1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "gsmsmsparamcodec_fuzzer.h"
17
18 #define private public
19 #include "addsmstoken_fuzzer.h"
20 #include "core_manager_inner.h"
21 #include "i_sms_service_interface.h"
22 #include "sms_service.h"
23
24 using namespace OHOS::Telephony;
25 namespace OHOS {
26 static bool g_isInited = false;
27 static constexpr int32_t UINT8_COUNT = 256;
28 static constexpr int32_t CODE_SCHEME_SIZE = 6;
29 static constexpr int32_t TIME_FORMAT_SIZE = 3;
30 constexpr int32_t SLEEP_TIME_SECONDS = 1;
31
IsServiceInited()32 bool IsServiceInited()
33 {
34 if (!g_isInited) {
35 CoreManagerInner::GetInstance().isInitAllObj_ = true;
36 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
37 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
38 DelayedSingleton<SmsService>::GetInstance()->OnStart();
39 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
40 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
41 g_isInited = true;
42 }
43 }
44 return g_isInited;
45 }
46
T7BitSubmitSms()47 void T7BitSubmitSms()
48 {
49 std::vector<unsigned char> pdu = StringUtils::HexToByteVector("21010B818176251308F4000002C130");
50 ShortMessage *message = new ShortMessage();
51 if (message == nullptr) {
52 return;
53 }
54 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
55 delete message;
56 }
57
Ucs2SubmitSms()58 void Ucs2SubmitSms()
59 {
60 std::vector<unsigned char> pdu = StringUtils::HexToByteVector("21020B818176251308F40008046D4B8BD5");
61 ShortMessage *message = new ShortMessage();
62 if (message == nullptr) {
63 return;
64 }
65 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
66 delete message;
67 }
68
T7BitDeliverySms()69 void T7BitDeliverySms()
70 {
71 std::vector<unsigned char> pdu =
72 StringUtils::HexToByteVector("0891683108200075F4240D91688129562983F600001240800102142302C130");
73 ShortMessage *message = new ShortMessage();
74 if (message == nullptr) {
75 return;
76 }
77 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
78 delete message;
79 }
80
Ucs2DeliverySms()81 void Ucs2DeliverySms()
82 {
83 std::vector<unsigned char> pdu =
84 StringUtils::HexToByteVector("0891683110206005F0240DA1688176251308F4000832500381459323044F60597D");
85 ShortMessage *message = new ShortMessage();
86 if (message == nullptr) {
87 return;
88 }
89 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
90 delete message;
91 }
92
StatusReportSms()93 void StatusReportSms()
94 {
95 std::vector<unsigned char> pdu =
96 StringUtils::HexToByteVector("0891683110808805F006510B818176251308F4325013113382233250131143802300");
97
98 ShortMessage *message = new ShortMessage();
99 if (message == nullptr) {
100 return;
101 }
102 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
103 delete message;
104 }
105
MultiPageUcs2Sms()106 void MultiPageUcs2Sms()
107 {
108 std::vector<unsigned char> pdu = StringUtils::HexToByteVector(
109 "0891683110205005F06005A00110F00008325052214182238C050003D3030200310030002E0063006E002F007100410053004B00380020"
110 "FF0C4EE5514D6B216708521D6263966476F851738D397528540E5F7154CD60A876846B635E384F7F752830024E2D56FD"
111 "8054901A0041005000507545723D65B04F539A8CFF0C70B951FB0020002000680074007400700073003A002F002F0075002E0031003000"
112 "3000310030002E");
113
114 ShortMessage *message = new ShortMessage();
115 if (message == nullptr) {
116 return;
117 }
118 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
119 delete message;
120 }
121
WapPushSms()122 void WapPushSms()
123 {
124 std::vector<unsigned char> pdu = StringUtils::HexToByteVector(
125 "0891683110205005F0640BA10156455102F1000432109261715023880605040B8423F04C06246170706C69636174696F6E2F766E642E77"
126 "61702E6D6D732D6D65737361676500B487AF848C829850765030303031365A645430008D9089178031363630373532313930382F545950"
127 "453D504C4D4E008A808E040001298D"
128 "8805810303F47B83687474703A2F2F31302E3132332E31382E38303A3138302F76564F455F3000");
129
130 ShortMessage *message = new ShortMessage();
131 if (message == nullptr) {
132 return;
133 }
134 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
135 delete message;
136 }
137
DataSmsDeliverySms()138 void DataSmsDeliverySms()
139 {
140 std::vector<unsigned char> pdu = StringUtils::HexToByteVector(
141 "0891683110808805F0640D91686106571209F80000327030021205231306050400640000E8329BFD06DDDF723619");
142
143 ShortMessage *message = new ShortMessage();
144 if (message == nullptr) {
145 return;
146 }
147 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
148 delete message;
149 }
150
Smsc00DeliverySms()151 void Smsc00DeliverySms()
