1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cdmasmsmessage_fuzzer.h"
17 #ifdef FUZZTEST
18 #define private public
19 #define protected public
20 #endif
21 #include "addsmstoken_fuzzer.h"
22 #include "cdma_sms_sub_parameter.h"
23 #include "cdma_sms_transport_message.h"
24 #include "cdma_sms_message.h"
25 #include "sms_service.h"
26 #include "securec.h"
27
28 using namespace OHOS::Telephony;
29 namespace OHOS {
30 static bool g_isInited = false;
31 static std::unique_ptr<CdmaSmsMessage> m_pCdmaSmsMessage;
32 constexpr int32_t SLEEP_TIME_SECONDS = 1;
33
IsServiceInited()34 bool IsServiceInited()
35 {
36 if (!g_isInited) {
37 m_pCdmaSmsMessage = std::make_unique<CdmaSmsMessage>();
38 g_isInited = true;
39 }
40 return g_isInited;
41 }
42
CreateMessageTest(const uint8_t * data,size_t size)43 void CreateMessageTest(const uint8_t *data, size_t size)
44 {
45 if (!IsServiceInited()) {
46 return;
47 }
48 std::string pdu(reinterpret_cast<const char *>(data), size);
49 m_pCdmaSmsMessage->CreateMessage(pdu);
50 m_pCdmaSmsMessage->GetProtocolId();
51 m_pCdmaSmsMessage->IsReplaceMessage();
52 m_pCdmaSmsMessage->IsCphsMwi();
53 m_pCdmaSmsMessage->PduAnalysis(pdu);
54 m_pCdmaSmsMessage->GetTransMsgType();
55 m_pCdmaSmsMessage->GetTransTeleService();
56 m_pCdmaSmsMessage->IsWapPushMsg();
57 m_pCdmaSmsMessage->transMsg_ = std::make_unique<struct CdmaTransportMsg>();
58 m_pCdmaSmsMessage->transMsg_->type = CdmaTransportMsgType::BROADCAST;
59 m_pCdmaSmsMessage->PduAnalysis(pdu);
60 m_pCdmaSmsMessage->transMsg_->type = CdmaTransportMsgType::ACK;
61 m_pCdmaSmsMessage->PduAnalysis(pdu);
62 m_pCdmaSmsMessage->transMsg_->type = CdmaTransportMsgType::RESERVED;
63 m_pCdmaSmsMessage->PduAnalysis(pdu);
64 m_pCdmaSmsMessage->transMsg_->type = CdmaTransportMsgType::P2P;
65 m_pCdmaSmsMessage->IsWapPushMsg();
66 m_pCdmaSmsMessage->GetTransMsgType();
67 m_pCdmaSmsMessage->GetTransTeleService();
68 m_pCdmaSmsMessage->PduAnalysis(pdu);
69 m_pCdmaSmsMessage->IsWapPushMsg();
70 m_pCdmaSmsMessage->GetSpecialSmsInd();
71 m_pCdmaSmsMessage->IsStatusReport();
72 m_pCdmaSmsMessage->GetDestPort();
73 m_pCdmaSmsMessage->IsBroadcastMsg();
74 m_pCdmaSmsMessage->GetCMASCategory();
75 m_pCdmaSmsMessage->GetCMASResponseType();
76 m_pCdmaSmsMessage->GetCMASSeverity();
77 m_pCdmaSmsMessage->GetCMASUrgency();
78 m_pCdmaSmsMessage->GetCMASCertainty();
79 m_pCdmaSmsMessage->GetCMASMessageClass();
80 m_pCdmaSmsMessage->IsCMAS();
81 m_pCdmaSmsMessage->GetMessageId();
82 m_pCdmaSmsMessage->GetFormat();
83 m_pCdmaSmsMessage->GetLanguage();
84 m_pCdmaSmsMessage->GetCbInfo();
85 m_pCdmaSmsMessage->GetPriority();
86 m_pCdmaSmsMessage->IsEmergencyMsg();
87 m_pCdmaSmsMessage->GetServiceCategoty();
88 m_pCdmaSmsMessage->GetGeoScope();
89 m_pCdmaSmsMessage->GetReceTime();
90 }
91
TestAnalysisP2pMsg(const uint8_t * data,size_t size)92 void TestAnalysisP2pMsg(const uint8_t *data, size_t size)
93 {
94 std::string pdu(reinterpret_cast<const char *>(data), size);
95 m_pCdmaSmsMessage->CreateMessage(pdu);
96 CdmaP2PMsg p2pMsg;
97 p2pMsg.teleserviceId = static_cast<uint16_t>(size);
98 p2pMsg.telesvcMsg.type = TeleserviceMsgType::DELIVER;
99 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
100 p2pMsg.telesvcMsg.type = TeleserviceMsgType::SUBMIT;
101 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
102 p2pMsg.telesvcMsg.type = TeleserviceMsgType::DELIVERY_ACK;
103 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
104 p2pMsg.telesvcMsg.type = TeleserviceMsgType::USER_ACK;
105 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
106 p2pMsg.telesvcMsg.type = TeleserviceMsgType::SUBMIT_REPORT;
107 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
108 p2pMsg.telesvcMsg.type = TeleserviceMsgType::DELIVERY_ACK;
109 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
110 p2pMsg.teleserviceId = static_cast<uint16_t>(SmsTransTelsvcId::RESERVED);
111 p2pMsg.telesvcMsg.type = TeleserviceMsgType::DELIVER;
