1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "getsmssegmentsinfo_fuzzer.h"
17
18 #define private public
19 #include "addsmstoken_fuzzer.h"
20 #include "cdma_sms_message.h"
21 #include "core_manager_inner.h"
22 #include "ims_sms_callback_stub.h"
23 #include "sms_service.h"
24
25 using namespace OHOS::Telephony;
26 namespace OHOS {
27 static bool g_isInited = false;
28 constexpr int32_t SLOT_NUM = 2;
29 constexpr int32_t TYPE_NUM = 5;
30
IsServiceInited()31 bool IsServiceInited()
32 {
33 if (!g_isInited) {
34 CoreManagerInner::GetInstance().isInitAllObj_ = true;
35 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
36 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
37 DelayedSingleton<SmsService>::GetInstance()->OnStart();
38 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
39 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
40 g_isInited = true;
41 }
42 }
43 return g_isInited;
44 }
45
GetSmsSegmentsInfo(const uint8_t * data,size_t size)46 void GetSmsSegmentsInfo(const uint8_t *data, size_t size)
47 {
48 if (!IsServiceInited()) {
49 return;
50 }
51
52 MessageParcel dataParcel;
53 MessageParcel replyParcel;
54 MessageOption option(MessageOption::TF_SYNC);
55
56 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
57 std::string message(reinterpret_cast<const char *>(data), size);
58 auto messageU16 = Str8ToStr16(message);
59 bool force7BitCode = slotId == 1 ? true : false;
60
61 dataParcel.WriteInt32(slotId);
62 dataParcel.WriteString16(messageU16);
63 dataParcel.WriteBool(force7BitCode);
64 dataParcel.RewindRead(0);
65
66 DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
67
68 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
69 if (interfaceManager == nullptr) {
70 TELEPHONY_LOGE("interfaceManager nullptr error");
71 return;
72 }
73 interfaceManager->InitInterfaceManager();
74 LengthInfo lenInfo;
75 interfaceManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
76
77 auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
78 if (smsSendManager == nullptr) {
79 TELEPHONY_LOGE("failed to create SmsSendManager");
80 return;
81 }
82 smsSendManager->Init();
83 smsSendManager->InitNetworkHandle();
84 smsSendManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
85 CdmaSmsMessage cdmaSmsMessage;
86 cdmaSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
87 GsmSmsMessage gsmSmsMessage;
88 gsmSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
89 }
90
IsImsSmsSupported(const uint8_t * data,size_t size)91 void IsImsSmsSupported(const uint8_t *data, size_t size)
92 {
93 if (!IsServiceInited()) {
94 return;
95 }
96
97 MessageParcel dataParcel;
98 MessageParcel replyParcel;
99 MessageOption option(MessageOption::TF_SYNC);
100
101 dataParcel.WriteBuffer(data, size);
102 dataParcel.RewindRead(0);
103 DelayedSingleton<SmsService>::GetInstance()->OnIsImsSmsSupported(dataParcel, replyParcel, option);
104
105 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
106 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
107 if (interfaceManager == nullptr) {
108 TELEPHONY_LOGE("interfaceManager nullptr error");
109 return;
110 }
111 interfaceManager->InitInterfaceManager();
112 bool isSupported = false;
113 interfaceManager->IsImsSmsSupported(slotId, isSupported);
114
115 auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
116 if (smsSendManager == nullptr) {
117 TELEPHONY_LOGE("failed to create SmsSendManager");
118 return;
119 }
120 smsSendManager->Init();
121 smsSendManager->InitNetworkHandle();
122 smsSendManager->IsImsSmsSupported(slotId, isSupported);
123 }
124
OnRemoteRequest(const uint8_t * data,size_t size)125 void OnRemoteRequest(const uint8_t *data, size_t size)
126 {
127 if (!IsServiceInited()) {
128 return;
129 }
130
131 MessageParcel dataParcel;
132 if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
133 TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
134 return;
135 }
136
137 MessageParcel replyParcel;
138 MessageOption option(MessageOption::TF_SYNC);
