1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cstring>
17 #include <map>
18 #include <securec.h>
19 #include <string>
20 #include <vector>
21
22 #include <csignal>
23 #include <cstring>
24 #include <functional>
25 #include <iostream>
26
27 #include "net_http.h"
28 #include "netstack_log.h"
29 #include "secure_char.h"
30
31 namespace OHOS {
32 namespace NetStack {
33 namespace HttpClient {
34 const uint8_t *g_baseFuzzData = nullptr;
35 size_t g_baseFuzzSize = 0;
36 size_t g_baseFuzzPos = 0;
37 constexpr size_t STR_LEN = 255;
GetData()38 template <class T> T GetData()
39 {
40 T object{};
41 size_t objectSize = sizeof(object);
42 if (g_baseFuzzData == nullptr || g_baseFuzzSize <= g_baseFuzzPos || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
43 return object;
44 }
45 errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
46 if (ret != EOK) {
47 return object;
48 }
49 g_baseFuzzPos += objectSize;
50 return object;
51 }
52
SetGlobalFuzzData(const uint8_t * data,size_t size)53 void SetGlobalFuzzData(const uint8_t *data, size_t size)
54 {
55 g_baseFuzzData = data;
56 g_baseFuzzSize = size;
57 g_baseFuzzPos = 0;
58 }
59
GetStringFromData(int strlen)60 std::string GetStringFromData(int strlen)
61 {
62 if (strlen < 1) {
63 return "";
64 }
65
66 char cstr[strlen];
67 cstr[strlen - 1] = '\0';
68 for (int i = 0; i < strlen - 1; i++) {
69 cstr[i] = GetData<char>();
70 }
71 std::string str(cstr);
72 return str;
73 }
74
CreateRequestTest(const uint8_t * data,size_t size)75 void CreateRequestTest(const uint8_t *data, size_t size)
76 {
77 if ((data == nullptr) || (size < 1)) {
78 return;
79 }
80 SetGlobalFuzzData(data, size);
81 std::string url = GetStringFromData(STR_LEN);
82 Http_Request *request = OH_Http_CreateRequest(url.c_str());
83 if (request == nullptr) {
84 return;
85 }
86 request->requestId = 0;
87 OH_Http_Destroy(&request);
88 }
89
CreateHeadersTest(const uint8_t * data,size_t size)90 void CreateHeadersTest(const uint8_t *data, size_t size)
91 {
92 if ((data == nullptr) || (size < 1)) {
93 return;
94 }
95 SetGlobalFuzzData(data, size);
96 std::string keyStr = GetStringFromData(STR_LEN);
97 std::string key1Str = GetStringFromData(STR_LEN);
98 std::string valueStr = GetStringFromData(STR_LEN);
99 std::string value1Str = GetStringFromData(STR_LEN);
100 Http_Headers *headers = OH_Http_CreateHeaders();
101 if (headers == nullptr) {
102 return;
103 }
104 OH_Http_SetHeaderValue(headers, keyStr.c_str(), valueStr.c_str());
105 OH_Http_SetHeaderValue(headers, key1Str.c_str(), value1Str.c_str());
106 OH_Http_DestroyHeaders(&headers);
107 }
108
GetHeaderValueTest(const uint8_t * data,size_t size)109 void GetHeaderValueTest(const uint8_t *data, size_t size)
110 {
111 if ((data == nullptr) || (size < 1)) {
112 return;
113 }
114 SetGlobalFuzzData(data, size);
115 std::string keyStr = GetStringFromData(STR_LEN);
116 std::string key1Str = GetStringFromData(STR_LEN);
117 std::string valueStr = GetStringFromData(STR_LEN);
118 std::string value1Str = GetStringFromData(STR_LEN);
119 Http_Headers *headers = OH_Http_CreateHeaders();
120 if (headers == nullptr) {
121 return;
122 }
123 OH_Http_SetHeaderValue(headers, keyStr.c_str(), valueStr.c_str());
124 OH_Http_SetHeaderValue(headers, key1Str.c_str(), value1Str.c_str());
125 OH_Http_GetHeaderValue(headers, keyStr.c_str());
126 OH_Http_DestroyHeaders(&headers);
127 }
128
GetHeaderEntriesTest(const uint8_t * data,size_t size)129 void GetHeaderEntriesTest(const uint8_t *data, size_t size)
130 {
131 if ((data == nullptr) || (size < 1)) {
132 return;
133 }
134 SetGlobalFuzzData(data, size);
135 std::string keyStr = GetStringFromData(STR_LEN);
136 std::string key1Str = GetStringFromData(STR_LEN);
137 std::string valueStr = GetStringFromData(STR_LEN);
138 std::string value1Str = GetStringFromData(STR_LEN);
139 Http_Headers *headers = OH_Http_CreateHeaders();
140 if (headers == nullptr) {
141 return;
142 }
143 OH_Http_SetHeaderValue(headers, keyStr.c_str(), valueStr.c_str());
144 OH_Http_SetHeaderValue(headers, key1Str.c_str(), value1Str.c_str());
145 Http_HeaderEntry *entries = OH_Http_GetHeaderEntries(headers);
