1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "hostapd_common_fuzzer.h"
16
17 #define WLAN_FREQ_MAX_NUM 35
18 #define ETH_ADDR_LEN 6
19 #define BITS_NUM_24 24
20 #define BITS_NUM_16 16
21 #define BITS_NUM_8 8
22 #define BUFFSIZE_REQUEST 4096
23
24 static uint32_t g_wpaTestSize = 0;
25 struct IHostapdCallback *g_hostapdCallbackObj = nullptr;
26
SetWpaDataSize(const uint32_t * dataSize)27 uint32_t SetWpaDataSize(const uint32_t *dataSize)
28 {
29 if (dataSize != nullptr) {
30 g_wpaTestSize = *dataSize;
31 return HDF_SUCCESS;
32 }
33 HDF_LOGE("%{public}s: set data size failed!", __FUNCTION__);
34 return HDF_FAILURE;
35 }
36
GetWpaDataSize(uint32_t * dataSize)37 uint32_t GetWpaDataSize(uint32_t *dataSize)
38 {
39 if (dataSize != nullptr) {
40 *dataSize = g_wpaTestSize;
41 return HDF_SUCCESS;
42 }
43 HDF_LOGE("%{public}s: get data size failed!", __FUNCTION__);
44 return HDF_FAILURE;
45 }
46
Convert2Uint32(const uint8_t * ptr)47 uint32_t Convert2Uint32(const uint8_t *ptr)
48 {
49 if (ptr == nullptr) {
50 return 0;
51 }
52 /*
53 * Move the 0th digit 24 to the left, the first digit 16 to the left, the second digit 8 to the left,
54 * and the third digit no left
55 */
56 return (ptr[0] << BITS_NUM_24) | (ptr[1] << BITS_NUM_16) | (ptr[2] << BITS_NUM_8) | (ptr[3]);
57 }
58
PreProcessRawData(const uint8_t * rawData,size_t size,uint8_t * tmpRawData,size_t tmpRawDataSize)59 bool PreProcessRawData(const uint8_t *rawData, size_t size, uint8_t *tmpRawData, size_t tmpRawDataSize)
60 {
61 if (rawData == nullptr || tmpRawData == nullptr) {
62 HDF_LOGE("%{public}s: rawData or tmpRawData is nullptr!", __FUNCTION__);
63 return false;
64 }
65 uint32_t dataSize = size - OFFSET;
66 if (memcpy_s(tmpRawData, tmpRawDataSize, rawData + OFFSET, dataSize) != EOK) {
67 HDF_LOGE("%{public}s: memcpy_s failed!", __FUNCTION__);
68 return false;
69 }
70 if (SetWpaDataSize(&dataSize) != HDF_SUCCESS) {
71 HDF_LOGE("%{public}s: set data size failed!", __FUNCTION__);
72 return false;
73 }
74 return true;
75 }
76
FuzzHostapdInterfaceStartAp(struct IHostapdInterface * interface,const uint8_t * rawData)77 void FuzzHostapdInterfaceStartAp(struct IHostapdInterface *interface, const uint8_t *rawData)
78 {
79 interface->StartAp(interface);
80 HDF_LOGI("%{public}s: success", __FUNCTION__);
81 }
82
FuzzHostapdInterfaceStopAp(struct IHostapdInterface * interface,const uint8_t * rawData)83 void FuzzHostapdInterfaceStopAp(struct IHostapdInterface *interface, const uint8_t *rawData)
84 {
85 interface->StopAp(interface);
86 HDF_LOGI("%{public}s: success", __FUNCTION__);
87 }
88
FuzzHostapdInterfaceEnableAp(struct IHostapdInterface * interface,const uint8_t * rawData)89 void FuzzHostapdInterfaceEnableAp(struct IHostapdInterface *interface, const uint8_t *rawData)
90 {
91 const char *ifName = reinterpret_cast<const char *>(rawData);
92 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
93
94 interface->EnableAp(interface, ifName, id);
95 HDF_LOGI("%{public}s: success", __FUNCTION__);
96 }
97
FuzzHostapdInterfaceDisableAp(struct IHostapdInterface * interface,const uint8_t * rawData)98 void FuzzHostapdInterfaceDisableAp(struct IHostapdInterface *interface, const uint8_t *rawData)
99 {
100 const char *ifName = reinterpret_cast<const char *>(rawData);
101 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
102
103 interface->DisableAp(interface, ifName, id);
104 HDF_LOGI("%{public}s: success", __FUNCTION__);
105 }
106
FuzzHostapdInterfaceSetApPasswd(struct IHostapdInterface * interface,const uint8_t * rawData)107 void FuzzHostapdInterfaceSetApPasswd(struct IHostapdInterface *interface, const uint8_t *rawData)
