1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cerrno>
17 #include <cstdlib>
18 #include "securec.h"
19 #include "v1_0/iwpa_interface.h"
20 #include "wpa_fuzzer.h"
21 #include "wpa_common_fuzzer.h"
22
23 namespace OHOS {
24 namespace WIFI {
25 constexpr size_t THRESHOLD = 10;
26 const char *g_wpaServiceName = "wpa_interface_service";
27 struct IWpaInterface *g_wpaObj = nullptr;
28
DoSomethingInterestingWithMyAPI(const uint8_t * rawData,size_t size)29 bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size)
30 {
31 bool result = false;
32
33 if (rawData == nullptr || size == 0) {
34 return false;
35 }
36 g_wpaObj = IWpaInterfaceGetInstance(g_wpaServiceName, true);
37 if (g_wpaObj == nullptr) {
38 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
39 return result;
40 }
41 uint32_t dataSize = size - OFFSET;
42 uint8_t *tmpRawData = reinterpret_cast<uint8_t *>(OsalMemCalloc(dataSize + 1));
43 if (tmpRawData == nullptr) {
44 HDF_LOGE("%{public}s : OsalMemCalloc failed!", __FUNCTION__);
45 return result;
46 }
47 int32_t ret = g_wpaObj->Start(g_wpaObj);
48 if (ret != HDF_SUCCESS) {
49 HDF_LOGE("%{public}s : Start failed!", __FUNCTION__);
50 OsalMemFree(tmpRawData);
51 return result;
52 }
53 FuzzWpaInterfaceStart(g_wpaObj, tmpRawData);
54 FuzzWpaInterfaceStop(g_wpaObj, tmpRawData);
55 FuzzWpaInterfaceScan(g_wpaObj, tmpRawData);
56 FuzzWpaInterfaceScanResult(g_wpaObj, tmpRawData);
57 FuzzWpaInterfaceAddNetwork(g_wpaObj, tmpRawData);
58 FuzzWpaInterfaceRemoveNetwork(g_wpaObj, tmpRawData);
59 FuzzWpaInterfaceDisableNetwork(g_wpaObj, tmpRawData);
60 FuzzWpaInterfaceSetNetwork(g_wpaObj, tmpRawData);
61 FuzzWpaInterfaceReconnect(g_wpaObj, tmpRawData);
62 FuzzWpaInterfaceDisconnect(g_wpaObj, tmpRawData);
63 FuzzWpaInterfaceSelectNetwork(g_wpaObj, tmpRawData);
64 FuzzWpaInterfaceEnableNetwork(g_wpaObj, tmpRawData);
65 FuzzWpaInterfaceSetPowerSave(g_wpaObj, tmpRawData);
66 FuzzWpaInterfaceAutoConnect(g_wpaObj, tmpRawData);
67 FuzzWpaInterfaceSaveConfig(g_wpaObj, tmpRawData);
68 FuzzWpaInterfaceWpsCancel(g_wpaObj, tmpRawData);
69 FuzzWpaInterfaceGetCountryCode(g_wpaObj, tmpRawData);
70 FuzzWpaInterfaceGetNetwork(g_wpaObj, tmpRawData);
71 FuzzWpaInterfaceBlocklistClear(g_wpaObj, tmpRawData);
72 FuzzWpaInterfaceSetSuspendMode(g_wpaObj, tmpRawData);
73 FuzzWpaInterfaceGetScanSsid(g_wpaObj, tmpRawData);
74 FuzzWpaInterfaceGetPskPassphrase(g_wpaObj, tmpRawData);
75 FuzzWpaInterfaceGetPsk(g_wpaObj, tmpRawData);
76 FuzzWpaInterfaceGetWepKey(g_wpaObj, tmpRawData);
77 FuzzWpaInterfaceGetWepTxKeyIdx(g_wpaObj, tmpRawData);
78 FuzzWpaInterfaceGetRequirePmf(g_wpaObj, tmpRawData);
79 FuzzWpaInterfaceSetCountryCode(g_wpaObj, tmpRawData);
80 FuzzWpaInterfaceListNetworks(g_wpaObj, tmpRawData);
81 FuzzWpaInterfaceWifiStatus(g_wpaObj, tmpRawData);
82 FuzzWpaInterfaceWpsPbcMode(g_wpaObj, tmpRawData);
83 FuzzWpaInterfaceWpsPinMode(g_wpaObj, tmpRawData);
84 FuzzWpaInterfaceRegisterEventCallback(g_wpaObj, tmpRawData);
85 FuzzWpaInterfaceUnregisterEventCallback(g_wpaObj, tmpRawData);
86 FuzzWpaInterfaceGetConnectionCapabilities(g_wpaObj, tmpRawData);
87 FuzzWpaInterfaceAddWpaIface(g_wpaObj, tmpRawData);
88 FuzzWpaInterfaceRemoveWpaIface(g_wpaObj, tmpRawData);
