1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "wifiap_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <unistd.h>
21 #include "securec.h"
22 #include "ap_define.h"
23 #include "wifi_log.h"
24 #include "wifi_ap_msg.h"
25 #include <mutex>
26 #include "ap_config_use.h"
27 #include "ap_idle_state.h"
28 #include "ap_interface.h"
29 #include "ap_root_state.h"
30 #include "ap_service.h"
31 #include "ap_stations_manager.h"
32 #include "wifi_ap_nat_manager.h"
33 #include "mock_wifi_ap_service.h"
34
35 namespace OHOS {
36 namespace Wifi {
37 constexpr int TWO = 2;
38 constexpr int THREE = 3;
39 constexpr int U32_AT_SIZE_ZERO = 4;
40 constexpr int SIX = 6;
41
42 MockPendant *pMockPendant = new MockPendant();
43 std::shared_ptr<ApService> pApService = std::make_shared<ApService>(pMockPendant->GetMockApStateMachine());
44 std::shared_ptr<ApIdleState> pApIdleState = std::make_shared<ApIdleState>(pMockPendant->GetMockApStateMachine());
45 std::shared_ptr<ApInterface> pApInterface = std::make_shared<ApInterface>();
46 std::shared_ptr<ApConfigUse> pApConfigUse = std::make_shared<ApConfigUse>();
47 std::shared_ptr<ApRootState> pApRootState = std::make_shared<ApRootState>();
48 std::shared_ptr<ApStationsManager> pApStationsManager = std::make_shared<ApStationsManager>();
49 std::shared_ptr<WifiApNatManager> pWifiApNatManager = std::make_shared<WifiApNatManager>();
50
UpdateApChannelConfigFuzzTest(const uint8_t * data,size_t size)51 void UpdateApChannelConfigFuzzTest(const uint8_t* data, size_t size)
52 {
53 HotspotConfig apConfig;
54 apConfig.SetBand(BandType::BAND_2GHZ);
55 apConfig.SetChannel(1);
56 WifiLinkedInfo wifiLinkedInfo;
57 wifiLinkedInfo.connState = ConnState::DISCONNECTED;
58 pApConfigUse->UpdateApChannelConfig(apConfig);
59 }
60
GetBestChannelFor2GFuzzTest(const uint8_t * data,size_t size)61 void GetBestChannelFor2GFuzzTest(const uint8_t* data, size_t size)
62 {
63 pApConfigUse->GetBestChannelFor2G();
64 }
65
GetBestChannelFor5GFuzzTest(const uint8_t * data,size_t size)66 void GetBestChannelFor5GFuzzTest(const uint8_t* data, size_t size)
67 {
68 HotspotConfig apConfig;
69 apConfig.SetBandWidth(AP_BANDWIDTH_DEFAULT);
70 pApConfigUse->GetBestChannelFor5G(apConfig);
71 }
72
GetChannelFromDrvOrXmlByBandFuzzTest(const uint8_t * data,size_t size)73 void GetChannelFromDrvOrXmlByBandFuzzTest(const uint8_t* data, size_t size)
74 {
75 BandType bandType = static_cast<BandType>(static_cast<int>(data[0]) % SIX);
76 pApConfigUse->GetChannelFromDrvOrXmlByBand(bandType);
77 }
78
FilterIndoorChannelFuzzTest(const uint8_t * data,size_t size)79 void FilterIndoorChannelFuzzTest(const uint8_t* data, size_t size)
80 {
81 std::vector<int> channels = {36, 40, 44, 48, 52, 56};
82 pApConfigUse->FilterIndoorChannel(channels);
83 std::vector<int> channels1 = {};
84 pApConfigUse->FilterIndoorChannel(channels1);
85 }
86
Filter165ChannelFuzzTest(const uint8_t * data,size_t size)87 void Filter165ChannelFuzzTest(const uint8_t* data, size_t size)
88 {
89 std::vector<int> channels = {36, 165};
90 pApConfigUse->Filter165Channel(channels);
91 }
92
