• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "getsmssegmentsinfo_fuzzer.h"
17 
18 #define private public
19 #include "addsmstoken_fuzzer.h"
20 #include "cdma_sms_message.h"
21 #include "core_manager_inner.h"
22 #include "ims_sms_callback_stub.h"
23 #include "sms_service.h"
24 #include "cdma_sms_message.h"
25 
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 static bool g_isInited = false;
29 constexpr int32_t SLOT_NUM = 2;
30 constexpr int32_t TYPE_NUM = 5;
31 
IsServiceInited()32 bool IsServiceInited()
33 {
34     if (!g_isInited) {
35         CoreManagerInner::GetInstance().isInitAllObj_ = true;
36         DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
37         DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
38         DelayedSingleton<SmsService>::GetInstance()->OnStart();
39         if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
40             static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
41             g_isInited = true;
42         }
43     }
44     return g_isInited;
45 }
46 
GetSmsSegmentsInfo(const uint8_t * data,size_t size)47 void GetSmsSegmentsInfo(const uint8_t *data, size_t size)
48 {
49     if (!IsServiceInited()) {
50         return;
51     }
52 
53     MessageParcel dataParcel;
54     MessageParcel replyParcel;
55     MessageOption option(MessageOption::TF_SYNC);
56 
57     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
58     std::string message(reinterpret_cast<const char *>(data), size);
59     auto messageU16 = Str8ToStr16(message);
60     bool force7BitCode = slotId == 1 ? true : false;
61 
62     dataParcel.WriteInt32(slotId);
63     dataParcel.WriteString16(messageU16);
64     dataParcel.WriteBool(force7BitCode);
65     dataParcel.RewindRead(0);
66 
67     DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
68 
69     std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
70     if (interfaceManager == nullptr) {
71         TELEPHONY_LOGE("interfaceManager nullptr error");
72         return;
73     }
74     interfaceManager->InitInterfaceManager();
75     LengthInfo lenInfo;
76     interfaceManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
77 
78     auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
79     if (smsSendManager == nullptr) {
80         TELEPHONY_LOGE("failed to create SmsSendManager");
81         return;
82     }
83     smsSendManager->Init();
84     smsSendManager->InitNetworkHandle();
85     smsSendManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
86     CdmaSmsMessage cdmaSmsMessage;
87     cdmaSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
88     GsmSmsMessage gsmSmsMessage;
89     gsmSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
90 }
91 
IsImsSmsSupported(const uint8_t * data,size_t size)92 void IsImsSmsSupported(const uint8_t *data, size_t size)
93 {
94     if (!IsServiceInited()) {
95         return;
96     }
97 
98     MessageParcel dataParcel;
99     MessageParcel replyParcel;
100     MessageOption option(MessageOption::TF_SYNC);
101 
102     dataParcel.WriteBuffer(data, size);
103     dataParcel.RewindRead(0);
104     DelayedSingleton<SmsService>::GetInstance()->OnIsImsSmsSupported(dataParcel, replyParcel, option);
105 
106     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
107     std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
108     if (interfaceManager == nullptr) {
109         TELEPHONY_LOGE("interfaceManager nullptr error");
110         return;
111     }
112     interfaceManager->InitInterfaceManager();
113     bool isSupported = false;
114     interfaceManager->IsImsSmsSupported(slotId, isSupported);
115 
116     auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
117     if (smsSendManager == nullptr) {
118         TELEPHONY_LOGE("failed to create SmsSendManager");
119         return;
120     }
121     smsSendManager->Init();
122     smsSendManager->InitNetworkHandle();
123     smsSendManager->IsImsSmsSupported(slotId, isSupported);
124 }
125 
OnRemoteRequest(const uint8_t * data,size_t size)126 void OnRemoteRequest(const uint8_t *data, size_t size)
127 {
128     if (!IsServiceInited()) {
129         return;
130     }
131     CdmaSmsMessage msg;
132     std::string pdu(reinterpret_cast<const char *>(data), size);
133     msg.CreateMessage(pdu);
134     MessageParcel dataParcel;
135     if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
136         TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
