1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "soft_bus_fuzzer.h"
17 
18 #include "parcel.h"
19 
20 #include "soft_bus_base_socket.h"
21 #include "soft_bus_client_socket.h"
22 #include "soft_bus_manager.h"
23 #include "soft_bus_message.h"
24 #include "soft_bus_server_socket.h"
25 #include "soft_bus_socket_listener.h"
26 #include "iam_fuzz_test.h"
27 #include "iam_logger.h"
28 #include "iam_ptr.h"
29 
30 #define LOG_TAG "USER_AUTH_SA"
31 
32 using namespace std;
33 
34 namespace OHOS {
35 namespace UserIam {
36 namespace UserAuth {
37 namespace {
38 
FuzzSoftBusManagerSecond(SoftBusManager & softBusManager)39 void FuzzSoftBusManagerSecond(SoftBusManager &softBusManager)
40 {
41     IAM_LOGI("start");
42     softBusManager.GetServerSocket();
43     softBusManager.Stop();
44     softBusManager.RegistDeviceManagerListener();
45     softBusManager.UnRegistDeviceManagerListener();
46     softBusManager.RegistSoftBusListener();
47     softBusManager.UnRegistSoftBusListener();
48     softBusManager.DeviceInit();
49     softBusManager.DeviceUnInit();
50     softBusManager.ServiceSocketInit();
51     softBusManager.ServiceSocketUnInit();
52     softBusManager.ClearServerSocket();
53     IAM_LOGI("end");
54 }
55 
FuzzSoftBusBaseSocketSecond(Parcel & parcel)56 void FuzzSoftBusBaseSocketSecond(Parcel &parcel)
57 {
58     int32_t socketId = parcel.ReadInt32();
59     auto clientSocket = Common::MakeShared<ClientSocket>(socketId);
60     PeerSocketInfo info;
61     clientSocket->OnBind(socketId, info);
62     clientSocket->GetNetworkId();
63     std::string networkId = parcel.ReadString();
64     char message[] = "testMesage";
65     uint32_t messageLen = sizeof(message) / sizeof(char);
66     clientSocket->ParseMessage(networkId, message, messageLen);
67     ShutdownReason reason = SHUTDOWN_REASON_LOCAL;
68     clientSocket->OnShutdown(socketId, reason);
69     clientSocket->OnBytes(socketId, message, messageLen);
70     clientSocket->SetNetworkId(networkId);
71     clientSocket->SendKeepAliveMessage();
72     std::vector<uint8_t> attr;
73     Common::FillFuzzUint8Vector(parcel, attr);
74     auto attributes = Common::MakeShared<Attributes>(attr);
75     std::shared_ptr<SoftBusMessage> softBusMessage1 =
76         Common::MakeShared<SoftBusMessage>(0, networkId, networkId, networkId, attributes);
77     clientSocket->ProcDataReceive(socketId, softBusMessage1);
78     softBusMessage1->isAck_ = true;
79     clientSocket->ProcDataReceive(socketId, softBusMessage1);
80     softBusMessage1 =
81         Common::MakeShared<SoftBusMessage>(0, networkId, networkId, networkId, nullptr);
82     clientSocket->ProcDataReceive(socketId, softBusMessage1);
83 }
84 
FuzzSoftBusBaseSocketFisrst(Parcel & parcel)85 void FuzzSoftBusBaseSocketFisrst(Parcel &parcel)
86 {
87     IAM_LOGI("start");
88     std::string connectionName = parcel.ReadString();
89     int32_t socketId = parcel.ReadInt32();
90     auto clientSocket = Common::MakeShared<ClientSocket>(socketId);
91     clientSocket->GetSocketId();
92     std::string srcEndPoint = parcel.ReadString();
93     std::string destEndPoint = parcel.ReadString();
94     std::vector<uint8_t> attr;
95     Common::FillFuzzUint8Vector(parcel, attr);
96     auto attributes = Common::MakeShared<Attributes>(attr);
97     std::shared_ptr<Attributes> request = Common::MakeShared<Attributes>(attributes->Serialize());
98     MsgCallback callback = [](const std::shared_ptr<Attributes> &) { IAM_LOGI("message sent"); };
99     clientSocket->SendMessage(connectionName, srcEndPoint, destEndPoint, attributes, callback);
100     uint32_t messageSeq = parcel.ReadUint32();
101     clientSocket->SendResponse(socketId, connectionName, srcEndPoint, destEndPoint, attributes, messageSeq);
102     std::string networkId = parcel.ReadString();
