1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #include "hostapd_common_fuzzer.h" 16 17 #define WLAN_FREQ_MAX_NUM 35 18 #define ETH_ADDR_LEN 6 19 #define BITS_NUM_24 24 20 #define BITS_NUM_16 16 21 #define BITS_NUM_8 8 22 #define BUFFSIZE_REQUEST 4096 23 24 static uint32_t g_wpaTestSize = 0; 25 struct IHostapdCallback *g_hostapdCallbackObj = nullptr; 26 SetWpaDataSize(const uint32_t * dataSize)27 uint32_t SetWpaDataSize(const uint32_t *dataSize) 28 { 29 if (dataSize != nullptr) { 30 g_wpaTestSize = *dataSize; 31 return HDF_SUCCESS; 32 } 33 HDF_LOGE("%{public}s: set data size failed!", __FUNCTION__); 34 return HDF_FAILURE; 35 } 36 GetWpaDataSize(uint32_t * dataSize)37 uint32_t GetWpaDataSize(uint32_t *dataSize) 38 { 39 if (dataSize != nullptr) { 40 *dataSize = g_wpaTestSize; 41 return HDF_SUCCESS; 42 } 43 HDF_LOGE("%{public}s: get data size failed!", __FUNCTION__); 44 return HDF_FAILURE; 45 } 46 Convert2Uint32(const uint8_t * ptr)47 uint32_t Convert2Uint32(const uint8_t *ptr) 48 { 49 if (ptr == nullptr) { 50 return 0; 51 } 52 /* 53 * Move the 0th digit 24 to the left, the first digit 16 to the left, the second digit 8 to the left, 54 * and the third digit no left 55 */ 56 return (ptr[0] << BITS_NUM_24) | (ptr[1] << BITS_NUM_16) | (ptr[2] << BITS_NUM_8) | (ptr[3]); 57 } 58 PreProcessRawData(const uint8_t * rawData,size_t size,uint8_t * tmpRawData,size_t tmpRawDataSize)59 bool PreProcessRawData(const uint8_t *rawData, size_t size, uint8_t *tmpRawData, size_t tmpRawDataSize) 60 { 61 if (rawData == nullptr || tmpRawData == nullptr) { 62 HDF_LOGE("%{public}s: rawData or tmpRawData is nullptr!", __FUNCTION__); 63 return false; 64 } 65 uint32_t dataSize = size - OFFSET; 66 if (memcpy_s(tmpRawData, tmpRawDataSize, rawData + OFFSET, dataSize) != EOK) { 67 HDF_LOGE("%{public}s: memcpy_s failed!", __FUNCTION__); 68 return false; 69 } 70 if (SetWpaDataSize(&dataSize) != HDF_SUCCESS) { 71 HDF_LOGE("%{public}s: set data size failed!", __FUNCTION__); 72 return false; 73 } 74 return true; 75 } 76 FuzzHostapdInterfaceStartAp(struct IHostapdInterface * interface,const uint8_t * rawData)77 void FuzzHostapdInterfaceStartAp(struct IHostapdInterface *interface, const uint8_t *rawData) 78 { 79 interface->StartAp(interface); 80 HDF_LOGI("%{public}s: success", __FUNCTION__); 81 } 82 FuzzHostapdInterfaceStopAp(struct IHostapdInterface * interface,const uint8_t * rawData)83 void FuzzHostapdInterfaceStopAp(struct IHostapdInterface *interface, const uint8_t *rawData) 84 { 85 interface->StopAp(interface); 86 HDF_LOGI("%{public}s: success", __FUNCTION__); 87 } 88 FuzzHostapdInterfaceEnableAp(struct IHostapdInterface * interface,const uint8_t * rawData)89 void FuzzHostapdInterfaceEnableAp(struct IHostapdInterface *interface, const uint8_t *rawData) 90 { 91 const char *ifName = reinterpret_cast<const char *>(rawData); 92 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 93 94 interface->EnableAp(interface, ifName, id); 95 HDF_LOGI("%{public}s: success", __FUNCTION__); 96 } 97 FuzzHostapdInterfaceDisableAp(struct IHostapdInterface * interface,const uint8_t * rawData)98 void FuzzHostapdInterfaceDisableAp(struct IHostapdInterface *interface, const uint8_t *rawData) 99 { 100 const char *ifName = reinterpret_cast<const char *>(rawData); 101 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 102 103 interface->DisableAp(interface, ifName, id); 104 HDF_LOGI("%{public}s: success", __FUNCTION__); 105 } 106 FuzzHostapdInterfaceSetApPasswd(struct IHostapdInterface * interface,const uint8_t * rawData)107 