139 dataParcel.RewindRead(0);
140 uint32_t code = static_cast<uint32_t>(size);
141 DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
142 return;
143 }
144
ImsSendMessageResponseInner(const uint8_t * data,size_t size)145 void ImsSendMessageResponseInner(const uint8_t *data, size_t size)
146 {
147 if (!IsServiceInited()) {
148 return;
149 }
150
151 MessageParcel dataParcel;
152 MessageParcel replyParcel;
153
154 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
155 dataParcel.WriteInt32(slotId);
156 RadioResponseInfo responseInfo;
157 responseInfo.flag = static_cast<uint32_t>(size);
158 responseInfo.serial = static_cast<uint32_t>(size);
159 responseInfo.error = static_cast<ErrType>(size);
160 responseInfo.type = static_cast<ResponseTypes>(size % TYPE_NUM);
161 dataParcel.WriteRawData((const void *)&responseInfo, sizeof(RadioResponseInfo));
162 SendSmsResultInfo resultInfo;
163 resultInfo.msgRef = static_cast<uint32_t>(size);
164 std::string pdu(reinterpret_cast<const char *>(data), size);
165 resultInfo.pdu = pdu;
166 resultInfo.errCode = static_cast<uint32_t>(size);
167 resultInfo.flag = static_cast<int64_t>(size);
168 dataParcel.WriteRawData((const void *)&resultInfo, sizeof(SendSmsResultInfo));
169 dataParcel.RewindRead(0);
170 DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSendMessageResponseInner(dataParcel, replyParcel);
171 }
172
ImsSetSmsConfigResponseInner(const uint8_t * data,size_t size)173 void ImsSetSmsConfigResponseInner(const uint8_t *data, size_t size)
174 {
175 if (!IsServiceInited()) {
176 return;
177 }
178
179 MessageParcel dataParcel;
180 MessageParcel replyParcel;
181
182 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
183 dataParcel.WriteInt32(slotId);
184 RadioResponseInfo responseInfo;
185 responseInfo.flag = static_cast<uint32_t>(size);
186 responseInfo.serial = static_cast<uint32_t>(size);
187 responseInfo.error = static_cast<ErrType>(size);
188 responseInfo.type = static_cast<ResponseTypes>(size % TYPE_NUM);
189 dataParcel.WriteRawData((const void *)&responseInfo, sizeof(RadioResponseInfo));
190 dataParcel.RewindRead(0);
191 DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSetSmsConfigResponseInner(dataParcel, replyParcel);
192 }
193
CreateMessage(const uint8_t * data,size_t size)194 void CreateMessage(const uint8_t *data, size_t size)
195 {
196 if (!IsServiceInited()) {
197 return;
198 }
199
200 MessageParcel dataParcel;
201 MessageParcel replyParcel;
202 MessageOption option(MessageOption::TF_SYNC);
203
204 std::string pdu(reinterpret_cast<const char *>(data), size);
205 std::string reply(reinterpret_cast<const char *>(data), size);
206 dataParcel.WriteString(pdu);
207 dataParcel.WriteString(reply);
208 dataParcel.RewindRead(0);
209 DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
210 }
211
GetBase64Encode(const uint8_t * data,size_t size)212 void GetBase64Encode(const uint8_t *data, size_t size)
213 {
214 if (!IsServiceInited()) {
215 return;
216 }
217
218 MessageParcel dataParcel;
219 MessageParcel replyParcel;
220 MessageOption option(MessageOption::TF_SYNC);
221
222 std::string message(reinterpret_cast<const char *>(data), size);
223 auto messageU16 = Str8ToStr16(message);
224 dataParcel.WriteString16(messageU16);
225 dataParcel.RewindRead(0);
226 DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
227 }
228
GetBase64Decode(const uint8_t * data,size_t size)229 void GetBase64Decode(const uint8_t *data, size_t size)
230 {
231 if (!IsServiceInited()) {
232 return;
233 }
234
235 MessageParcel dataParcel;
236 MessageParcel replyParcel;
237 MessageOption option(MessageOption::TF_SYNC);
238
239 std::string messageSrc(reinterpret_cast<const char *>(data), size);
240 auto stringU16 = Str8ToStr16(messageSrc);
241 dataParcel.WriteString16(stringU16);
242 dataParcel.RewindRead(0);
243 DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
244 }
245
GetEncodeStringFunc(const uint8_t * data,size_t size)246 void GetEncodeStringFunc(const uint8_t *data, size_t size)
