1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "transserverproxyextern_fuzzer.h"
17
18 #include <chrono>
19 #include <thread>
20 #include "securec.h"
21
22 #include "fuzz_data_generator.h"
23 #include "softbus_adapter_mem.h"
24 #include "trans_server_proxy.h"
25
26 #define LOOP_SLEEP_MILLS 100
27
28 namespace OHOS {
29 class TransServerProxyExternTestEnv {
30 public:
TransServerProxyExternTestEnv()31 TransServerProxyExternTestEnv()
32 {
33 isInited_ = false;
34 (void)TransServerProxyInit();
35 isInited_ = true;
36 }
37
~TransServerProxyExternTestEnv()38 ~TransServerProxyExternTestEnv()
39 {
40 isInited_ = false;
41 TransServerProxyDeInit();
42 }
43
IsInited(void) const44 bool IsInited(void) const
45 {
46 return isInited_;
47 }
48
49 private:
50 volatile bool isInited_;
51 };
52
TransServerProxyDeInitTest(const uint8_t * data,size_t size)53 void TransServerProxyDeInitTest(const uint8_t *data, size_t size)
54 {
55 (void)data;
56 (void)size;
57 TransServerProxyDeInit();
58 }
59
TestDataSwitch(const uint8_t * data,size_t size)60 static uint8_t *TestDataSwitch(const uint8_t *data, size_t size)
61 {
62 if (data == nullptr || size < sizeof(int32_t)) {
63 return nullptr;
64 }
65 uint8_t *dataWithEndCharacter = static_cast<uint8_t *>(SoftBusCalloc(size + 1));
66 if (dataWithEndCharacter == nullptr) {
67 return nullptr;
68 }
69 if (memcpy_s(dataWithEndCharacter, size, data, size) != EOK) {
70 SoftBusFree(dataWithEndCharacter);
71 return nullptr;
72 }
73 return dataWithEndCharacter;
74 }
75
ServerIpcCreateSessionServerTest(const uint8_t * data,size_t size)76 void ServerIpcCreateSessionServerTest(const uint8_t *data, size_t size)
77 {
78 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
79 if (dataWithEndCharacter == nullptr) {
80 return;
81 }
82 char *pkgName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
83 char *sessionName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
84
85 (void)ServerIpcCreateSessionServer(pkgName, sessionName);
86 (void)ServerIpcCreateSessionServer(nullptr, sessionName);
87 (void)ServerIpcCreateSessionServer(pkgName, nullptr);
88 (void)ServerIpcCreateSessionServer(nullptr, nullptr);
89 SoftBusFree(dataWithEndCharacter);
90 }
91
ServerIpcRemoveSessionServerTest(const uint8_t * data,size_t size)92 void ServerIpcRemoveSessionServerTest(const uint8_t *data, size_t size)
93 {
94 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
95 if (dataWithEndCharacter == nullptr) {
96 return;
97 }
98 char *pkgName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
99 char *sessionName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
100
101 (void)ServerIpcRemoveSessionServer(pkgName, sessionName);
102 (void)ServerIpcRemoveSessionServer(nullptr, sessionName);
103 (void)ServerIpcRemoveSessionServer(pkgName, nullptr);
104 (void)ServerIpcRemoveSessionServer(nullptr, nullptr);
105 SoftBusFree(dataWithEndCharacter);
106 }
107
InitSessionAttribute(const uint8_t * data,size_t size,SessionAttribute * sessionAttr)108 static void InitSessionAttribute(const uint8_t *data, size_t size, SessionAttribute *sessionAttr)
109 {
110 DataGenerator::Write(data, size);
111 GenerateInt32(sessionAttr->dataType);
112 GenerateInt32(sessionAttr->attr.streamAttr.streamType);
113 DataGenerator::Clear();
114 }
115
InitSessionParam(const uint8_t * data,size_t size,SessionParam * sessionParam,SessionAttribute * sessionAttr)116 static void InitSessionParam(