137         return;
138     }
139 
140     MessageParcel replyParcel;
141     MessageOption option(MessageOption::TF_SYNC);
142     dataParcel.RewindRead(0);
143     uint32_t code = static_cast<uint32_t>(size);
144     DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
145     return;
146 }
147 
ImsSendMessageResponseInner(const uint8_t * data,size_t size)148 void ImsSendMessageResponseInner(const uint8_t *data, size_t size)
149 {
150     if (!IsServiceInited()) {
151         return;
152     }
153 
154     MessageParcel dataParcel;
155     MessageParcel replyParcel;
156 
157     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
158     dataParcel.WriteInt32(slotId);
159     RadioResponseInfo responseInfo;
160     responseInfo.flag = static_cast<uint32_t>(size);
161     responseInfo.serial = static_cast<uint32_t>(size);
162     responseInfo.error = static_cast<ErrType>(size);
163     responseInfo.type = static_cast<ResponseTypes>(size % TYPE_NUM);
164     dataParcel.WriteRawData((const void *)&responseInfo, sizeof(RadioResponseInfo));
165     SendSmsResultInfo resultInfo;
166     resultInfo.msgRef = static_cast<uint32_t>(size);
167     std::string pdu(reinterpret_cast<const char *>(data), size);
168     resultInfo.pdu = pdu;
169     resultInfo.errCode = static_cast<uint32_t>(size);
170     resultInfo.flag = static_cast<int64_t>(size);
171     dataParcel.WriteRawData((const void *)&resultInfo, sizeof(SendSmsResultInfo));
172     dataParcel.RewindRead(0);
173     DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSendMessageResponseInner(dataParcel, replyParcel);
174 }
175 
ImsSetSmsConfigResponseInner(const uint8_t * data,size_t size)176 void ImsSetSmsConfigResponseInner(const uint8_t *data, size_t size)
177 {
178     if (!IsServiceInited()) {
179         return;
180     }
181     CdmaSmsMessage msg;
182     std::string pdu(reinterpret_cast<const char *>(data), size);
183     msg.CreateMessage(pdu);
184     MessageParcel dataParcel;
185     MessageParcel replyParcel;
186 
187     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
188     dataParcel.WriteInt32(slotId);
189     RadioResponseInfo responseInfo;
190     responseInfo.flag = static_cast<uint32_t>(size);
191     responseInfo.serial = static_cast<uint32_t>(size);
192     responseInfo.error = static_cast<ErrType>(size);
193     responseInfo.type = static_cast<ResponseTypes>(size % TYPE_NUM);
194     dataParcel.WriteRawData((const void *)&responseInfo, sizeof(RadioResponseInfo));
195     dataParcel.RewindRead(0);
196     DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSetSmsConfigResponseInner(dataParcel, replyParcel);
197 }
198 
CreateMessage(const uint8_t * data,size_t size)199 void CreateMessage(const uint8_t *data, size_t size)
200 {
201     if (!IsServiceInited()) {
202         return;
203     }
204 
205     MessageParcel dataParcel;
206     MessageParcel replyParcel;
207     MessageOption option(MessageOption::TF_SYNC);
208 
209     std::string pdu(reinterpret_cast<const char *>(data), size);
210     std::string reply(reinterpret_cast<const char *>(data), size);
211     dataParcel.WriteString(pdu);
212     dataParcel.WriteString(reply);
213     dataParcel.RewindRead(0);
214     DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
215 }
216 
GetBase64Encode(const uint8_t * data,size_t size)217 void GetBase64Encode(const uint8_t *data, size_t size)
218 {
219     if (!IsServiceInited()) {
220         return;
221     }
222 
223     MessageParcel dataParcel;
224     MessageParcel replyParcel;
225     MessageOption option(MessageOption::TF_SYNC);
226 
227     std::string message(reinterpret_cast<const char *>(data), size);
228     auto messageU16 = Str8ToStr16(message);
229     dataParcel.WriteString16(messageU16);
230     dataParcel.RewindRead(0);
231     DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
232 }
233 
GetBase64Decode(const uint8_t * data,size_t size)234 void GetBase64Decode(const uint8_t *data, size_t size)
235 {
236     if (!IsServiceInited()) {
237         return;
238     }
239 
240     MessageParcel dataParcel;
241     MessageParcel replyParcel;
242     MessageOption option(MessageOption::TF_SYNC);
243 
244     std::string messageSrc(reinterpret_cast<const char *>(data), size);
245     auto stringU16 = Str8ToStr16(messageSrc);
246     dataParcel.WriteString16(stringU16);
247     dataParcel.RewindRead(0);
248     DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
249 }
250 
