1 /*
2 * Copyright (C) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "mdns_client_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "message_parcel.h"
22 #include "refbase.h"
23 #include <securec.h>
24
25 #include "i_mdns_event.h"
26 #include "net_manager_ext_constants.h"
27 #define private public
28 #include "mdns_service.h"
29 #undef private
30
31 namespace OHOS {
32 namespace NetManagerStandard {
33
34 class IRegistrationCallbackTest : public IRemoteStub<IRegistrationCallback> {
35 public:
HandleRegister(const MDnsServiceInfo & serviceInfo,int32_t retCode)36 void HandleRegister(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleUnRegister(const MDnsServiceInfo & serviceInfo,int32_t retCode)37 void HandleUnRegister(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleRegisterResult(const MDnsServiceInfo & serviceInfo,int32_t retCode)38 void HandleRegisterResult(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
39 };
40
41 class IDiscoveryCallbackTest : public IRemoteStub<IDiscoveryCallback> {
42 public:
HandleStartDiscover(const MDnsServiceInfo & serviceInfo,int32_t retCode)43 void HandleStartDiscover(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleStopDiscover(const MDnsServiceInfo & serviceInfo,int32_t retCode)44 void HandleStopDiscover(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleServiceFound(const MDnsServiceInfo & serviceInfo,int32_t retCode)45 void HandleServiceFound(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleServiceLost(const MDnsServiceInfo & serviceInfo,int32_t retCode)46 void HandleServiceLost(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
47 };
48
49 class IResolveCallbackTest : public IRemoteStub<IResolveCallback> {
50 public:
HandleResolveResult(const MDnsServiceInfo & serviceInfo,int32_t retCode)51 void HandleResolveResult(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
52 };
53
54 static const uint8_t *g_baseFuzzData = nullptr;
55 static size_t g_baseFuzzSize = 0;
56 static size_t g_baseFuzzPos;
57 static bool g_isInited = false;
58 static constexpr size_t STR_LEN = 10;
59
InitGlobalData(const uint8_t * data,size_t size)60 bool InitGlobalData(const uint8_t *data, size_t size)
61 {
62 if (data == nullptr || size == 0) {
63 return false;
64 }
65 g_baseFuzzData = data;
66 g_baseFuzzSize = size;
67 g_baseFuzzPos = 0;
68 return true;
69 }
70
GetData()71 template <class T> T GetData()
72 {
73 T object{};
74 size_t objectSize = sizeof(object);
75 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
76 return object;
77 }
78 errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
79 if (ret != EOK) {
80 return {};
81 }
82 g_baseFuzzPos += objectSize;
83 return object;
84 }
85
GetStringFromData(int strlen)86 std::string GetStringFromData(int strlen)
87 {
88 char cstr[strlen];
89 cstr[strlen - 1] = '\0';
90 for (int i = 0; i < strlen - 1; i++) {
91 cstr[i] = GetData<char>();
92 }
93 std::string str(cstr);
94 return str;
95 }
96
WriteInterfaceToken(MessageParcel & data)97 bool WriteInterfaceToken(MessageParcel &data)
98 {
99 return data.WriteInterfaceToken(IMDnsService::GetDescriptor());
100 }
101
GetMessageParcel(const uint8_t * data,size_t size,MessageParcel & dataParcel)102 bool GetMessageParcel(const uint8_t *data, size_t size, MessageParcel &dataParcel)
103 {
104 if (!InitGlobalData(data, size)) {
105 return false;
106 }
107
108 if (!WriteInterfaceToken(dataParcel)) {
109 return false;
110 }
111
112 sptr<MDnsServiceInfo> info = new (std::nothrow) MDnsServiceInfo();
113 info->name = GetStringFromData(STR_LEN);
114 info->type = GetStringFromData(STR_LEN);
115 info->family = GetData<int32_t>();
116 info->addr = GetStringFromData(STR_LEN);
117 info->port = GetData<int32_t>();
118 std::string str = GetStringFromData(STR_LEN);
119 info->txtRecord = std::vector<uint8_t>(str.begin(), str.end());
120 if (!MDnsServiceInfo::Marshalling(dataParcel, info)) {
121 return false;
122 }
123
124 return true;
125 }
126
Init()127 void Init()
128 {
