_t *>(rawData));
120
121 interface->GetFreqsWithBand(interface, &feature, &wifiInfo, freq, &freqLen);
122 HDF_LOGI("%{public}s: success", __FUNCTION__);
123 }
124
FuzzGetNetworkIfaceName(struct IWlanInterface * interface,const uint8_t * rawData)125 void FuzzGetNetworkIfaceName(struct IWlanInterface *interface, const uint8_t *rawData)
126 {
127 char ifNames[IFNAMSIZ] = {0};
128 struct HdfFeatureInfo feature;
129 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
130 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
131
132 interface->GetNetworkIfaceName(interface, &feature, ifNames, IFNAMSIZ);
133 HDF_LOGI("%{public}s: success", __FUNCTION__);
134 }
135
FuzzSetMacAddress(struct IWlanInterface * interface,const uint8_t * rawData)136 void FuzzSetMacAddress(struct IWlanInterface *interface, const uint8_t *rawData)
137 {
138 struct HdfFeatureInfo feature;
139 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
140 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
141 const uint8_t *mac = rawData;
142 uint32_t macLen = ETH_ADDR_LEN;
143
144 interface->SetMacAddress(interface, &feature, mac, macLen);
145 HDF_LOGI("%{public}s: success", __FUNCTION__);
146 }
147
FuzzSetTxPower(struct IWlanInterface * interface,const uint8_t * rawData)148 void FuzzSetTxPower(struct IWlanInterface *interface, const uint8_t *rawData)
149 {
150 struct HdfFeatureInfo feature;
151 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
152 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
153 int32_t power = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
154
155 interface->SetTxPower(interface, &feature, power);
156 HDF_LOGI("%{public}s: success", __FUNCTION__);
157 }
158
FuzzGetPowerMode(struct IWlanInterface * interface,const uint8_t * rawData)159 void FuzzGetPowerMode(struct IWlanInterface *interface, const uint8_t *rawData)
160 {
161 uint8_t mode = 0;
162 struct HdfFeatureInfo feature;
163 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
164 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
165
166 interface->GetPowerMode(interface, &feature, &mode);
167 HDF_LOGI("%{public}s: success", __FUNCTION__);
168 }
169
FuzzSetPowerMode(struct IWlanInterface * interface,const uint8_t * rawData)170 void FuzzSetPowerMode(struct IWlanInterface *interface, const uint8_t *rawData)
171 {
172 struct HdfFeatureInfo feature;
173 feature.ifName = const_cast<char *>(reinterpret_cast<const char *>(rawData));
174 feature.type = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
175 uint8_t mode = *const_cast<uint8_t *>(rawData);
176
177 interface->SetPowerMode(interface, &feature, mode);
178 HDF_LOGI("%{public}s: success", __FUNCTION__);
179 }
180
FuzzGetIfNamesByChipId(struct IWlanInterface * interface,const uint8_t * rawData)181 void FuzzGetIfNamesByChipId(struct IWlanInterface *interface, const uint8_t *rawData)
182 {
183 uint32_t num = 0;
184 char ifNames[IFNAMSIZ] = {0};
185 uint8_t chipId = *const_cast<uint8_t *>(rawData);
186
187 interface->GetIfNamesByChipId(interface, chipId, ifNames, IFNAMSIZ, &num);
188 HDF_LOGI("%{public}s: success", __FUNCTION__);
189 }
190
FuzzResetDriver(struct IWlanInterface * interface,const uint8_t * rawData)191 void FuzzResetDriver(struct IWlanInterface *interface, const uint8_t *rawData)
192 {
193 uint8_t chipId = *const_cast<uint8_t *>(rawData);
194 const char *ifName = reinterpret_cast<const char *>(rawData);
195
196 interface->ResetDriver(interface, chipId, ifName);
197 HDF_LOGI("%{public}s: success", __FUNCTION__);
198 }
199
FuzzStartChannelMeas(struct IWlanInterface * interface,const uint8_t * rawData)200 void FuzzStartChannelMeas(struct IWlanInterface *interface, const uint8_t *rawData)
201 {
202 const char *ifName = reinterpret_cast<const char *>(rawData);
203 struct MeasChannelParam measChannelParam;
204 measChannelParam.channelId = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
205 measChannelParam.measTime = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
206
207 interface->StartChannelMeas(interface, ifName, &measChannelParam);
208 HDF_LOGI("%{public}s: success", __FUNCTION__);
209 }
210
FuzzSetProjectionScreenParam(struct IWlanInterface * interface,const uint8_t * rawData)211 void FuzzSetProjectionScreenParam(struct IWlanInterface *interface, const uint8_t *rawData)
212 {
213 const char *ifName = reinterpret_cast<const char *>(rawData);
214 struct ProjectionScreenCmdParam param;
215 param.buf = const_cast<int8_t *>(reinterpret_cast<const int8_t *>(rawData));
216 param.bufLen = g_wlanTestSize;
217 param.cmdId = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
218
219 interface->SetProjectionScreenParam(interface, ifName, ¶m);
220 HDF_LOGI("%{public}s: success", __FUNCTION__);
221 }
222
FuzzWifiSendCmdIoctl(struct IWlanInterface * interface,const uint8_t * rawData)223 void FuzzWifiSendCmdIoctl(struct IWlanInterface *interface, const uint8_t *rawData)
224 {
225 const char *ifName = reinterpret_cast<const char *>(rawData);
226 int32_t cmdId = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
227 int8_t *paramBuf = const_cast<int8_t *>(reinterpret_cast<const int8_t *>(rawData));
228
229 interface->WifiSendCmdIoctl(interface, ifName, cmdId, paramBuf, g_wlanTestSize);
230 HDF_LOGI("%{public}s: success", __FUNCTION__);
231 }
232
FuzzGetFeatureByIfName(struct IWlanInterface * interface,const uint8_t * rawData)233 void FuzzGetFeatureByIfName(struct IWlanInterface *interface, const uint8_t *rawData)
234 {
235 struct HdfFeatureInfo featureInfo;
236 const char *ifName = reinterpret_cast<const char *>(rawData);
237
238 interface->GetFeatureByIfName(interface, ifName, &featureInfo);
239 HDF_LOGI("%{public}s: success", __FUNCTION__);
240 }
241
FuzzGetStaInfo(struct IWlanInterface * interface,const uint8_t * rawData)242 void FuzzGetStaInfo(struct IWlanInterface *interface, const uint8_t *rawData)
243 {
244 struct WifiStationInfo info;
245 const char *ifName = reinterpret_cast<const char *>(rawData);
246 const uint8_t *mac = rawData;
247 uint32_t macLen = ETH_ADDR_LEN;
248
249 interface->GetStaInfo(interface, ifName, &info, mac, macLen);
250 HDF_LOGI("%{public}s: success", __FUNCTION__);
251 }
252
FuzzGetChannelMeasResult(struct IWlanInterface * interface,const uint8_t * rawData)253 void FuzzGetChannelMeasResult(struct IWlanInterface *interface, const uint8_t *rawData)
254 {
255 const char *ifName = reinterpret_cast<const char *>(rawData);
256 struct MeasChannelResult measChannelResult = {0};
257
258 interface->GetChannelMeasResult(interface, ifName, &measChannelResult);
259 HDF_LOGI("%{public}s: success", __FUNCTION__);
260 }
261