117 const uint8_t *data, size_t size, SessionParam *sessionParam, SessionAttribute *sessionAttr)
118 {
119 bool boolParam = (size % 2 == 0) ? true : false;
120 char *charParam = boolParam ? const_cast<char *>(reinterpret_cast<const char *>(data)) : nullptr;
121
122 sessionParam->sessionName = charParam;
123 sessionParam->peerSessionName = charParam;
124 sessionParam->peerDeviceId = charParam;
125 sessionParam->groupId = charParam;
126 sessionParam->attr = sessionAttr;
127 DataGenerator::Write(data, size);
128 sessionParam->sessionId = 0;
129 GenerateInt32(sessionParam->sessionId);
130 DataGenerator::Clear();
131 sessionParam->isQosLane = boolParam;
132 sessionParam->isAsync = boolParam;
133 }
134
ServerIpcOpenSessionTest(const uint8_t * data,size_t size)135 void ServerIpcOpenSessionTest(const uint8_t *data, size_t size)
136 {
137 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
138 if (dataWithEndCharacter == nullptr) {
139 return;
140 }
141 DataGenerator::Write(data, size);
142 TransInfo transInfo = { 0 };
143 GenerateInt32(transInfo.channelId);
144 GenerateInt32(transInfo.channelType);
145 DataGenerator::Clear();
146
147 SessionAttribute sessionAttr = { 0 };
148 InitSessionAttribute(dataWithEndCharacter, size, &sessionAttr);
149
150 SessionParam sessionParam = { 0 };
151 InitSessionParam(dataWithEndCharacter, size, &sessionParam, &sessionAttr);
152
153 (void)ServerIpcOpenSession(&sessionParam, &transInfo);
154 SoftBusFree(dataWithEndCharacter);
155 }
156
ServerIpcOpenAuthSessionTest(const uint8_t * data,size_t size)157 void ServerIpcOpenAuthSessionTest(const uint8_t *data, size_t size)
158 {
159 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
160 if (dataWithEndCharacter == nullptr) {
161 return;
162 }
163 char *sessionName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
164 ConnectionAddr connectionAddr;
165 connectionAddr.type = CONNECTION_ADDR_SESSION;
166 DataGenerator::Write(data, size);
167 connectionAddr.info.session.sessionId = 0;
168 connectionAddr.info.session.channelId = 0;
169 connectionAddr.info.session.type = 0;
170 GenerateInt32(connectionAddr.info.session.sessionId);
171 GenerateInt32(connectionAddr.info.session.channelId);
172 GenerateInt32(connectionAddr.info.session.type);
173 (void)ServerIpcOpenAuthSession(sessionName, &connectionAddr);
174 (void)ServerIpcOpenAuthSession(nullptr, &connectionAddr);
175 (void)ServerIpcOpenAuthSession(sessionName, nullptr);
176 (void)ServerIpcOpenAuthSession(nullptr, nullptr);
177 SoftBusFree(dataWithEndCharacter);
178 DataGenerator::Clear();
179 }
180
ServerIpcNotifyAuthSuccessTest(const uint8_t * data,size_t size)181 void ServerIpcNotifyAuthSuccessTest(const uint8_t *data, size_t size)
182 {
183 if (data == nullptr || size < sizeof(int32_t)) {
184 return;
185 }
186 DataGenerator::Write(data, size);
187 int32_t channelId = 0;
188 int32_t channelType = 0;
189 GenerateInt32(channelId);
190 GenerateInt32(channelType);
191
192 (void)ServerIpcNotifyAuthSuccess(channelId, channelType);
193 DataGenerator::Clear();
194 }
195
ServerIpcCloseChannelTest(const uint8_t * data,size_t size)196 void ServerIpcCloseChannelTest(const uint8_t *data, size_t size)
197 {
198 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
199 if (dataWithEndCharacter == nullptr) {
200 return;
201 }
202 char *sessionName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