89
90 FuzzWpaInterfaceP2pSetSsidPostfixName(g_wpaObj, tmpRawData);
91 FuzzWpaInterfaceP2pSetWpsDeviceType(g_wpaObj, tmpRawData);
92 FuzzWpaInterfaceP2pSetWpsConfigMethods(g_wpaObj, tmpRawData);
93 FuzzWpaInterfaceP2pSetGroupMaxIdle(g_wpaObj, tmpRawData);
94 FuzzWpaInterfaceP2pSetWfdEnable(g_wpaObj, tmpRawData);
95 FuzzWpaInterfaceP2pSetPersistentReconnect(g_wpaObj, tmpRawData);
96 FuzzWpaInterfaceP2pSetWpsSecondaryDeviceType(g_wpaObj, tmpRawData);
97 FuzzWpaInterfaceP2pSetupWpsPbc(g_wpaObj, tmpRawData);
98 FuzzWpaInterfaceP2pSetupWpsPin(g_wpaObj, tmpRawData);
99 FuzzWpaInterfaceP2pSetPowerSave(g_wpaObj, tmpRawData);
100 FuzzWpaInterfaceP2pSetDeviceName(g_wpaObj, tmpRawData);
101 FuzzWpaInterfaceP2pSetWfdDeviceConfig(g_wpaObj, tmpRawData);
102 FuzzWpaInterfaceP2pSetRandomMac(g_wpaObj, tmpRawData);
103 FuzzWpaInterfaceP2pStartFind(g_wpaObj, tmpRawData);
104 FuzzWpaInterfaceP2pSetExtListen(g_wpaObj, tmpRawData);
105 FuzzWpaInterfaceP2pSetListenChannel(g_wpaObj, tmpRawData);
106 FuzzWpaInterfaceP2pProvisionDiscovery(g_wpaObj, tmpRawData);
107 FuzzWpaInterfaceP2pAddGroup(g_wpaObj, tmpRawData);
108 FuzzWpaInterfaceP2pAddService(g_wpaObj, tmpRawData);
109 FuzzWpaInterfaceP2pRemoveService(g_wpaObj, tmpRawData);
110 FuzzWpaInterfaceP2pStopFind(g_wpaObj, tmpRawData);
111 FuzzWpaInterfaceP2pFlush(g_wpaObj, tmpRawData);
112 FuzzWpaInterfaceP2pFlushService(g_wpaObj, tmpRawData);
113 FuzzWpaInterfaceP2pRemoveNetwork(g_wpaObj, tmpRawData);
114 FuzzWpaInterfaceP2pSetGroupConfig(g_wpaObj, tmpRawData);
115 FuzzWpaInterfaceP2pInvite(g_wpaObj, tmpRawData);
116 FuzzWpaInterfaceP2pReinvoke(g_wpaObj, tmpRawData);
117 FuzzWpaInterfaceP2pGetDeviceAddress(g_wpaObj, tmpRawData);
118 FuzzWpaInterfaceP2pReqServiceDiscovery(g_wpaObj, tmpRawData);
119 FuzzWpaInterfaceP2pCancelServiceDiscovery(g_wpaObj, tmpRawData);
120 FuzzWpaInterfaceP2pRespServerDiscovery(g_wpaObj, tmpRawData);
121 FuzzWpaInterfaceP2pConnect(g_wpaObj, tmpRawData);
122 FuzzWpaInterfaceP2pHid2dConnect(g_wpaObj, tmpRawData);
123 FuzzWpaInterfaceP2pSetServDiscExternal(g_wpaObj, tmpRawData);
124 FuzzWpaInterfaceP2pRemoveGroup(g_wpaObj, tmpRawData);
125 FuzzWpaInterfaceP2pCancelConnect(g_wpaObj, tmpRawData);
126 FuzzWpaInterfaceP2pGetGroupConfig(g_wpaObj, tmpRawData);
127 FuzzWpaInterfaceP2pAddNetwork(g_wpaObj, tmpRawData);
128 FuzzWpaInterfaceP2pGetPeer(g_wpaObj, tmpRawData);
129 FuzzWpaInterfaceP2pGetGroupCapability(g_wpaObj, tmpRawData);
130 FuzzWpaInterfaceP2pListNetworks(g_wpaObj, tmpRawData);
131 FuzzWpaInterfaceP2pSaveConfig(g_wpaObj, tmpRawData);
132
133 ret = g_wpaObj->Stop(g_wpaObj);
134 if (ret != HDF_SUCCESS) {
135 HDF_LOGE("%{public}s : Stop failed!", __FUNCTION__);
136 result = false;
137 }
138 IWpaInterfaceReleaseInstance(g_wpaServiceName, g_wpaObj, true);
139 OsalMemFree(tmpRawData);
140 return result;
141 }
142 } // namespace WIFI
143 } // namespace OHOS
144
145 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)146 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
147 {
148 if (size < OHOS::WIFI::THRESHOLD) {
149 return 0;
150 }
151
152 /* Run your code on data */
153 OHOS::WIFI::DoSomethingInterestingWithMyAPI(data, size);
154 return 0;
155 }
156