GetEncodeStringFunc(const uint8_t * data,size_t size)251 void GetEncodeStringFunc(const uint8_t *data, size_t size)
252 {
253     if (!IsServiceInited()) {
254         return;
255     }
256 
257     MessageParcel dataParcel;
258     MessageParcel replyParcel;
259     MessageOption option(MessageOption::TF_SYNC);
260 
261     int32_t charset = static_cast<int32_t>(size);
262     int32_t valLength = static_cast<int32_t>(size);
263     std::string strEncode(reinterpret_cast<const char *>(data), size);
264     auto strEncodeU16 = Str8ToStr16(strEncode);
265     dataParcel.WriteInt32(charset);
266     dataParcel.WriteInt32(valLength);
267     dataParcel.WriteString16(strEncodeU16);
268     dataParcel.RewindRead(0);
269     DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
270 }
271 
SendMMSAndDownloadMMS(const uint8_t * data,size_t size)272 void SendMMSAndDownloadMMS(const uint8_t* data, size_t size)
273 {
274     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
275     std::string message(reinterpret_cast<const char *>(data), size);
276 
277     std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
278     if (interfaceManager == nullptr) {
279         TELEPHONY_LOGE("interfaceManager nullptr error");
280         return;
281     }
282 
283     interfaceManager->InitInterfaceManager();
284 
285     std::u16string mmsc = Str8ToStr16(message);
286     std::u16string msg = Str8ToStr16(message);
287     std::u16string ua = Str8ToStr16(message);
288     std::u16string uaprof = Str8ToStr16(message);
289 
290     interfaceManager->SendMms(mmsc, msg, ua, uaprof);
291     interfaceManager->DownloadMms(mmsc, msg, ua, uaprof);
292 }
293 
HighRiskInterface(const uint8_t * data,size_t size)294 void HighRiskInterface(const uint8_t *data, size_t size)
295 {
296     if (!IsServiceInited()) {
297         return;
298     }
299 
300     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
301     MessageParcel dataParcel;
302     dataParcel.WriteInt32(slotId);
303     dataParcel.WriteBuffer(data, size);
304     dataParcel.RewindRead(0);
305 
306     MessageParcel replyParcel;
307     uint32_t code = static_cast<uint32_t>(size);
308     MessageOption option(MessageOption::TF_SYNC);
309 
310     DelayedSingleton<SmsService>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
311     DelayedSingleton<SmsService>::GetInstance()->OnSendSmsTextRequest(dataParcel, replyParcel, option);
312     DelayedSingleton<SmsService>::GetInstance()->OnSendSmsTextWithoutSaveRequest(dataParcel, replyParcel, option);
313     DelayedSingleton<SmsService>::GetInstance()->OnSendSmsDataRequest(dataParcel, replyParcel, option);
314     DelayedSingleton<SmsService>::GetInstance()->OnGetSmscAddr(dataParcel, replyParcel, option);
315     DelayedSingleton<SmsService>::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option);
316     DelayedSingleton<SmsService>::GetInstance()->OnUpdateSimMessage(dataParcel, replyParcel, option);
317     DelayedSingleton<SmsService>::GetInstance()->OnGetAllSimMessages(dataParcel, replyParcel, option);
318     DelayedSingleton<SmsService>::GetInstance()->OnSplitMessage(dataParcel, replyParcel, option);
319     DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
320     DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
321     DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
322     DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
323     DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
324 }
325 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)326 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
327 {
328     if (data == nullptr || size == 0) {
329         return;
330     }
331 
332     GetSmsSegmentsInfo(data, size);
333     IsImsSmsSupported(data, size);
334     OnRemoteRequest(data, size);
335     ImsSendMessageResponseInner(data, size);
336     ImsSetSmsConfigResponseInner(data, size);
337     CreateMessage(data, size);
338     GetBase64Encode(data, size);
339     GetBase64Decode(data, size);
340     GetEncodeStringFunc(data, size);
341     HighRiskInterface(data, size);
342     SendMMSAndDownloadMMS(data, size);
343     DelayedSingleton<SmsService>::DestroyInstance();
344 }
345 }  // namespace OHOS
346 
347 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)348 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
349 {
350     /* Run your code on data */
351     OHOS::AddSmsTokenFuzzer token;
352     OHOS::DoSomethingInterestingWithMyAPI(data, size);
353     return 0;
354 }
355