112 m_pCdmaSmsMessage->AnalysisP2pMsg(p2pMsg);
113 }
114
TestAnalysisDeliverMwi(const uint8_t * data,size_t size)115 void TestAnalysisDeliverMwi(const uint8_t *data, size_t size)
116 {
117 std::string pdu(reinterpret_cast<const char *>(data), size);
118 m_pCdmaSmsMessage->CreateMessage(pdu);
119 CdmaP2PMsg p2pMsg;
120 p2pMsg.teleserviceId = static_cast<uint16_t>(size);
121 p2pMsg.telesvcMsg.type = TeleserviceMsgType::DELIVER;
122 m_pCdmaSmsMessage->AnalsisDeliverMwi(p2pMsg);
123 p2pMsg.teleserviceId = static_cast<uint16_t>(SmsTransTelsvcId::VMN_95);
124 p2pMsg.telesvcMsg.data.deliver.vmn.faxIncluded = true;
125 m_pCdmaSmsMessage->AnalsisDeliverMwi(p2pMsg);
126 }
127
128
TestAnalysisDeliverMsg(const uint8_t * data,size_t size)129 void TestAnalysisDeliverMsg(const uint8_t *data, size_t size)
130 {
131 std::string pdu(reinterpret_cast<const char *>(data), size);
132 m_pCdmaSmsMessage->CreateMessage(pdu);
133 TeleserviceDeliver deliverMsg;
134 deliverMsg.displayMode = SmsDisplayMode::IMMEDIATE;
135 m_pCdmaSmsMessage->AnalsisDeliverMsg(deliverMsg);
136 TeleserviceDeliverAck deliverAck;
137 m_pCdmaSmsMessage->AnalsisDeliverAck(deliverAck);
138 TeleserviceDeliverReport report;
139 m_pCdmaSmsMessage->AnalsisSubmitReport(report);
140 TeleserviceSubmit submit;
141 m_pCdmaSmsMessage->AnalsisSubmitMsg(submit);
142 }
143
TestAnalsisUserData(const uint8_t * data,size_t size)144 void TestAnalsisUserData(const uint8_t *data, size_t size)
145 {
146 std::string pdu(reinterpret_cast<const char *>(data), size);
147 m_pCdmaSmsMessage->CreateMessage(pdu);
148 SmsTeleSvcUserData userData;
149 userData.userData.headerCnt = 1;
150 userData.userData.header[0].udhType = UserDataHeadType::UDH_CONCAT_8BIT;
151 userData.encodeType = SmsEncodingType::GSM7BIT;
152 m_pCdmaSmsMessage->AnalsisUserData(userData);
153 userData.encodeType = SmsEncodingType::KOREAN;
154 m_pCdmaSmsMessage->AnalsisUserData(userData);
155 userData.encodeType = SmsEncodingType::LATIN;
156 m_pCdmaSmsMessage->AnalsisUserData(userData);
157 userData.encodeType = SmsEncodingType::SHIFT_JIS;
158 m_pCdmaSmsMessage->AnalsisUserData(userData);
159 TeleserviceDeliver deliver;
160 m_pCdmaSmsMessage->AnalsisCMASMsg(deliver);
161 }
162
TestAnalysisCbMsg(const uint8_t * data,size_t size)163 void TestAnalysisCbMsg(const uint8_t *data, size_t size)
164 {
165 std::string pdu(reinterpret_cast<const char *>(data), size);
166 m_pCdmaSmsMessage->CreateMessage(pdu);
167 CdmaBroadCastMsg cbMsg;
168 m_pCdmaSmsMessage->AnalysisCbMsg(cbMsg);
169 cbMsg.telesvcMsg.type = TeleserviceMsgType::DELIVER;
170 m_pCdmaSmsMessage->AnalysisCbMsg(cbMsg);
171 CdmaAckMsg ackMsg;
172 m_pCdmaSmsMessage->AnalsisAckMsg(ackMsg);
173 }
174
TestAnalsisHeader(const uint8_t * data,size_t size)175 void TestAnalsisHeader(const uint8_t *data, size_t size)
176 {
177 std::string pdu(reinterpret_cast<const char *>(data), size);
178 m_pCdmaSmsMessage->CreateMessage(pdu);
179 SmsUDH header;
180 m_pCdmaSmsMessage->AddUserDataHeader(header);
181 SmsTeleSvcUserData userData;
182 m_pCdmaSmsMessage->AnalsisHeader(userData);
183 }
184
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)185 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
186 {
187 if (data == nullptr || size == 0) {
188 return;
189 }
190 CreateMessageTest(data, size);
191 TestAnalysisP2pMsg(data, size);
192 TestAnalysisDeliverMwi(data, size);
193 TestAnalysisDeliverMsg(data, size);
194 TestAnalsisUserData(data, size);
195 TestAnalysisCbMsg(data, size);
196 TestAnalsisHeader(data, size);
197 sleep(SLEEP_TIME_SECONDS);
198 DelayedSingleton<SmsService>::DestroyInstance();
199 }
200
201 } // namespace OHOS
202
203 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)204 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
205 {
206 /* Run your code on data */
207 OHOS::AddSmsTokenFuzzer token;
208 OHOS::DoSomethingInterestingWithMyAPI(data, size);
209 return 0;
210 }
211