129 if (!g_isInited) {
130 DelayedSingleton<MDnsService>::GetInstance()->Init();
131 g_isInited = true;
132 }
133 }
134
OnRemoteRequest(uint32_t code,MessageParcel & data)135 int32_t OnRemoteRequest(uint32_t code, MessageParcel &data)
136 {
137 if (!g_isInited) {
138 Init();
139 }
140
141 MessageParcel reply;
142 MessageOption option;
143 return DelayedSingleton<MDnsService>::GetInstance()->OnRemoteRequest(code, data, reply, option);
144 }
145
RegisterServiceFuzzTest(const uint8_t * data,size_t size)146 void RegisterServiceFuzzTest(const uint8_t *data, size_t size)
147 {
148 NETMGR_EXT_LOG_D("RegisterServiceFuzzTest enter");
149 MessageParcel dataParcel;
150 if (!GetMessageParcel(data, size, dataParcel)) {
151 return;
152 }
153
154 sptr<IRegistrationCallbackTest> callback = new (std::nothrow) IRegistrationCallbackTest();
155 if (callback == nullptr) {
156 return;
157 }
158 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
159
160 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_REGISTER), dataParcel);
161 }
162
UnRegisterServiceFuzzTest(const uint8_t * data,size_t size)163 void UnRegisterServiceFuzzTest(const uint8_t *data, size_t size)
164 {
165 NETMGR_EXT_LOG_D("UnRegisterServiceFuzzTest enter");
166 MessageParcel dataParcel;
167 if (!GetMessageParcel(data, size, dataParcel)) {
168 return;
169 }
170
171 sptr<IRegistrationCallbackTest> callback = new (std::nothrow) IRegistrationCallbackTest();
172 if (callback == nullptr) {
173 return;
174 }
175 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
176
177 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_STOP_REGISTER), dataParcel);
178 }
179
StartDiscoverServiceFuzzTest(const uint8_t * data,size_t size)180 void StartDiscoverServiceFuzzTest(const uint8_t *data, size_t size)
181 {
182 NETMGR_EXT_LOG_D("StartDiscoverServiceFuzzTest enter");
183 MessageParcel dataParcel;
184 if (!GetMessageParcel(data, size, dataParcel)) {
185 return;
186 }
187
188 sptr<IDiscoveryCallbackTest> callback = new (std::nothrow) IDiscoveryCallbackTest();
189 if (callback == nullptr) {
190 return;
191 }
192 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
193
194 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_DISCOVER), dataParcel);
195 }
196
StopDiscoverServiceFuzzTest(const uint8_t * data,size_t size)197 void StopDiscoverServiceFuzzTest(const uint8_t *data, size_t size)
198 {
199 NETMGR_EXT_LOG_D("StopDiscoverServiceFuzzTest enter");
200 MessageParcel dataParcel;
201 if (!GetMessageParcel(data, size, dataParcel)) {
202 return;
203 }
204
205 sptr<IDiscoveryCallbackTest> callback = new (std::nothrow) IDiscoveryCallbackTest();
206 if (callback == nullptr) {
207 return;
208 }
209 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
210
211 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_STOP_DISCOVER), dataParcel);
212 }
213
ResolveServiceFuzzTest(const uint8_t * data,size_t size)214 void ResolveServiceFuzzTest(const uint8_t *data, size_t size)
215 {
216 NETMGR_EXT_LOG_D("ResolveServiceFuzzTest enter");
217 MessageParcel dataParcel;
218 if (!GetMessageParcel(data, size, dataParcel)) {
219 return;
220 }
221
222 sptr<IResolveCallbackTest> callback = new (std::nothrow) IResolveCallbackTest();
223 if (callback == nullptr) {
224 return;
225 }
226 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
227
228 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_RESOLVE), dataParcel);
229 }
230 } // namespace NetManagerStandard
231 } // namespace OHOS
232
233 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)234 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
235 {
236 /* Run your code on data */
237 OHOS::NetManagerStandard::RegisterServiceFuzzTest(data, size);
238 OHOS::NetManagerStandard::StartDiscoverServiceFuzzTest(data, size);
239 OHOS::NetManagerStandard::StopDiscoverServiceFuzzTest(data, size);
240 OHOS::NetManagerStandard::ResolveServiceFuzzTest(data, size);
241 OHOS::NetManagerStandard::UnRegisterServiceFuzzTest(data, size);
242 return 0;
243 }
244