1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cerrno>
17 #include <cstdlib>
18 #include "securec.h"
19 #include "v1_0/iwpa_interface.h"
20 #include "wpa_fuzzer.h"
21 #include "wpa_common_fuzzer.h"
22 #include "servmgr_hdi.h"
23 #include "devmgr_hdi.h"
24 #include "hdf_remote_service.h"
25
26 namespace OHOS {
27 namespace WIFI {
28 constexpr size_t THRESHOLD = 10;
29 const char *g_wpaServiceName = "wpa_interface_service";
30 struct IWpaInterface *g_wpaObj = nullptr;
31 static struct HDIDeviceManager *g_devMgr = NULL;
32
FuzzWpaStart(struct IWpaInterface * gWpaObj,uint8_t * tmpRawData)33 void FuzzWpaStart(struct IWpaInterface *gWpaObj, uint8_t *tmpRawData)
34 {
35 FuzzWpaInterfaceStart(gWpaObj, tmpRawData);
36 FuzzWpaInterfaceStop(gWpaObj, tmpRawData);
37 FuzzWpaInterfaceScan(gWpaObj, tmpRawData);
38 FuzzWpaInterfaceScanResult(gWpaObj, tmpRawData);
39 FuzzWpaInterfaceAddNetwork(gWpaObj, tmpRawData);
40 FuzzWpaInterfaceRemoveNetwork(gWpaObj, tmpRawData);
41 FuzzWpaInterfaceDisableNetwork(gWpaObj, tmpRawData);
42 FuzzWpaInterfaceSetNetwork(gWpaObj, tmpRawData);
43 FuzzWpaInterfaceReconnect(gWpaObj, tmpRawData);
44 FuzzWpaInterfaceDisconnect(gWpaObj, tmpRawData);
45 FuzzWpaInterfaceSelectNetwork(gWpaObj, tmpRawData);
46 FuzzWpaInterfaceEnableNetwork(gWpaObj, tmpRawData);
47 FuzzWpaInterfaceSetPowerSave(gWpaObj, tmpRawData);
48 FuzzWpaInterfaceAutoConnect(gWpaObj, tmpRawData);
49 FuzzWpaInterfaceSaveConfig(gWpaObj, tmpRawData);
50 FuzzWpaInterfaceWpsCancel(gWpaObj, tmpRawData);
51 FuzzWpaInterfaceGetCountryCode(gWpaObj, tmpRawData);
52 FuzzWpaInterfaceGetNetwork(gWpaObj, tmpRawData);
53 FuzzWpaInterfaceBlocklistClear(gWpaObj, tmpRawData);
54 FuzzWpaInterfaceSetSuspendMode(gWpaObj, tmpRawData);
55 FuzzWpaInterfaceGetScanSsid(gWpaObj, tmpRawData);
56 FuzzWpaInterfaceGetPskPassphrase(gWpaObj, tmpRawData);
57 FuzzWpaInterfaceGetPsk(gWpaObj, tmpRawData);
58 FuzzWpaInterfaceGetWepKey(gWpaObj, tmpRawData);
59 FuzzWpaInterfaceGetWepTxKeyIdx(gWpaObj, tmpRawData);
60 FuzzWpaInterfaceGetRequirePmf(gWpaObj, tmpRawData);
61 FuzzWpaInterfaceSetCountryCode(gWpaObj, tmpRawData);
62 FuzzWpaInterfaceListNetworks(gWpaObj, tmpRawData);
63 FuzzWpaInterfaceWifiStatus(gWpaObj, tmpRawData);
64 FuzzWpaInterfaceWpsPbcMode(gWpaObj, tmpRawData);
65 FuzzWpaInterfaceWpsPinMode(gWpaObj, tmpRawData);
66 FuzzWpaInterfaceRegisterEventCallback(gWpaObj, tmpRawData);
67 FuzzWpaInterfaceUnregisterEventCallback(gWpaObj, tmpRawData);
68 FuzzWpaInterfaceGetConnectionCapabilities(gWpaObj, tmpRawData);
69 FuzzWpaInterfaceAddWpaIface(gWpaObj, tmpRawData);
70 FuzzWpaInterfaceRemoveWpaIface(gWpaObj, tmpRawData);
71 FuzzWpaInterfaceReassociate(gWpaObj, tmpRawData);
72 FuzzWpaInterfaceStaShellCmd(gWpaObj, tmpRawData);
73 }
74
FuzzP2pStart(struct IWpaInterface * gWpaObj,uint8_t * tmpRawData)75 void FuzzP2pStart(struct IWpaInterface *gWpaObj, uint8_t *tmpRawData)
76 {
77 FuzzWpaInterfaceP2pSetSsidPostfixName(gWpaObj, tmpRawData);
78 FuzzWpaInterfaceP2pSetWpsDeviceType(gWpaObj, tmpRawData);
79 FuzzWpaInterfaceP2pSetWpsConfigMethods(gWpaObj, tmpRawData);
80 FuzzWpaInterfaceP2pSetGroupMaxIdle(gWpaObj, tmpRawData);
81 FuzzWpaInterfaceP2pSetWfdEnable(gWpaObj, tmpRawData);
82 FuzzWpaInterfaceP2pSetPersistentReconnect(gWpaObj, tmpRawData);
83 FuzzWpaInterfaceP2pSetWpsSecondaryDeviceType(gWpaObj, tmpRawData);
84 FuzzWpaInterfaceP2pSetupWpsPbc(gWpaObj, tmpRawData);
85 FuzzWpaInterfaceP2pSetupWpsPin(gWpaObj, tmpRawData);
86 FuzzWpaInterfaceP2pSetPowerSave(gWpaObj, tmpRawData);
87 FuzzWpaInterfaceP2pSetDeviceName(gWpaObj, tmpRawData);
88 FuzzWpaInterfaceP2pSetWfdDeviceConfig(gWpaObj, tmpRawData);
89 FuzzWpaInterfaceP2pSetRandomMac(gWpaObj, tmpRawData);
90 FuzzWpaInterfaceP2pStartFind(gWpaObj, tmpRawData);
