1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "devauthservprocessbinddata_fuzzer.h"
17 #include "device_auth.h"
18 #include "device_auth_defines.h"
19 #include "hc_dev_info.h"
20 #include "hc_log.h"
21 #include "hc_types.h"
22 #include "json_utils.h"
23 #include "securec.h"
24 #include <unistd.h>
25 
26 namespace OHOS {
OnError(int64_t requestId,int operationCode,int errorCode,const char * errorReturn)27     static void OnError(int64_t requestId, int operationCode, int errorCode, const char *errorReturn)
28     {
29         LOGE("error return: %s", errorReturn);
30     }
31 
OnFinish(int64_t requestId,int operationCode,const char * authReturn)32     static void OnFinish(int64_t requestId, int operationCode, const char *authReturn)
33     {
34         LOGI("return value: %s", authReturn);
35     }
36 
OnSessionKeyReturned(int64_t requestId,const uint8_t * sessionKey,uint32_t sessionKeyLen)37     static void OnSessionKeyReturned(int64_t requestId, const uint8_t *sessionKey, uint32_t sessionKeyLen) {}
38 
OnTransmit(int64_t requestId,const uint8_t * data,uint32_t dataLen)39     static bool OnTransmit(int64_t requestId, const uint8_t *data, uint32_t dataLen)
40     {
41         return true;
42     }
43 
OnRequest(int64_t requestId,int operationCode,const char * reqParam)44     static char *OnRequest(int64_t requestId, int operationCode, const char* reqParam)
45     {
46         return nullptr;
47     }
48 
49     static DeviceAuthCallback g_gmCallback = {
50         .onTransmit = OnTransmit,
51         .onSessionKeyReturned = OnSessionKeyReturned,
52         .onFinish = OnFinish,
53         .onError = OnError,
54         .onRequest = OnRequest,
55     };
56 
FuzzDoProcessBindData(const uint8_t * data,size_t size)57     bool FuzzDoProcessBindData(const uint8_t* data, size_t size)
58     {
59         if (data == nullptr) {
60             return false;
61         }
62         InitDeviceAuthService();
63         std::string appId(reinterpret_cast<const char *>(data), size);
64         const DeviceGroupManager *gmInstance = GetGmInstance();
65         gmInstance->regCallback(appId.c_str(), &g_gmCallback);
66         int64_t reqId = 123;
67         uint8_t *bindData = reinterpret_cast<uint8_t *>(HcMalloc(size + 1, 0));
68         if (bindData == nullptr) {
69             DestroyDeviceAuthService();
70             return false;
71         }
72         if (memcpy_s(bindData, size, data, size) != EOK) {
73             HcFree(bindData);
74             DestroyDeviceAuthService();
75             return false;
76         }
77         gmInstance->processData(reqId, bindData, size);
78         HcFree(bindData);
79         sleep(1);
80         DestroyDeviceAuthService();
81         return true;
82     }
83 }
84 
85 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)86 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
87 {
88     /* Run your code on data */
89     OHOS::FuzzDoProcessBindData(data, size);
90     return 0;
91 }
92 
93