1 /*
2 * Copyright (C) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "mdns_client_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <securec.h>
21
22 #include "i_mdns_event.h"
23 #include "iservice_registry.h"
24 #include "message_parcel.h"
25 #include "net_manager_ext_constants.h"
26 #include "refbase.h"
27 #include "system_ability_definition.h"
28 #include "netmgr_ext_log_wrapper.h"
29 #include "mdns_protocol_impl.h"
30 #define private public
31 #include "mdns_client.h"
32 #include "mdns_service.h"
33 #undef private
34
35 namespace OHOS {
36 namespace NetManagerStandard {
37
38 class IRegistrationCallbackTest : public IRemoteStub<IRegistrationCallback> {
39 public:
HandleRegister(const MDnsServiceInfo & serviceInfo,int32_t retCode)40 void HandleRegister(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleUnRegister(const MDnsServiceInfo & serviceInfo,int32_t retCode)41 void HandleUnRegister(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleRegisterResult(const MDnsServiceInfo & serviceInfo,int32_t retCode)42 void HandleRegisterResult(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
43 };
44
45 class IDiscoveryCallbackTest : public IRemoteStub<IDiscoveryCallback> {
46 public:
HandleStartDiscover(const MDnsServiceInfo & serviceInfo,int32_t retCode)47 void HandleStartDiscover(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleStopDiscover(const MDnsServiceInfo & serviceInfo,int32_t retCode)48 void HandleStopDiscover(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleServiceFound(const MDnsServiceInfo & serviceInfo,int32_t retCode)49 void HandleServiceFound(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
HandleServiceLost(const MDnsServiceInfo & serviceInfo,int32_t retCode)50 void HandleServiceLost(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
51 };
52
53 class IResolveCallbackTest : public IRemoteStub<IResolveCallback> {
54 public:
HandleResolveResult(const MDnsServiceInfo & serviceInfo,int32_t retCode)55 void HandleResolveResult(const MDnsServiceInfo &serviceInfo, int32_t retCode) override {}
56 };
57
58 static const uint8_t *g_baseFuzzData = nullptr;
59 static size_t g_baseFuzzSize = 0;
60 static size_t g_baseFuzzPos;
61 static bool g_isInited = false;
62 static constexpr size_t STR_LEN = 10;
63
InitGlobalData(const uint8_t * data,size_t size)64 bool InitGlobalData(const uint8_t *data, size_t size)
65 {
66 if (data == nullptr || size == 0) {
67 return false;
68 }
69 g_baseFuzzData = data;
70 g_baseFuzzSize = size;
71 g_baseFuzzPos = 0;
72 return true;
73 }
74
GetData()75 template <class T> T GetData()
76 {
77 T object{};
78 size_t objectSize = sizeof(object);
79 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
80 return object;
81 }
82 errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
83 if (ret != EOK) {
84 return {};
85 }
86 g_baseFuzzPos += objectSize;
87 return object;
88 }
89
GetStringFromData(int strlen)90 std::string GetStringFromData(int strlen)
91 {
92 char cstr[strlen];
93 cstr[strlen - 1] = '\0';
94 for (int i = 0; i < strlen - 1; i++) {
95 cstr[i] = GetData<char>();
96 }
97 std::string str(cstr);
98 return str;
99 }
100
WriteInterfaceToken(MessageParcel & data)101 bool WriteInterfaceToken(MessageParcel &data)
102 {
103 return data.WriteInterfaceToken(IMDnsService::GetDescriptor());
104 }
105
GetMessageParcel(const uint8_t * data,size_t size,MessageParcel & dataParcel)106 __attribute__((no_sanitize("cfi"))) bool GetMessageParcel(const uint8_t *data, size_t size, MessageParcel &dataParcel)
107 {
108 if (!InitGlobalData(data, size)) {
109 return false;
110 }
111
112 if (!WriteInterfaceToken(dataParcel)) {