203 DataGenerator::Write(data, size);
204 int32_t channelId = 0;
205 int32_t channelType = 0;
206 GenerateInt32(channelId);
207 GenerateInt32(channelType);
208
209 (void)ServerIpcCloseChannel(sessionName, channelId, channelType);
210 SoftBusFree(dataWithEndCharacter);
211 DataGenerator::Clear();
212 }
213
ServerIpcCloseChannelWithStatisticsTest(const uint8_t * data,size_t size)214 void ServerIpcCloseChannelWithStatisticsTest(const uint8_t *data, size_t size)
215 {
216 if (data == nullptr || size < sizeof(uint64_t)) {
217 return;
218 }
219
220 DataGenerator::Write(data, size);
221 int32_t channelId = 0;
222 int32_t channelType = 0;
223 uint64_t laneId = 0;
224 GenerateInt32(channelId);
225 GenerateInt32(channelType);
226 GenerateUint64(laneId);
227
228 (void)ServerIpcCloseChannelWithStatistics(channelId, channelType, laneId, data, size);
229 DataGenerator::Clear();
230 }
231
ServerIpcReleaseResourcesTest(const uint8_t * data,size_t size)232 void ServerIpcReleaseResourcesTest(const uint8_t *data, size_t size)
233 {
234 if (data == nullptr || size < sizeof(int32_t)) {
235 return;
236 }
237 DataGenerator::Write(data, size);
238 int32_t channelId = 0;
239 GenerateInt32(channelId);
240
241 (void)ServerIpcReleaseResources(channelId);
242 DataGenerator::Clear();
243 }
244
ServerIpcSendMessageTest(const uint8_t * data,size_t size)245 void ServerIpcSendMessageTest(const uint8_t *data, size_t size)
246 {
247 if (data == nullptr || size < sizeof(int32_t)) {
248 return;
249 }
250
251 DataGenerator::Write(data, size);
252 int32_t channelId = 0;
253 int32_t channelType = 0;
254 int32_t msgType = 0;
255 GenerateInt32(channelId);
256 GenerateInt32(channelType);
257 GenerateInt32(msgType);
258
259 (void)ServerIpcSendMessage(channelId, channelType, data, size, msgType);
260 DataGenerator::Clear();
261 }
262
ServerIpcQosReportTest(const uint8_t * data,size_t size)263 void ServerIpcQosReportTest(const uint8_t *data, size_t size)
264 {
265 if (data == nullptr || size < sizeof(int32_t)) {
266 return;
267 }
268
269 DataGenerator::Write(data, size);
270 int32_t channelId = 0;
271 int32_t channelType = 0;
272 int32_t appType = 0;
273 int32_t quality = 0;
274 GenerateInt32(channelId);
275 GenerateInt32(channelType);
276 GenerateInt32(appType);
277 GenerateInt32(quality);
278
279 (void)ServerIpcQosReport(channelId, channelType, appType, quality);
280 DataGenerator::Clear();
281 }
282
ServerIpcStreamStatsTest(const uint8_t * data,size_t size)283 void ServerIpcStreamStatsTest(const uint8_t *data, size_t size)
284 {
285 if (data == nullptr || size < sizeof(uint32_t)) {
286 return;
287 }
288 DataGenerator::Write(data, size);
289 int32_t channelId = 0;
290 int32_t channelType = 0;
291 StreamSendStats streamSendStats;
292 GenerateInt32(channelId);
293 GenerateInt32(channelType);
294 GenerateUint32(streamSendStats.costTimeStatsCnt[FRAME_COST_LT10MS]);
295 GenerateUint32(streamSendStats.sendBitRateStatsCnt[FRAME_BIT_RATE_LT3M]);
296 (void)ServerIpcStreamStats(channelId, channelType, &streamSendStats);
297 DataGenerator::Clear();
298 }
299
ServerIpcRippleStatsTest(const uint8_t * data,size_t size)300 void ServerIpcRippleStatsTest(const uint8_t *data, size_t size)
301 {
302 if (data == nullptr || size < sizeof(int32_t)) {
303 return;
304 }
305 DataGenerator::Write(data, size);
306 int32_t channelId = 0;
307 int32_t channelType = 0;
308 GenerateInt32(channelId);
