1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <cerrno>
17 #include <cstdlib>
18 #include "securec.h"
19 #include "v1_0/ihostapd_interface.h"
20 #include "hostapd_fuzzer.h"
21 #include "hostapd_common_fuzzer.h"
22 #include "servmgr_hdi.h"
23 #include "devmgr_hdi.h"
24 #include "hdf_remote_service.h"
25 
26 namespace OHOS {
27 namespace WIFI {
28 constexpr size_t THRESHOLD = 10;
29 const char *g_wpaServiceName = "hostapd_interface_service";
30 struct IHostapdInterface *g_wpaObj = nullptr;
31 static struct HDIDeviceManager *g_devMgr = nullptr;
32 
FuzzHostapdStart(struct IHostapdInterface * gWpaObj,uint8_t * tmpRawData)33 void FuzzHostapdStart(struct IHostapdInterface *gWpaObj, uint8_t *tmpRawData)
34 {
35     HDF_LOGI("%{public}s : is starting", __FUNCTION__);
36     FuzzHostapdInterfaceSetApPasswd(gWpaObj, tmpRawData);
37     FuzzHostapdInterfaceSetApName(gWpaObj, tmpRawData);
38     FuzzHostapdInterfaceSetApBand(gWpaObj, tmpRawData);
39     FuzzHostapdInterfaceSetApChannel(gWpaObj, tmpRawData);
40     FuzzHostapdInterfaceSetApMaxConn(gWpaObj, tmpRawData);
41     FuzzHostapdInterfaceSetAp80211n(gWpaObj, tmpRawData);
42     FuzzHostapdInterfaceSetApWmm(gWpaObj, tmpRawData);
43     FuzzHostapdInterfaceReloadApConfigInfo(gWpaObj, tmpRawData);
44     FuzzHostapdInterfaceDisableAp(gWpaObj, tmpRawData);
45     FuzzHostapdInterfaceEnableAp(gWpaObj, tmpRawData);
46     FuzzHostapdInterfaceSetMacFilter(gWpaObj, tmpRawData);
47     FuzzHostapdInterfaceDelMacFilter(gWpaObj, tmpRawData);
48     FuzzHostapdInterfaceGetStaInfos(gWpaObj, tmpRawData);
49     FuzzHostapdInterfaceDisassociateSta(gWpaObj, tmpRawData);
50     FuzzHostapdInterfaceRegisterEventCallback(gWpaObj, tmpRawData);
51     FuzzHostapdInterfaceUnregisterEventCallback(gWpaObj, tmpRawData);
52     FuzzHostapdInterfaceStartAp(gWpaObj, tmpRawData);
53     FuzzHostapdInterfaceStopAp(gWpaObj, tmpRawData);
54 }
55 
DoSomethingInterestingWithMyAPI(const uint8_t * rawData,size_t size)56 bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size)
57 {
58     HDF_LOGI("%{public}s: enter", __FUNCTION__);
59     bool result = false;
60 
61     if (rawData == nullptr || size == 0) {
62         return false;
63     }
64     g_devMgr = HDIDeviceManagerGet();
65     if (g_devMgr == nullptr) {
66         HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
67         return result;
68     }
69     int32_t rc = g_devMgr->LoadDevice(g_devMgr, g_wpaServiceName);
70     if (rc != HDF_SUCCESS) {
71         HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
72         return result;
73     }
74     g_wpaObj = IHostapdInterfaceGetInstance(g_wpaServiceName, true);
75     if (g_wpaObj == nullptr) {
76         HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
77         return result;
78     }
79     uint32_t dataSize = size - OFFSET;
80     uint8_t *tmpRawData = reinterpret_cast<uint8_t *>(OsalMemCalloc(dataSize + 1));
81     if (tmpRawData == nullptr) {
82         HDF_LOGE("%{public}s : OsalMemCalloc failed!", __FUNCTION__);
83         return result;
84     }
85     if (PreProcessRawData(rawData, size, tmpRawData, dataSize + 1) != true) {
86         HDF_LOGE("%{public}s : PreProcessRawData failed!", __FUNCTION__);
87         OsalMemFree(tmpRawData);
88         return result;
89     }
90     int32_t ret = g_wpaObj->StartApWithCmd(g_wpaObj, "wlan1", 0);
91     if (ret != HDF_SUCCESS) {
92         HDF_LOGE("%{public}s : StartApWithCmd failed!", __FUNCTION__);
93         OsalMemFree(tmpRawData);
94         return result;
95     }
96     HDF_LOGE("%{public}s :StartApWithCmd sucess", __FUNCTION__);
97     FuzzHostapdStart(g_wpaObj, tmpRawData);
98     IHostapdInterfaceReleaseInstance(g_wpaServiceName, g_wpaObj, true);
99     OsalMemFree(tmpRawData);
100     g_devMgr->UnloadDevice(g_devMgr, g_wpaServiceName);
101     g_devMgr = nullptr;
102     g_wpaObj = nullptr;
103     return result;
104 }
105 } // namespace WIFI
106 } // namespace OHOS
107 
108 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)109 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
110 {
111     HDF_LOGI("%{public}s : size = %lu ,THRESHOLD = %lu", __FUNCTION__, size, OHOS::WIFI::THRESHOLD);
112     if (size < OHOS::WIFI::THRESHOLD) {
113         return 0;
114     }
115 
116     /* Run your code on data */
117     OHOS::WIFI::DoSomethingInterestingWithMyAPI(data, size);
118     return 0;
119 }