void FuzzHostapdInterfaceSetApPasswd(struct IHostapdInterface *interface, const uint8_t *rawData) 108 { 109 const char *ifName = reinterpret_cast<const char *>(rawData); 110 const char *pass = reinterpret_cast<const char *>(rawData); 111 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 112 113 interface->SetApPasswd(interface, ifName, pass, id); 114 HDF_LOGI("%{public}s: success", __FUNCTION__); 115 } 116 FuzzHostapdInterfaceSetApName(struct IHostapdInterface * interface,const uint8_t * rawData)117 void FuzzHostapdInterfaceSetApName(struct IHostapdInterface *interface, const uint8_t *rawData) 118 { 119 const char *ifName = reinterpret_cast<const char *>(rawData); 120 const char *name = reinterpret_cast<const char *>(rawData); 121 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 122 123 interface->SetApName(interface, ifName, name, id); 124 HDF_LOGI("%{public}s: success", __FUNCTION__); 125 } 126 FuzzHostapdInterfaceSetApBand(struct IHostapdInterface * interface,const uint8_t * rawData)127 void FuzzHostapdInterfaceSetApBand(struct IHostapdInterface *interface, const uint8_t *rawData) 128 { 129 const char *ifName = reinterpret_cast<const char *>(rawData); 130 int32_t band = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 131 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 132 133 interface->SetApBand(interface, ifName, band, id); 134 HDF_LOGI("%{public}s: success", __FUNCTION__); 135 } 136 FuzzHostapdInterfaceSetAp80211n(struct IHostapdInterface * interface,const uint8_t * rawData)137 void FuzzHostapdInterfaceSetAp80211n(struct IHostapdInterface *interface, const uint8_t *rawData) 138 { 139 const char *ifName = reinterpret_cast<const char *>(rawData); 140 int32_t value = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 141 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 142 143 interface->SetAp80211n(interface, ifName, value, id); 144 HDF_LOGI("%{public}s: success", __FUNCTION__); 145 } 146 FuzzHostapdInterfaceSetApWmm(struct IHostapdInterface * interface,const uint8_t * rawData)147 void FuzzHostapdInterfaceSetApWmm(struct IHostapdInterface *interface, const uint8_t *rawData) 148 { 149 const char *ifName = reinterpret_cast<const char *>(rawData); 150 int32_t value = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 151 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 152 153 interface->SetApWmm(interface, ifName, value, id); 154 HDF_LOGI("%{public}s: success", __FUNCTION__); 155 } 156 FuzzHostapdInterfaceSetApChannel(struct IHostapdInterface * interface,const uint8_t * rawData)157 void FuzzHostapdInterfaceSetApChannel(struct IHostapdInterface *interface, const uint8_t *rawData) 158 { 159 const char *ifName = reinterpret_cast<const char *>(rawData); 160 int32_t channel = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 161 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 162 163 interface->SetApChannel(interface, ifName, channel, id); 164 HDF_LOGI("%{public}s: success", __FUNCTION__); 165 } 166 FuzzHostapdInterfaceSetApMaxConn(struct IHostapdInterface * interface,const uint8_t * rawData)167 void FuzzHostapdInterfaceSetApMaxConn(struct IHostapdInterface *interface, const uint8_t *rawData) 168 { 169 const char *ifName = reinterpret_cast<const char *>(rawData); 170 int32_t maxConn = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 171 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 172 173 interface->SetApMaxConn(interface, ifName, maxConn, id); 174 HDF_LOGI("%{public}s: success", __FUNCTION__); 175 } 176 