113 return false;
114 }
115
116 sptr<MDnsServiceInfo> info = new (std::nothrow) MDnsServiceInfo();
117 info->name = GetStringFromData(STR_LEN);
118 info->type = GetStringFromData(STR_LEN);
119 info->family = GetData<int32_t>();
120 info->addr = GetStringFromData(STR_LEN);
121 info->port = GetData<int32_t>();
122 std::string str = GetStringFromData(STR_LEN);
123 info->txtRecord = std::vector<uint8_t>(str.begin(), str.end());
124 if (!MDnsServiceInfo::Marshalling(dataParcel, info)) {
125 return false;
126 }
127
128 return true;
129 }
130
Init()131 void Init()
132 {
133 if (!g_isInited) {
134 DelayedSingleton<MDnsService>::GetInstance()->Init();
135 g_isInited = true;
136 }
137 }
138
OnRemoteRequest(uint32_t code,MessageParcel & data)139 __attribute__((no_sanitize("cfi"))) int32_t OnRemoteRequest(uint32_t code, MessageParcel &data)
140 {
141 if (!g_isInited) {
142 Init();
143 }
144
145 MessageParcel reply;
146 MessageOption option;
147 return DelayedSingleton<MDnsService>::GetInstance()->OnRemoteRequest(code, data, reply, option);
148 }
149
RegisterServiceFuzzTest(const uint8_t * data,size_t size)150 void RegisterServiceFuzzTest(const uint8_t *data, size_t size)
151 {
152 NETMGR_EXT_LOG_D("RegisterServiceFuzzTest enter");
153 MessageParcel dataParcel;
154 if (!GetMessageParcel(data, size, dataParcel)) {
155 return;
156 }
157
158 sptr<IRegistrationCallbackTest> callback = new (std::nothrow) IRegistrationCallbackTest();
159 if (callback == nullptr) {
160 return;
161 }
162 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
163
164 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_REGISTER), dataParcel);
165 }
166
UnRegisterServiceFuzzTest(const uint8_t * data,size_t size)167 void UnRegisterServiceFuzzTest(const uint8_t *data, size_t size)
168 {
169 NETMGR_EXT_LOG_D("UnRegisterServiceFuzzTest enter");
170 MessageParcel dataParcel;
171 if (!GetMessageParcel(data, size, dataParcel)) {
172 return;
173 }
174
175 sptr<IRegistrationCallbackTest> callback = new (std::nothrow) IRegistrationCallbackTest();
176 if (callback == nullptr) {
177 return;
178 }
179 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
180
181 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_STOP_REGISTER), dataParcel);
182 }
183
StartDiscoverServiceFuzzTest(const uint8_t * data,size_t size)184 void StartDiscoverServiceFuzzTest(const uint8_t *data, size_t size)
185 {
186 NETMGR_EXT_LOG_D("StartDiscoverServiceFuzzTest enter");
187 MessageParcel dataParcel;
188 if (!GetMessageParcel(data, size, dataParcel)) {
189 return;
190 }
191
192 sptr<IDiscoveryCallbackTest> callback = new (std::nothrow) IDiscoveryCallbackTest();
193 if (callback == nullptr) {
194 return;
195 }
196 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
197
198 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_DISCOVER), dataParcel);
199 }
200
StopDiscoverServiceFuzzTest(const uint8_t * data,size_t size)201 void StopDiscoverServiceFuzzTest(const uint8_t *data, size_t size)
202 {
203 NETMGR_EXT_LOG_D("StopDiscoverServiceFuzzTest enter");
204 MessageParcel dataParcel;
205 if (!GetMessageParcel(data, size, dataParcel)) {
206 return;
207 }
208
209 sptr<IDiscoveryCallbackTest> callback = new (std::nothrow) IDiscoveryCallbackTest();
210 if (callback == nullptr) {
211 return;
212 }
213 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
214
215 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_STOP_DISCOVER), dataParcel);
216 }
217
ResolveServiceFuzzTest(const uint8_t * data,size_t size)218 void ResolveServiceFuzzTest(const uint8_t *data, size_t size)
219 {
220 NETMGR_EXT_LOG_D("ResolveServiceFuzzTest enter");