JudgeDbacWithP2pFuzzTest(const uint8_t * data,size_t size)93 void JudgeDbacWithP2pFuzzTest(const uint8_t* data, size_t size)
94 {
95 HotspotConfig apConfig;
96 apConfig.SetBand(BandType::BAND_2GHZ);
97 pApConfigUse->JudgeDbacWithP2p(apConfig);
98 }
99
GetIndoorChanByCountryCodeFuzzTest(const uint8_t * data,size_t size)100 void GetIndoorChanByCountryCodeFuzzTest(const uint8_t* data, size_t size)
101 {
102 std::string countryCode = std::string(reinterpret_cast<const char*>(data), size);
103 pApConfigUse->GetIndoorChanByCountryCode(countryCode);
104 }
105
GetPreferredChannelByBandFuzzTest(const uint8_t * data,size_t size)106 void GetPreferredChannelByBandFuzzTest(const uint8_t* data, size_t size)
107 {
108 BandType bandType = static_cast<BandType>(static_cast<int>(data[0]) % SIX);
109 pApConfigUse->GetPreferredChannelByBand(bandType);
110 }
111
WifiApRootStateFuzzTest(const uint8_t * data,size_t size)112 void WifiApRootStateFuzzTest(const uint8_t* data, size_t size)
113 {
114 pApRootState->GoInState();
115 pApRootState->GoOutState();
116 InternalMessagePtr msg = std::make_shared<InternalMessage>();
117 msg->SetMessageName(static_cast<int>(ApStatemachineEvent::CMD_UPDATE_HOTSPOTCONFIG_RESULT));
118 pApRootState->ExecuteStateMsg(msg);
119 msg->SetMessageName(static_cast<int>(ApStatemachineEvent::CMD_START_HOTSPOT));
120 pApRootState->ExecuteStateMsg(msg);
121 msg->SetMessageName(static_cast<int>(ApStatemachineEvent::CMD_SET_HOTSPOT_CONFIG));
122 pApRootState->ExecuteStateMsg(msg);
123 msg = nullptr;
124 pApRootState->ExecuteStateMsg(msg);
125 }
126
BlockListAndStationFuzzTest(const uint8_t * data,size_t size)127 void BlockListAndStationFuzzTest(const uint8_t* data, size_t size)
128 {
129 StationInfo staInfo;
130 int index = 0;
131 staInfo.deviceName = std::string(reinterpret_cast<const char*>(data), size);
132 staInfo.bssid = std::string(reinterpret_cast<const char*>(data), size);
133 staInfo.bssidType = static_cast<int>(data[index++]);
134 staInfo.ipAddr = std::string(reinterpret_cast<const char*>(data), size);
135 pApStationsManager->AddBlockList(staInfo);
136 pApStationsManager->DelBlockList(staInfo);
137 pApStationsManager->StationJoin(staInfo);
138 pApStationsManager->DisConnectStation(staInfo);
139 pApStationsManager->AddAssociationStation(staInfo);
140 pApStationsManager->DelAssociationStation(staInfo);
141 }
142
EnableAllBlockListFuzzTest(const uint8_t * data,size_t size)143 void EnableAllBlockListFuzzTest(const uint8_t* data, size_t size)
144 {
145 pApStationsManager->EnableAllBlockList();
146 }
147
StationLeaveFuzzTest(const uint8_t * data,size_t size)148 void StationLeaveFuzzTest(const uint8_t* data, size_t size)
149 {
150 std::string mac = std::string(reinterpret_cast<const char*>(data), size);
151 pApStationsManager->StationLeave(mac);
152 }
153
GetAllConnectedStationsFuzzTest(const uint8_t * data,size_t size)154 void GetAllConnectedStationsFuzzTest(const uint8_t* data, size_t size)
155 {
156 std::vector<std::string> staMacList;
157 std::vector<std::string> staMacListCom;
158 std::string staMacList1 = "test_deviceName1";
159 std::string staMacList2 = "test_deviceName2";
160 staMacList.push_back(staMacList1);