FuzzHostapdInterfaceSetMacFilter(struct IHostapdInterface * interface,const uint8_t * rawData)177 void FuzzHostapdInterfaceSetMacFilter(struct IHostapdInterface *interface, const uint8_t *rawData) 178 { 179 const char *ifName = reinterpret_cast<const char *>(rawData); 180 const char *mac = reinterpret_cast<const char *>(rawData); 181 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 182 183 interface->SetMacFilter(interface, ifName, mac, id); 184 HDF_LOGI("%{public}s: success", __FUNCTION__); 185 } 186 FuzzHostapdInterfaceDelMacFilter(struct IHostapdInterface * interface,const uint8_t * rawData)187 void FuzzHostapdInterfaceDelMacFilter(struct IHostapdInterface *interface, const uint8_t *rawData) 188 { 189 const char *ifName = reinterpret_cast<const char *>(rawData); 190 const char *mac = reinterpret_cast<const char *>(rawData); 191 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 192 193 interface->DelMacFilter(interface, ifName, mac, id); 194 HDF_LOGI("%{public}s: success", __FUNCTION__); 195 } 196 FuzzHostapdInterfaceGetStaInfos(struct IHostapdInterface * interface,const uint8_t * rawData)197 void FuzzHostapdInterfaceGetStaInfos(struct IHostapdInterface *interface, const uint8_t *rawData) 198 { 199 const char *ifName = reinterpret_cast<const char *>(rawData); 200 char buf[BUFFSIZE_REQUEST] = {0}; 201 uint32_t bufLen = *const_cast<uint32_t *>(reinterpret_cast<const uint32_t *>(rawData)); 202 int32_t size = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 203 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 204 205 interface->GetStaInfos(interface, ifName, buf, bufLen, size, id); 206 HDF_LOGI("%{public}s: success", __FUNCTION__); 207 } 208 FuzzHostapdInterfaceDisassociateSta(struct IHostapdInterface * interface,const uint8_t * rawData)209 void FuzzHostapdInterfaceDisassociateSta(struct IHostapdInterface *interface, const uint8_t *rawData) 210 { 211 const char *ifName = reinterpret_cast<const char *>(rawData); 212 const char *mac = reinterpret_cast<const char *>(rawData); 213 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 214 215 interface->DisassociateSta(interface, ifName, mac, id); 216 HDF_LOGI("%{public}s: success", __FUNCTION__); 217 } 218 FuzzHostapdInterfaceRegisterEventCallback(struct IHostapdInterface * interface,const uint8_t * rawData)219 void FuzzHostapdInterfaceRegisterEventCallback(struct IHostapdInterface *interface, const uint8_t *rawData) 220 { 221 const char *ifName = reinterpret_cast<const char *>(rawData); 222 223 interface->RegisterEventCallback(interface, g_hostapdCallbackObj, ifName); 224 HDF_LOGI("%{public}s: success", __FUNCTION__); 225 } 226 FuzzHostapdInterfaceUnregisterEventCallback(struct IHostapdInterface * interface,const uint8_t * rawData)227 void FuzzHostapdInterfaceUnregisterEventCallback(struct IHostapdInterface *interface, const uint8_t *rawData) 228 { 229 const char *ifName = reinterpret_cast<const char *>(rawData); 230 231 interface->UnregisterEventCallback(interface, g_hostapdCallbackObj, ifName); 232 HDF_LOGI("%{public}s: success", __FUNCTION__); 233 } 234 FuzzHostapdInterfaceReloadApConfigInfo(struct IHostapdInterface * interface,const uint8_t * rawData)235 void FuzzHostapdInterfaceReloadApConfigInfo(struct IHostapdInterface *interface, const uint8_t *rawData) 236 { 237 const char *ifName = reinterpret_cast<const char *>(rawData); 238 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData)); 239 240 interface->ReloadApConfigInfo(interface, ifName, id); 241 HDF_LOGI("%{public}s: success", __FUNCTION__); 242 } 243