152 {
153 std::vector<unsigned char> pdu = StringUtils::HexToByteVector("00240D91689141468496F600001270721142432302B319");
154
155 ShortMessage *message = new ShortMessage();
156 if (message == nullptr) {
157 return;
158 }
159 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
160 delete message;
161 }
162
MultiPage7bitSms()163 void MultiPage7bitSms()
164 {
165 std::vector<unsigned char> pdu = StringUtils::HexToByteVector(
166 "0891683110206005F0640DA1688176251308F4000032806190051123A00500030F020162B1582C168BC562B1582C168BC562B2198D369B"
167 "CD68B5582C269BCD62B1582C168BC562B1582C168BC562B1582C168BC562B1582C168BC562B1582C168BC562B1582C168BC562B1582C16"
168 "8BC562B1582C168BC562B1582C168BC562B1582C168BC562B1582C168BC562B1582C168BC540B1582C168BC562B1582C168BC56231D98C"
169 "469BCD66");
170
171 ShortMessage *message = new ShortMessage();
172 if (message == nullptr) {
173 return;
174 }
175 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
176 delete message;
177 }
178
T7BitOtherSubmitSms()179 void T7BitOtherSubmitSms()
180 {
181 std::vector<unsigned char> pdu = StringUtils::HexToByteVector("00010005910110F0000003E17018");
182 ShortMessage *message = new ShortMessage();
183 if (message == nullptr) {
184 return;
185 }
186 ShortMessage::CreateMessage(pdu, u"3gpp", *message);
187 delete message;
188 }
189
EncodePduItemsTest(const uint8_t * data,size_t size)190 void EncodePduItemsTest(const uint8_t *data, size_t size)
191 {
192 if (!IsServiceInited()) {
193 return;
194 }
195 auto codec = std::make_shared<GsmSmsParamCodec>();
196 AddressNumber *pAddress = new AddressNumber();
197 std::string addrParam(reinterpret_cast<const char *>(data), size);
198 codec->EncodeAddressPdu(pAddress, addrParam);
199
200 uint8_t decodeData[UINT8_COUNT + 1];
201 uint16_t len = UINT8_COUNT < size ? UINT8_COUNT : size;
202 if (memcpy_s(decodeData, len, data, len) != EOK) {
203 return;
204 }
205 codec->EncodeSmscPdu(addrParam.c_str(), decodeData);
206 pAddress->address[0] = data[0];
207 codec->EncodeAddressPdu(pAddress, addrParam);
208 codec->EncodeSmscPdu(pAddress, decodeData, len);
209 codec->EncodeAddressPdu(nullptr, addrParam);
210 codec->EncodeSmscPdu(nullptr, decodeData);
211 codec->EncodeSmscPdu(nullptr, decodeData, len);
212
213 std::string timeParam(reinterpret_cast<const char *>(data), size);
214 codec->EncodeTimePdu(nullptr, timeParam);
215 SmsTimeStamp *stamp = new SmsTimeStamp();
216 stamp->format = static_cast<SmsTimeFormat>(size % TIME_FORMAT_SIZE);
217 stamp->time.absolute.timeZone = size;
218 codec->EncodeTimePdu(stamp, timeParam);
219
220 SmsDcs *dcs = new SmsDcs();
221 std::string dcsParam(reinterpret_cast<const char *>(data), size);
222 codec->EncodeDCS(nullptr, dcsParam);
223 dcs->codingGroup = static_cast<PduSchemeGroup>(size % CODE_SCHEME_SIZE);
224 dcs->codingScheme = static_cast<DataCodingScheme>(size % CODE_SCHEME_SIZE);
225 codec->EncodeDCS(dcs, dcsParam);
226 }
227
DecodePduItemsTest(const uint8_t * data,size_t size)228 void DecodePduItemsTest(const uint8_t *data, size_t size)
229 {
230 if (!IsServiceInited()) {
231 return;
232 }
233 T7BitSubmitSms();
234 Ucs2SubmitSms();
235 T7BitDeliverySms();
236 Ucs2DeliverySms();
237 StatusReportSms();
238 MultiPageUcs2Sms();
239 WapPushSms();
240 DataSmsDeliverySms();
241 Smsc00DeliverySms();
242 MultiPage7bitSms();
243 T7BitOtherSubmitSms();
244 auto codec = std::make_shared<GsmSmsParamCodec>();
245 std::string pdu(reinterpret_cast<const char *>(data), size);
246 SmsReadBuffer buffer(pdu);
247 AddressNumber *address = new AddressNumber();
248 codec->DecodeAddressPdu(buffer, address);
249
250 SmsTimeStamp *stamp = new SmsTimeStamp();
251 codec->DecodeTimePdu(buffer, stamp);
252
253 SmsDcs *dcs = new SmsDcs();
254 codec->DecodeDcsPdu(buffer, dcs);
255
256 int32_t setType[UINT8_COUNT] = { 0 };
257 int32_t indType[UINT8_COUNT] { 0 };
258 codec->CheckVoicemail(buffer, setType, indType);
259 }
260
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)261 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
262 {
263 if (data == nullptr || size == 0) {
264 return;
265 }
266
267 EncodePduItemsTest(data, size);
268 DecodePduItemsTest(data, size);
269 sleep(SLEEP_TIME_SECONDS);
270 DelayedSingleton<SmsService>::DestroyInstance();
271 }
272 } // namespace OHOS
273
274 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)275 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
276 {
277 /* Run your code on data */
278 OHOS::AddSmsTokenFuzzer token;
279 OHOS::DoSomethingInterestingWithMyAPI(data, size);
280 return 0;
281 }
282