161 staMacList.push_back(staMacList2);
162 pApStationsManager->GetAllConnectedStations();
163 }
164
EnableInterfaceNatFuzzTest(const uint8_t * data,size_t size)165 void EnableInterfaceNatFuzzTest(const uint8_t* data, size_t size)
166 {
167 bool enable = (static_cast<int>(data[0]) % TWO) ? true : false;
168 std::string inInterfaceName = std::string(reinterpret_cast<const char*>(data), size);
169 std::string outInterfaceName = std::string(reinterpret_cast<const char*>(data), size);
170 pWifiApNatManager->EnableInterfaceNat(enable, inInterfaceName, outInterfaceName);
171 }
172
SetForwardingFuzzTest(const uint8_t * data,size_t size)173 void SetForwardingFuzzTest(const uint8_t* data, size_t size)
174 {
175 bool enable = (static_cast<int>(data[0]) % TWO) ? true : false;
176 pWifiApNatManager->SetForwarding(enable);
177 }
178
SetInterfaceRouteFuzzTest(const uint8_t * data,size_t size)179 void SetInterfaceRouteFuzzTest(const uint8_t* data, size_t size)
180 {
181 bool enable = (static_cast<int>(data[0]) % TWO) ? true : false;
182 pWifiApNatManager->SetInterfaceRoute(enable);
183 }
184
SetInterfaceNatFuzzTest(const uint8_t * data,size_t size)185 void SetInterfaceNatFuzzTest(const uint8_t* data, size_t size)
186 {
187 bool enable = (static_cast<int>(data[0]) % TWO) ? true : false;
188 std::string outInterfaceName = std::string(reinterpret_cast<const char*>(data), size);
189 pWifiApNatManager->SetInterfaceNat(enable, outInterfaceName);
190 }
191
WriteDataToFileFuzzTest(const uint8_t * data,size_t size)192 void WriteDataToFileFuzzTest(const uint8_t* data, size_t size)
193 {
194 std::string fileName = "wlan0";
195 std::string content = std::string(reinterpret_cast<const char*>(data), size);
196 pWifiApNatManager->WriteDataToFile(fileName, content);
197 }
198
EnableHotspotFuzzTest(const uint8_t * data,size_t size)199 void EnableHotspotFuzzTest(const uint8_t* data, size_t size)
200 {
201 pApService->EnableHotspot();
202 pApInterface->EnableHotspot();
203 }
204
DisableHotspotFuzzTest(const uint8_t * data,size_t size)205 void DisableHotspotFuzzTest(const uint8_t* data, size_t size)
206 {
207 pApService->DisableHotspot();
208 pApInterface->DisableHotspot();
209 }
210
SetHotspotConfigFuzzTest(const uint8_t * data,size_t size)211 void SetHotspotConfigFuzzTest(const uint8_t* data, size_t size)
212 {
213 HotspotConfig apConfig;
214 apConfig.SetChannel(1);
215 apConfig.SetBand(BandType::BAND_2GHZ);
216 apConfig.SetBandWidth(AP_BANDWIDTH_DEFAULT);
217 pApService->SetHotspotConfig(apConfig);
218 pApInterface->SetHotspotConfig(apConfig);
219 }
220
SetHotspotIdleTimeoutFuzzTest(const uint8_t * data,size_t size)221 void SetHotspotIdleTimeoutFuzzTest(const uint8_t* data, size_t size)
222 {
223 int time = static_cast<int>(data[0]);
224 pApService->SetHotspotIdleTimeout(time);
225 pApInterface->SetHotspotIdleTimeout(time);
226 }
227
AddBlockListFuzzTest(const uint8_t * data,size_t size)228 void AddBlockListFuzzTest(const uint8_t* data, size_t size)
229 {
230 StationInfo stationInfo;
231 int index = 0;
232 stationInfo.deviceName = std::string(reinterpret_cast<const char*>(data), size);
