• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "connectioncommon_fuzzer.h"
17 
18 #include <vector>
19 #include <securec.h>
20 #include <pthread.h>
21 #include <cstddef>
22 #include <string>
23 #include "softbus_datahead_transform.h"
24 #include "softbus_socket.h"
25 #include "softbus_tcp_socket.h"
26 #include "softbus_conn_manager.h"
27 #include "softbus_base_listener.h"
28 #include "softbus_protocol_def.h"
29 
30 namespace OHOS {
DoDataHeadTransformFuzz(const uint8_t * data,size_t size)31 static void DoDataHeadTransformFuzz(const uint8_t *data, size_t size)
32 {
33     if (size < sizeof(ConnPktHead)) {
34         return;
35     }
36     ConnPktHead head;
37     if (memcpy_s(&head, sizeof(head), data, sizeof(head)) != EOK) {
38         return;
39     }
40     PackConnPktHead(&head);
41     UnpackConnPktHead(&head);
42 
43     if (size < sizeof(ProxyMessageHead)) {
44         return;
45     }
46     ProxyMessageHead  proxyMessageHead;
47     if (memcpy_s(&proxyMessageHead, sizeof(proxyMessageHead), data, sizeof(proxyMessageHead)) != EOK) {
48         return;
49     }
50     PackProxyMessageHead(&proxyMessageHead);
51     UnpackProxyMessageHead(&proxyMessageHead);
52 }
53 
GenerateConnectOption(const uint8_t * data,size_t size)54 static ConnectOption GenerateConnectOption(const uint8_t *data, size_t size)
55 {
56     ConnectOption connectOption = {
57         .type = CONNECT_TCP,
58         .socketOption = {
59             .addr = "127.0.0.1",
60             .protocol = LNN_PROTOCOL_IP,
61         },
62     };
63     if (size < sizeof(int32_t)) {
64         return connectOption;
65     }
66     if (memcpy_s(&connectOption.socketOption.port, sizeof(int32_t), data, sizeof(int32_t)) != EOK) {
67         return connectOption;
68     }
69     return connectOption;
70 }
71 
72 static constexpr int TCP_KEEP_ALIVE_TIME = 5;
73 static constexpr int TCP_USER_TIMEOUT = 5;
DoSocketFuzz(const uint8_t * data,size_t size)74 static void DoSocketFuzz(const uint8_t *data, size_t size)
75 {
76     ConnInitSockets();
77     ConnectOption connectOption = GenerateConnectOption(data, size);
78     int socketFd = ConnOpenClientSocket(&connectOption, "127.0.0.1", false);
79     if (socketFd > 0) {
80         ConnSendSocketData(socketFd, reinterpret_cast<const char *>(data), size, 0);
81         std::vector<char> recvBuf(size);
82         ConnRecvSocketData(socketFd, recvBuf.data(), size, 0);
83         ConnSetTcpKeepAlive(socketFd, TCP_KEEP_ALIVE_TIME);
84         ConnSetTcpUserTimeOut(socketFd, TCP_USER_TIMEOUT);
85         ConnToggleNonBlockMode(socketFd, true);
86         ConnGetLocalSocketPort(socketFd);
87         ConnGetSocketError(socketFd);
88         SocketAddr socketAddr;
89         ConnGetPeerSocketAddr(socketFd, &socketAddr);
90         ConnCloseSocket(socketFd);
91         ConnShutdownSocket(socketFd);
92     }
93     ConnDeinitSockets();
94 }
95 
ConnectEvent(ListenerModule module,int32_t cfd,const ConnectOption * clientAddr)96 static int32_t ConnectEvent(ListenerModule module, int32_t cfd, const ConnectOption *clientAddr)
97 {
98     return 0;
99 }
100 
DataEvent(ListenerModule module,int32_t events,int32_t fd)101 static int32_t DataEvent(ListenerModule module, int32_t events, int32_t fd)
102 {
103     return 0;
104 }
105 
DoBaseListenerFuzz(const uint8_t * data,size_t size)106 static void DoBaseListenerFuzz(const uint8_t *data, size_t size)
107 {
108     ListenerModule module = DIRECT_CHANNEL_CLIENT;
109     SoftbusBaseListener listener;
110     listener.onConnectEvent = ConnectEvent;
111     listener.onDataEvent = DataEvent;
112     LocalListenerInfo info;
113     StartBaseClient(module, &listener);
114     StopBaseListener(module);
115     DestroyBaseListener(module);
116     if (memcpy_s(&info, sizeof(LocalListenerInfo), data, size) == EOK) {
117         StartBaseListener(&info, &listener);
118     }
119 }
120 
DoTriggerFuzz()121 static void DoTriggerFuzz()
122 {
123     AddTrigger(AUTH_P2P, 0, WRITE_TRIGGER);
124     DelTrigger(AUTH_P2P, 0, WRITE_TRIGGER);
125 }
126 }
127 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)128 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
129 {
130     if (data == nullptr || size < sizeof(int32_t)) {
131         return 0;
132     }
133     /* Run your code on data */
134     OHOS::DoDataHeadTransformFuzz(data, size);
135     OHOS::DoSocketFuzz(data, size);
136     OHOS::DoBaseListenerFuzz(data, size);
137     OHOS::DoTriggerFuzz();
138     return 0;
139 }