221 MessageParcel dataParcel;
222 if (!GetMessageParcel(data, size, dataParcel)) {
223 return;
224 }
225
226 sptr<IResolveCallbackTest> callback = new (std::nothrow) IResolveCallbackTest();
227 if (callback == nullptr) {
228 return;
229 }
230 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
231
232 OnRemoteRequest(static_cast<uint32_t>(MdnsServiceInterfaceCode::CMD_RESOLVE), dataParcel);
233 }
234
MdnsRegisterServiceFuzzTest(const uint8_t * data,size_t size)235 void MdnsRegisterServiceFuzzTest(const uint8_t *data, size_t size)
236 {
237 if (data == nullptr || size == 0) {
238 return;
239 }
240 MDnsServiceInfo serviceInfo;
241 std::string name(reinterpret_cast<const char *>(data), size);
242 serviceInfo.name = name;
243 serviceInfo.port = static_cast<int32_t>(size % STR_LEN);
244 sptr<IRegistrationCallbackTest> callback = new (std::nothrow) IRegistrationCallbackTest();
245 if (callback == nullptr) {
246 return;
247 }
248 DelayedSingleton<MDnsClient>::GetInstance()->RegisterService(serviceInfo, callback);
249 DelayedSingleton<MDnsClient>::GetInstance()->UnRegisterService(callback);
250 }
251
MdnsStartDiscoverServiceFuzzTest(const uint8_t * data,size_t size)252 void MdnsStartDiscoverServiceFuzzTest(const uint8_t *data, size_t size)
253 {
254 if (data == nullptr || size == 0) {
255 return;
256 }
257 sptr<IDiscoveryCallbackTest> callback = new (std::nothrow) IDiscoveryCallbackTest();
258 if (callback == nullptr) {
259 return;
260 }
261 std::string serviceType(reinterpret_cast<const char *>(data), size);
262 DelayedSingleton<MDnsClient>::GetInstance()->StartDiscoverService(serviceType, callback);
263 DelayedSingleton<MDnsClient>::GetInstance()->StopDiscoverService(callback);
264 }
265
MdnsResolveServiceFuzzTest(const uint8_t * data,size_t size)266 void MdnsResolveServiceFuzzTest(const uint8_t *data, size_t size)
267 {
268 if (data == nullptr || size == 0) {
269 return;
270 }
271 sptr<IResolveCallbackTest> callback = new (std::nothrow) IResolveCallbackTest();
272 if (callback == nullptr) {
273 return;
274 }
275 MDnsServiceInfo serviceInfo;
276 std::string name(reinterpret_cast<const char *>(data), size);
277 serviceInfo.port = static_cast<int32_t>(size % STR_LEN);
278 serviceInfo.name = name;
279 DelayedSingleton<MDnsClient>::GetInstance()->ResolveService(serviceInfo, callback);
280 DelayedSingleton<MDnsClient>::GetInstance()->RestartResume();
281 }
282
ReceivePacketTest(const uint8_t * data,size_t size)283 void ReceivePacketTest(const uint8_t *data, size_t size)
284 {
285 if (data == nullptr || size == 0) {
286 return;
287 }
288 std::string str = GetStringFromData(STR_LEN);
289 std::vector<uint8_t> copy = std::vector<uint8_t>(str.begin(), str.end());
290 MDnsPayloadParser parser;
291 MDnsMessage msg = parser.FromBytes(copy);
292 }
293 } // namespace NetManagerStandard
294 } // namespace OHOS
295
296 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)297 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
298 {
299 /* Run your code on data */
300 OHOS::NetManagerStandard::RegisterServiceFuzzTest(data, size);
301 OHOS::NetManagerStandard::StartDiscoverServiceFuzzTest(data, size);
302 OHOS::NetManagerStandard::StopDiscoverServiceFuzzTest(data, size);
303 OHOS::NetManagerStandard::ResolveServiceFuzzTest(data, size);
304 OHOS::NetManagerStandard::UnRegisterServiceFuzzTest(data, size);
305 OHOS::NetManagerStandard::MdnsRegisterServiceFuzzTest(data, size);
306 OHOS::NetManagerStandard::MdnsStartDiscoverServiceFuzzTest(data, size);
307 OHOS::NetManagerStandard::MdnsResolveServiceFuzzTest(data, size);
308 OHOS::NetManagerStandard::ReceivePacketTest(data, size);
309 return 0;
310 }
311