108 {
109 const char *ifName = reinterpret_cast<const char *>(rawData);
110 const char *pass = reinterpret_cast<const char *>(rawData);
111 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
112
113 interface->SetApPasswd(interface, ifName, pass, id);
114 HDF_LOGI("%{public}s: success", __FUNCTION__);
115 }
116
FuzzHostapdInterfaceSetApName(struct IHostapdInterface * interface,const uint8_t * rawData)117 void FuzzHostapdInterfaceSetApName(struct IHostapdInterface *interface, const uint8_t *rawData)
118 {
119 const char *ifName = reinterpret_cast<const char *>(rawData);
120 const char *name = reinterpret_cast<const char *>(rawData);
121 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
122
123 interface->SetApName(interface, ifName, name, id);
124 HDF_LOGI("%{public}s: success", __FUNCTION__);
125 }
126
FuzzHostapdInterfaceSetApBand(struct IHostapdInterface * interface,const uint8_t * rawData)127 void FuzzHostapdInterfaceSetApBand(struct IHostapdInterface *interface, const uint8_t *rawData)
128 {
129 const char *ifName = reinterpret_cast<const char *>(rawData);
130 int32_t band = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
131 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
132
133 interface->SetApBand(interface, ifName, band, id);
134 HDF_LOGI("%{public}s: success", __FUNCTION__);
135 }
136
FuzzHostapdInterfaceSetAp80211n(struct IHostapdInterface * interface,const uint8_t * rawData)137 void FuzzHostapdInterfaceSetAp80211n(struct IHostapdInterface *interface, const uint8_t *rawData)
138 {
139 const char *ifName = reinterpret_cast<const char *>(rawData);
140 int32_t value = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
141 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
142
143 interface->SetAp80211n(interface, ifName, value, id);
144 HDF_LOGI("%{public}s: success", __FUNCTION__);
145 }
146
FuzzHostapdInterfaceSetApWmm(struct IHostapdInterface * interface,const uint8_t * rawData)147 void FuzzHostapdInterfaceSetApWmm(struct IHostapdInterface *interface, const uint8_t *rawData)
148 {
149 const char *ifName = reinterpret_cast<const char *>(rawData);
150 int32_t value = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
151 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
152
153 interface->SetApWmm(interface, ifName, value, id);
154 HDF_LOGI("%{public}s: success", __FUNCTION__);
155 }
156
FuzzHostapdInterfaceSetApChannel(struct IHostapdInterface * interface,const uint8_t * rawData)157 void FuzzHostapdInterfaceSetApChannel(struct IHostapdInterface *interface, const uint8_t *rawData)
158 {
159 const char *ifName = reinterpret_cast<const char *>(rawData);
160 int32_t channel = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
161 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
162
163 interface->SetApChannel(interface, ifName, channel, id);
164 HDF_LOGI("%{public}s: success", __FUNCTION__);
165 }
166
FuzzHostapdInterfaceSetApMaxConn(struct IHostapdInterface * interface,const uint8_t * rawData)167 void FuzzHostapdInterfaceSetApMaxConn(struct IHostapdInterface *interface, const uint8_t *rawData)
168 {
169 const char *ifName = reinterpret_cast<const char *>(rawData);
170 int32_t maxConn = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
171 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
172
173 interface->SetApMaxConn(interface, ifName, maxConn, id);
174 HDF_LOGI("%{public}s: success", __FUNCTION__);
175 }
176