146 OH_Http_DestroyHeaderEntries(&entries);
147 OH_Http_DestroyHeaders(&headers);
148 }
149
HttpSampleResponseCallback(Http_Response * response,uint32_t errCode)150 void HttpSampleResponseCallback(Http_Response *response, uint32_t errCode)
151 {
152 if (response == nullptr) {
153 return;
154 }
155 if (errCode != 0) {
156 response->destroyResponse(&response);
157 return;
158 }
159 response->destroyResponse(&response);
160 }
161
HttpSampleOnDataReceiveCallback(const char * data,size_t length)162 void HttpSampleOnDataReceiveCallback(const char *data, size_t length)
163 {
164 if (data == nullptr || length == 0) {
165 return;
166 }
167 return;
168 }
169
HttpSampleOnUploadProgressCallback(uint64_t totalSize,uint64_t transferredSize)170 void HttpSampleOnUploadProgressCallback(uint64_t totalSize, uint64_t transferredSize)
171 {
172 }
173
HttpSampleOnDownloadProgressCallback(uint64_t totalSize,uint64_t transferredSize)174 void HttpSampleOnDownloadProgressCallback(uint64_t totalSize, uint64_t transferredSize)
175 {
176 }
177
HttpSampleOnHeaderReceiveCallback(Http_Headers * headers)178 void HttpSampleOnHeaderReceiveCallback(Http_Headers *headers)
179 {
180 if (headers != nullptr) {
181 Http_HeaderEntry *entries = OH_Http_GetHeaderEntries(headers);
182 Http_HeaderValue *headerValue;
183 Http_HeaderEntry *delEntries = entries;
184 while (entries != nullptr) {
185 headerValue = entries->value;
186 while (headerValue != nullptr && entries->key != nullptr) {
187 headerValue = headerValue->next;
188 }
189 entries = entries->next;
190 }
191 OH_Http_DestroyHeaderEntries(&delEntries);
192 OH_Http_DestroyHeaders(&headers);
193 }
194 }
195
HttpSampleOnEndCallback()196 void HttpSampleOnEndCallback()
197 {
198 }
199
HttpSampleOnCancelCallback()200 void HttpSampleOnCancelCallback()
201 {
202 }
203
HttpRequestTest(const uint8_t * data,size_t size)204 void HttpRequestTest(const uint8_t *data, size_t size)
205 {
206 if ((data == nullptr) || (size < 1)) {
207 return;
208 }
209 SetGlobalFuzzData(data, size);
210 std::string url = GetStringFromData(STR_LEN);
211 Http_Request *request = OH_Http_CreateRequest(url.c_str());
212 if (request == nullptr) {
213 return;
214 }
215 request->options = (Http_RequestOptions *)calloc(1, sizeof(Http_RequestOptions));
216 if (request->options == nullptr) {
217 OH_Http_Destroy(&request);
218 return;
219 }
220 Http_Headers *headers = OH_Http_CreateHeaders();
221 if (headers == nullptr) {
222 free(request->options);
223 OH_Http_Destroy(&request);
224 return;
225 }
226 const char *key = "testKey";
227 const char *value = "testValue";
228 uint32_t ret = OH_Http_SetHeaderValue(headers, key, value);
229 if (ret == 0) {
230 OH_Http_DestroyHeaders(&headers);
231 free(request->options);
232 OH_Http_Destroy(&request);
233 return;
234 }
235 request->options->headers = headers;
236 Http_EventsHandler eventsHandler;
237 eventsHandler.onDataReceive = HttpSampleOnDataReceiveCallback;
238 eventsHandler.onCanceled = HttpSampleOnCancelCallback;
239 eventsHandler.onDataEnd = HttpSampleOnEndCallback;
240 eventsHandler.onDownloadProgress = HttpSampleOnDownloadProgressCallback;
241 eventsHandler.onUploadProgress = HttpSampleOnUploadProgressCallback;
242 eventsHandler.onHeadersReceive = HttpSampleOnHeaderReceiveCallback;
243 ret = OH_Http_Request(request, HttpSampleResponseCallback, eventsHandler);
244 if (ret != 0) {
245 OH_Http_DestroyHeaders(&headers);
246 free(request->options);
247 OH_Http_Destroy(&request);
248 return;
249 }
250 OH_Http_DestroyHeaders(&headers);
251 free(request->options);
252 OH_Http_Destroy(&request);
253 }
254
255 } // namespace HttpClient
256 } // namespace NetStack
257 } // namespace OHOS
258
259 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)260 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
261 {
262 /* Run your code on data */
263 OHOS::NetStack::HttpClient::CreateRequestTest(data, size);
264 OHOS::NetStack::HttpClient::CreateHeadersTest(data, size);
265 OHOS::NetStack::HttpClient::GetHeaderValueTest(data, size);
266 OHOS::NetStack::HttpClient::GetHeaderEntriesTest(data, size);
267 OHOS::NetStack::HttpClient::HttpRequestTest(data, size);
268 return 0;
269 }