91 FuzzWpaInterfaceP2pSetExtListen(gWpaObj, tmpRawData);
92 FuzzWpaInterfaceP2pSetListenChannel(gWpaObj, tmpRawData);
93 FuzzWpaInterfaceP2pProvisionDiscovery(gWpaObj, tmpRawData);
94 FuzzWpaInterfaceP2pAddGroup(gWpaObj, tmpRawData);
95 FuzzWpaInterfaceP2pAddService(gWpaObj, tmpRawData);
96 FuzzWpaInterfaceP2pRemoveService(gWpaObj, tmpRawData);
97 FuzzWpaInterfaceP2pStopFind(gWpaObj, tmpRawData);
98 FuzzWpaInterfaceP2pFlush(gWpaObj, tmpRawData);
99 FuzzWpaInterfaceP2pFlushService(gWpaObj, tmpRawData);
100 FuzzWpaInterfaceP2pRemoveNetwork(gWpaObj, tmpRawData);
101 FuzzWpaInterfaceP2pSetGroupConfig(gWpaObj, tmpRawData);
102 FuzzWpaInterfaceP2pInvite(gWpaObj, tmpRawData);
103 FuzzWpaInterfaceP2pReinvoke(gWpaObj, tmpRawData);
104 FuzzWpaInterfaceP2pGetDeviceAddress(gWpaObj, tmpRawData);
105 FuzzWpaInterfaceP2pReqServiceDiscovery(gWpaObj, tmpRawData);
106 FuzzWpaInterfaceP2pCancelServiceDiscovery(gWpaObj, tmpRawData);
107 FuzzWpaInterfaceP2pRespServerDiscovery(gWpaObj, tmpRawData);
108 FuzzWpaInterfaceP2pConnect(gWpaObj, tmpRawData);
109 FuzzWpaInterfaceP2pHid2dConnect(gWpaObj, tmpRawData);
110 FuzzWpaInterfaceP2pSetServDiscExternal(gWpaObj, tmpRawData);
111 FuzzWpaInterfaceP2pRemoveGroup(gWpaObj, tmpRawData);
112 FuzzWpaInterfaceP2pCancelConnect(gWpaObj, tmpRawData);
113 FuzzWpaInterfaceP2pGetGroupConfig(gWpaObj, tmpRawData);
114 FuzzWpaInterfaceP2pAddNetwork(gWpaObj, tmpRawData);
115 FuzzWpaInterfaceP2pGetPeer(gWpaObj, tmpRawData);
116 FuzzWpaInterfaceP2pGetGroupCapability(gWpaObj, tmpRawData);
117 FuzzWpaInterfaceP2pListNetworks(gWpaObj, tmpRawData);
118 FuzzWpaInterfaceP2pSaveConfig(gWpaObj, tmpRawData);
119 }
120
DoSomethingInterestingWithMyAPI(const uint8_t * rawData,size_t size)121 bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size)
122 {
123 bool result = false;
124
125 if (rawData == nullptr || size == 0) {
126 return false;
127 }
128 g_devMgr = HDIDeviceManagerGet();
129 if (g_devMgr == nullptr) {
130 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
131 return result;
132 }
133 int32_t rc = g_devMgr->LoadDevice(g_devMgr, g_wpaServiceName);
134 if (rc != HDF_SUCCESS) {
135 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
136 return result;
137 }
138 g_wpaObj = IWpaInterfaceGetInstance(g_wpaServiceName, true);
139 if (g_wpaObj == nullptr) {
140 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
141 return result;
142 }
143 uint32_t dataSize = size - OFFSET;
144 uint8_t *tmpRawData = reinterpret_cast<uint8_t *>(OsalMemCalloc(dataSize + 1));
145 if (tmpRawData == nullptr) {
146 HDF_LOGE("%{public}s : OsalMemCalloc failed!", __FUNCTION__);
147 return result;
148 }
149 if (PreProcessRawData(rawData, size, tmpRawData, dataSize + 1) != true) {
150 return result;
151 }
152 int32_t ret = g_wpaObj->Start(g_wpaObj);
153 if (ret != HDF_SUCCESS) {
154 HDF_LOGE("%{public}s : Start failed!", __FUNCTION__);
155 OsalMemFree(tmpRawData);
156 return result;
157 }
158 FuzzWpaStart(g_wpaObj, tmpRawData);
159 FuzzP2pStart(g_wpaObj, tmpRawData);
160 ret = g_wpaObj->Stop(g_wpaObj);
161 if (ret != HDF_SUCCESS) {
162 HDF_LOGE("%{public}s : Stop failed!", __FUNCTION__);
163 result = false;
164 }
165 IWpaInterfaceReleaseInstance(g_wpaServiceName, g_wpaObj, true);
166 OsalMemFree(tmpRawData);
167 g_devMgr->UnloadDevice(g_devMgr, g_wpaServiceName);
168 g_devMgr = nullptr;
169 return result;
170 }
171 } // namespace WIFI
172 } // namespace OHOS
173
174 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)175 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
176 {
177 if (size < OHOS::WIFI::THRESHOLD) {
178 return 0;
179 }
180
181 /* Run your code on data */
182 OHOS::WIFI::DoSomethingInterestingWithMyAPI(data, size);
183 return 0;
184 }