FuzzHostapdInterfaceSetMacFilter(struct IHostapdInterface * interface,const uint8_t * rawData)177 void FuzzHostapdInterfaceSetMacFilter(struct IHostapdInterface *interface, const uint8_t *rawData)
178 {
179 const char *ifName = reinterpret_cast<const char *>(rawData);
180 const char *mac = reinterpret_cast<const char *>(rawData);
181 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
182
183 interface->SetMacFilter(interface, ifName, mac, id);
184 HDF_LOGI("%{public}s: success", __FUNCTION__);
185 }
186
FuzzHostapdInterfaceDelMacFilter(struct IHostapdInterface * interface,const uint8_t * rawData)187 void FuzzHostapdInterfaceDelMacFilter(struct IHostapdInterface *interface, const uint8_t *rawData)
188 {
189 const char *ifName = reinterpret_cast<const char *>(rawData);
190 const char *mac = reinterpret_cast<const char *>(rawData);
191 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
192
193 interface->DelMacFilter(interface, ifName, mac, id);
194 HDF_LOGI("%{public}s: success", __FUNCTION__);
195 }
196
FuzzHostapdInterfaceGetStaInfos(struct IHostapdInterface * interface,const uint8_t * rawData)197 void FuzzHostapdInterfaceGetStaInfos(struct IHostapdInterface *interface, const uint8_t *rawData)
198 {
199 const char *ifName = reinterpret_cast<const char *>(rawData);
200 char buf[BUFFSIZE_REQUEST] = {0};
201 uint32_t bufLen = *const_cast<uint32_t *>(reinterpret_cast<const uint32_t *>(rawData));
202 int32_t size = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
203 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
204
205 interface->GetStaInfos(interface, ifName, buf, bufLen, size, id);
206 HDF_LOGI("%{public}s: success", __FUNCTION__);
207 }
208
FuzzHostapdInterfaceDisassociateSta(struct IHostapdInterface * interface,const uint8_t * rawData)209 void FuzzHostapdInterfaceDisassociateSta(struct IHostapdInterface *interface, const uint8_t *rawData)
210 {
211 const char *ifName = reinterpret_cast<const char *>(rawData);
212 const char *mac = reinterpret_cast<const char *>(rawData);
213 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
214
215 interface->DisassociateSta(interface, ifName, mac, id);
216 HDF_LOGI("%{public}s: success", __FUNCTION__);
217 }
218
FuzzHostapdInterfaceRegisterEventCallback(struct IHostapdInterface * interface,const uint8_t * rawData)219 void FuzzHostapdInterfaceRegisterEventCallback(struct IHostapdInterface *interface, const uint8_t *rawData)
220 {
221 const char *ifName = reinterpret_cast<const char *>(rawData);
222
223 interface->RegisterEventCallback(interface, g_hostapdCallbackObj, ifName);
224 HDF_LOGI("%{public}s: success", __FUNCTION__);
225 }
226
FuzzHostapdInterfaceUnregisterEventCallback(struct IHostapdInterface * interface,const uint8_t * rawData)227 void FuzzHostapdInterfaceUnregisterEventCallback(struct IHostapdInterface *interface, const uint8_t *rawData)
228 {
229 const char *ifName = reinterpret_cast<const char *>(rawData);
230
231 interface->UnregisterEventCallback(interface, g_hostapdCallbackObj, ifName);
232 HDF_LOGI("%{public}s: success", __FUNCTION__);
233 }
234
FuzzHostapdInterfaceReloadApConfigInfo(struct IHostapdInterface * interface,const uint8_t * rawData)235 void FuzzHostapdInterfaceReloadApConfigInfo(struct IHostapdInterface *interface, const uint8_t *rawData)
236 {
237 const char *ifName = reinterpret_cast<const char *>(rawData);
238 int32_t id = *const_cast<int32_t *>(reinterpret_cast<const int32_t *>(rawData));
239
240 interface->ReloadApConfigInfo(interface, ifName, id);
241 HDF_LOGI("%{public}s: success", __FUNCTION__);
242 }
243