247 {
248 if (!IsServiceInited()) {
249 return;
250 }
251
252 MessageParcel dataParcel;
253 MessageParcel replyParcel;
254 MessageOption option(MessageOption::TF_SYNC);
255
256 int32_t charset = static_cast<int32_t>(size);
257 int32_t valLength = static_cast<int32_t>(size);
258 std::string strEncode(reinterpret_cast<const char *>(data), size);
259 auto strEncodeU16 = Str8ToStr16(strEncode);
260 dataParcel.WriteInt32(charset);
261 dataParcel.WriteInt32(valLength);
262 dataParcel.WriteString16(strEncodeU16);
263 dataParcel.RewindRead(0);
264 DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
265 }
266
SendMMSAndDownloadMMS(const uint8_t * data,size_t size)267 void SendMMSAndDownloadMMS(const uint8_t* data, size_t size)
268 {
269 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
270 std::string message(reinterpret_cast<const char *>(data), size);
271
272 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
273 if (interfaceManager == nullptr) {
274 TELEPHONY_LOGE("interfaceManager nullptr error");
275 return;
276 }
277
278 interfaceManager->InitInterfaceManager();
279
280 std::u16string mmsc = Str8ToStr16(message);
281 std::u16string msg = Str8ToStr16(message);
282 std::u16string ua = Str8ToStr16(message);
283 std::u16string uaprof = Str8ToStr16(message);
284
285 interfaceManager->SendMms(mmsc, msg, ua, uaprof);
286 interfaceManager->DownloadMms(mmsc, msg, ua, uaprof);
287 }
288
HighRiskInterface(const uint8_t * data,size_t size)289 void HighRiskInterface(const uint8_t *data, size_t size)
290 {
291 if (!IsServiceInited()) {
292 return;
293 }
294
295 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
296 MessageParcel dataParcel;
297 dataParcel.WriteInt32(slotId);
298 dataParcel.WriteBuffer(data, size);
299 dataParcel.RewindRead(0);
300
301 MessageParcel replyParcel;
302 uint32_t code = static_cast<uint32_t>(size);
303 MessageOption option(MessageOption::TF_SYNC);
304
305 DelayedSingleton<SmsService>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
306 DelayedSingleton<SmsService>::GetInstance()->OnSendSmsTextRequest(dataParcel, replyParcel, option);
307 DelayedSingleton<SmsService>::GetInstance()->OnSendSmsDataRequest(dataParcel, replyParcel, option);
308 DelayedSingleton<SmsService>::GetInstance()->OnGetSmscAddr(dataParcel, replyParcel, option);
309 DelayedSingleton<SmsService>::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option);
310 DelayedSingleton<SmsService>::GetInstance()->OnUpdateSimMessage(dataParcel, replyParcel, option);
311 DelayedSingleton<SmsService>::GetInstance()->OnGetAllSimMessages(dataParcel, replyParcel, option);
312 DelayedSingleton<SmsService>::GetInstance()->OnSplitMessage(dataParcel, replyParcel, option);
313 DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
314 DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
315 DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
316 DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
317 DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
318 }
319
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)320 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
321 {
322 if (data == nullptr || size == 0) {
323 return;
324 }
325
326 GetSmsSegmentsInfo(data, size);
327 IsImsSmsSupported(data, size);
328 OnRemoteRequest(data, size);
329 ImsSendMessageResponseInner(data, size);
330 ImsSetSmsConfigResponseInner(data, size);
331 CreateMessage(data, size);
332 GetBase64Encode(data, size);
333 GetBase64Decode(data, size);
334 GetEncodeStringFunc(data, size);
335 HighRiskInterface(data, size);
336 SendMMSAndDownloadMMS(data, size);
337 DelayedSingleton<SmsService>::DestroyInstance();
338 }
339 } // namespace OHOS
340
341 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)342 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
343 {
344 /* Run your code on data */
345 OHOS::AddSmsTokenFuzzer token;
346 OHOS::DoSomethingInterestingWithMyAPI(data, size);
347 return 0;
348 }
349