233 stationInfo.bssid = std::string(reinterpret_cast<const char*>(data), size);
234 stationInfo.bssidType = static_cast<int>(data[index++]);
235 stationInfo.ipAddr = std::string(reinterpret_cast<const char*>(data), size);
236 pApService->AddBlockList(stationInfo);
237 pApInterface->AddBlockList(stationInfo);
238 }
239
DelBlockListFuzzTest(const uint8_t * data,size_t size)240 void DelBlockListFuzzTest(const uint8_t* data, size_t size)
241 {
242 StationInfo stationInfo;
243 int index = 0;
244 stationInfo.deviceName = std::string(reinterpret_cast<const char*>(data), size);
245 stationInfo.bssid = std::string(reinterpret_cast<const char*>(data), size);
246 stationInfo.bssidType = static_cast<int>(data[index++]);
247 stationInfo.ipAddr = std::string(reinterpret_cast<const char*>(data), size);
248 pApService->DelBlockList(stationInfo);
249 pApInterface->DelBlockList(stationInfo);
250 }
251
DisconnetStationFuzzTest(const uint8_t * data,size_t size)252 void DisconnetStationFuzzTest(const uint8_t* data, size_t size)
253 {
254 StationInfo stationInfo;
255 int index = 0;
256 stationInfo.deviceName = std::string(reinterpret_cast<const char*>(data), size);
257 stationInfo.bssid = std::string(reinterpret_cast<const char*>(data), size);
258 stationInfo.bssidType = static_cast<int>(data[index++]);
259 stationInfo.ipAddr = std::string(reinterpret_cast<const char*>(data), size);
260 pApService->DisconnetStation(stationInfo);
261 pApInterface->DisconnetStation(stationInfo);
262 }
263
GetStationListFuzzTest(const uint8_t * data,size_t size)264 void GetStationListFuzzTest(const uint8_t* data, size_t size)
265 {
266 std::vector<StationInfo> result;
267 pApService->GetStationList(result);
268 pApInterface->GetStationList(result);
269 }
270
GetValidBandsFuzzTest(const uint8_t * data,size_t size)271 void GetValidBandsFuzzTest(const uint8_t* data, size_t size)
272 {
273 std::vector<BandType> bands;
274 pApService->GetValidBands(bands);
275 pApInterface->GetValidBands(bands);
276 }
277
GetValidChannelsFuzzTest(const uint8_t * data,size_t size)278 void GetValidChannelsFuzzTest(const uint8_t* data, size_t size)
279 {
280 BandType bandType = static_cast<BandType>(static_cast<int>(data[0]) % SIX);
281 std::vector<int32_t> validChannel;
282 pApService->GetValidChannels(bandType, validChannel);
283 pApInterface->GetValidChannels(bandType, validChannel);
284 }
285
RegisterApServiceCallbacksFuzzTest(const uint8_t * data,size_t size)286 void RegisterApServiceCallbacksFuzzTest(const uint8_t* data, size_t size)
287 {
288 IApServiceCallbacks callbacks;
289 pApService->RegisterApServiceCallbacks(callbacks);
290 pApInterface->RegisterApServiceCallbacks(callbacks);
291 }
292
GetSupportedPowerModelFuzzTest(const uint8_t * data,size_t size)293 void GetSupportedPowerModelFuzzTest(const uint8_t* data, size_t size)
294 {
295 std::set<PowerModel> setPowerModelList;
296 pApService->GetSupportedPowerModel(setPowerModelList);
297 pApInterface->GetSupportedPowerModel(setPowerModelList);
298 }
299
GetPowerModelFuzzTest(const uint8_t * data,size_t size)300 void GetPowerModelFuzzTest(const uint8_t* data, size_t size)
301 {