309 GenerateInt32(channelType);
310 TrafficStats trafficStats;
311 trafficStats.stats[0] = 't';
312 trafficStats.stats[1] = 'e';
313 (void)ServerIpcRippleStats(channelId, channelType, &trafficStats);
314 DataGenerator::Clear();
315 }
316
ServerIpcGrantPermissionTest(const uint8_t * data,size_t size)317 void ServerIpcGrantPermissionTest(const uint8_t *data, size_t size)
318 {
319 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
320 if (dataWithEndCharacter == nullptr) {
321 return;
322 }
323 DataGenerator::Write(data, size);
324 int32_t uid = 0;
325 int32_t pid = 0;
326 GenerateInt32(uid);
327 GenerateInt32(pid);
328 char *sessionName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
329
330 (void)ServerIpcGrantPermission(uid, pid, sessionName);
331 (void)ServerIpcGrantPermission(uid, pid, nullptr);
332 SoftBusFree(dataWithEndCharacter);
333 DataGenerator::Clear();
334 }
335
ServerIpcRemovePermissionTest(const uint8_t * data,size_t size)336 void ServerIpcRemovePermissionTest(const uint8_t *data, size_t size)
337 {
338 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
339 if (dataWithEndCharacter == nullptr) {
340 return;
341 }
342 char *sessionName = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
343
344 (void)ServerIpcRemovePermission(sessionName);
345 (void)ServerIpcRemovePermission(nullptr);
346 SoftBusFree(dataWithEndCharacter);
347 }
348
ServerIpcEvaluateQosTest(const uint8_t * data,size_t size)349 void ServerIpcEvaluateQosTest(const uint8_t *data, size_t size)
350 {
351 uint8_t *dataWithEndCharacter = TestDataSwitch(data, size);
352 if (dataWithEndCharacter == nullptr) {
353 return;
354 }
355 char *peerNetworkId = const_cast<char *>(reinterpret_cast<const char *>(dataWithEndCharacter));
356 TransDataType dataType = *(reinterpret_cast<const TransDataType *>(dataWithEndCharacter));
357 QosTV qosTv = {
358 .qos = *(reinterpret_cast<const QosType *>(dataWithEndCharacter)),
359 };
360 DataGenerator::Write(data, size);
361 GenerateInt32(qosTv.value);
362 uint32_t qosCount = 1;
363
364 (void)ServerIpcEvaluateQos(peerNetworkId, dataType, &qosTv, qosCount);
365 (void)ServerIpcEvaluateQos(nullptr, dataType, &qosTv, qosCount);
366 SoftBusFree(dataWithEndCharacter);
367 DataGenerator::Clear();
368 }
369 } // namespace OHOS
370
371 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)372 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
373 {
374 static OHOS::TransServerProxyExternTestEnv env;
375 if (!env.IsInited()) {
376 return 0;
377 }
378
379 /* Run your code on data */
380 OHOS::TransServerProxyDeInitTest(data, size);
381 OHOS::ServerIpcCreateSessionServerTest(data, size);
382 OHOS::ServerIpcRemoveSessionServerTest(data, size);
383 OHOS::ServerIpcOpenSessionTest(data, size);
384 OHOS::ServerIpcOpenAuthSessionTest(data, size);
385 OHOS::ServerIpcCloseChannelTest(data, size);
386 OHOS::ServerIpcCloseChannelWithStatisticsTest(data, size);
387 OHOS::ServerIpcReleaseResourcesTest(data, size);
388 OHOS::ServerIpcSendMessageTest(data, size);
389 OHOS::ServerIpcQosReportTest(data, size);
390 OHOS::ServerIpcStreamStatsTest(data, size);
391 OHOS::ServerIpcRippleStatsTest(data, size);
392 OHOS::ServerIpcGrantPermissionTest(data, size);
393 OHOS::ServerIpcRemovePermissionTest(data, size);
394 OHOS::ServerIpcEvaluateQosTest(data, size);
395 std::this_thread::sleep_for(std::chrono::milliseconds(LOOP_SLEEP_MILLS));
396 return 0;
397 }
398