302 PowerModel model = static_cast<PowerModel>(static_cast<int>(data[0]) % THREE);
303 pApService->GetPowerModel(model);
304 pApInterface->GetPowerModel(model);
305 }
306
SetPowerModelFuzzTest(const uint8_t * data,size_t size)307 void SetPowerModelFuzzTest(const uint8_t* data, size_t size)
308 {
309 PowerModel model = static_cast<PowerModel>(static_cast<int>(data[0]) % THREE);
310 pApService->SetPowerModel(model);
311 pApInterface->SetPowerModel(model);
312 }
313
WifiApIdleStateFuzzTest(const uint8_t * data,size_t size)314 void WifiApIdleStateFuzzTest(const uint8_t* data, size_t size)
315 {
316 pApIdleState->GoInState();
317 pApIdleState->GoOutState();
318 InternalMessagePtr msg = std::make_shared<InternalMessage>();
319 msg->SetMessageName(static_cast<int>(ApStatemachineEvent::CMD_UPDATE_HOTSPOTCONFIG_RESULT));
320 pApIdleState->ExecuteStateMsg(msg);
321 msg->SetMessageName(static_cast<int>(ApStatemachineEvent::CMD_START_HOTSPOT));
322 pApIdleState->ExecuteStateMsg(msg);
323 }
324
325 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)326 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
327 {
328 if ((data == nullptr) || (size <= OHOS::Wifi::U32_AT_SIZE_ZERO)) {
329 return 0;
330 }
331 OHOS::Wifi::UpdateApChannelConfigFuzzTest(data, size);
332 OHOS::Wifi::GetBestChannelFor2GFuzzTest(data, size);
333 OHOS::Wifi::GetBestChannelFor5GFuzzTest(data, size);
334 OHOS::Wifi::GetChannelFromDrvOrXmlByBandFuzzTest(data, size);
335 OHOS::Wifi::FilterIndoorChannelFuzzTest(data, size);
336 OHOS::Wifi::Filter165ChannelFuzzTest(data, size);
337 OHOS::Wifi::JudgeDbacWithP2pFuzzTest(data, size);
338 OHOS::Wifi::GetIndoorChanByCountryCodeFuzzTest(data, size);
339 OHOS::Wifi::GetPreferredChannelByBandFuzzTest(data, size);
340 OHOS::Wifi::WifiApRootStateFuzzTest(data, size);
341 OHOS::Wifi::BlockListAndStationFuzzTest(data, size);
342 OHOS::Wifi::EnableAllBlockListFuzzTest(data, size);
343 OHOS::Wifi::StationLeaveFuzzTest(data, size);
344 OHOS::Wifi::GetAllConnectedStationsFuzzTest(data, size);
345 OHOS::Wifi::EnableInterfaceNatFuzzTest(data, size);
346 OHOS::Wifi::SetForwardingFuzzTest(data, size);
347 OHOS::Wifi::SetInterfaceRouteFuzzTest(data, size);
348 OHOS::Wifi::SetInterfaceNatFuzzTest(data, size);
349 OHOS::Wifi::WriteDataToFileFuzzTest(data, size);
350 OHOS::Wifi::EnableHotspotFuzzTest(data, size);
351 OHOS::Wifi::DisableHotspotFuzzTest(data, size);
352 OHOS::Wifi::SetHotspotConfigFuzzTest(data, size);
353 OHOS::Wifi::SetHotspotIdleTimeoutFuzzTest(data, size);
354 OHOS::Wifi::AddBlockListFuzzTest(data, size);
355 OHOS::Wifi::DelBlockListFuzzTest(data, size);
356 OHOS::Wifi::DisconnetStationFuzzTest(data, size);
357 OHOS::Wifi::GetStationListFuzzTest(data, size);
358 OHOS::Wifi::GetValidBandsFuzzTest(data, size);
359 OHOS::Wifi::GetValidChannelsFuzzTest(data, size);
360 OHOS::Wifi::RegisterApServiceCallbacksFuzzTest(data, size);
361 OHOS::Wifi::GetSupportedPowerModelFuzzTest(data, size);
362 OHOS::Wifi::GetPowerModelFuzzTest(data, size);
363 OHOS::Wifi::SetPowerModelFuzzTest(data, size);
364 OHOS::Wifi::WifiApIdleStateFuzzTest(data, size);
365 return 0;
366 }
367 }
368 }
369