103     clientSocket->GetConnectionName();
104     clientSocket->GetMsgCallback(messageSeq);
105     uint32_t timerId = parcel.ReadUint32();
106     clientSocket->InsertMsgCallback(messageSeq, connectionName, callback, timerId);
107     clientSocket->RemoveMsgCallback(messageSeq);
108     clientSocket->GetReplyTimer(messageSeq);
109     clientSocket->StartReplyTimer(messageSeq);
110     clientSocket->StopReplyTimer(messageSeq);
111     clientSocket->ReplyTimerTimeOut(messageSeq);
112     clientSocket->GetMessageSeq();
113     clientSocket->SetDeviceNetworkId(networkId, attributes);
114     clientSocket->PrintTransferDuration(messageSeq);
115     clientSocket->SetConnectionName(connectionName);
116     FuzzSoftBusBaseSocketSecond(parcel);
117     IAM_LOGI("end");
118 }
119 
FuzzSoftBusServerSocketFisrst(Parcel & parcel)120 void FuzzSoftBusServerSocketFisrst(Parcel &parcel)
121 {
122     IAM_LOGI("start");
123     int32_t socketId = parcel.ReadInt32();
124     auto serverSocket = Common::MakeShared<ServerSocket>(socketId);
125     std::string connectionName = parcel.ReadString();
126     ShutdownReason reason = SHUTDOWN_REASON_LOCAL;
127     serverSocket->OnShutdown(socketId, reason);
128     serverSocket->GetConnectionName();
129     std::string networkId = parcel.ReadString();
130     serverSocket->GetNetworkId();
131     serverSocket->AddServerSocket(socketId, networkId);
132     serverSocket->DeleteServerSocket(socketId);
133     serverSocket->AddClientConnection(socketId, connectionName);
134     serverSocket->DeleteClientConnection(socketId);
135     serverSocket->GetNetworkIdBySocketId(socketId);
136     serverSocket->GetClientConnectionName(socketId);
137     serverSocket->GetSocketIdByClientConnectionName(connectionName);
138     std::vector<uint8_t> attr;
139     Common::FillFuzzUint8Vector(parcel, attr);
140     auto attributes = Common::MakeShared<Attributes>(attr);
141     MsgCallback callback = nullptr;
142     serverSocket->SendMessage(connectionName, connectionName, connectionName, attributes, callback);
143     std::string data = parcel.ReadString();
144     serverSocket->OnBytes(socketId, &data, data.size());
145     IAM_LOGI("end");
146 }
147 
FuzzSoftBusManagerFisrst(Parcel & parcel)148 void FuzzSoftBusManagerFisrst(Parcel &parcel)
149 {
150     IAM_LOGI("start");
151     SoftBusManager softBusManager;
152     softBusManager.Stop();
153     softBusManager.Start();
154     softBusManager.Start();
155     int32_t socketId = parcel.ReadInt32();
156     std::shared_ptr<BaseSocket> clientSocket1 = Common::MakeShared<ClientSocket>(socketId);
157     softBusManager.serverSocket_ = clientSocket1;
158     uint32_t tokenId = parcel.ReadUint32();
159     std::string networkId = parcel.ReadString();
160     std::string connectionName = parcel.ReadString();
161     softBusManager.OpenConnection(connectionName, tokenId, networkId);
162     std::string srcEndPoint = parcel.ReadString();
163     std::string destEndPoint = parcel.ReadString();
164     std::vector<uint8_t> attr;
165     Common::FillFuzzUint8Vector(parcel, attr);
166     auto attributes = Common::MakeShared<Attributes>(attr);
167     MsgCallback callback = nullptr;
168     softBusManager.SendMessage(connectionName, srcEndPoint, destEndPoint, attributes, callback);
169     softBusManager.FindClientSocket(connectionName);
170     PeerSocketInfo info;
171     softBusManager.OnBind(socketId, info);
172     ShutdownReason reason = SHUTDOWN_REASON_LOCAL;
173     softBusManager.OnShutdown(socketId, reason);
174     int socketId1 = INVALID_SOCKET_ID;
175     softBusManager.OnShutdown(socketId1, reason);
176     std::string data = parcel.ReadString();
177     softBusManager.OnClientBytes(socketId, &data, data.size());
178     softBusManager.OnServerBytes(socketId, &data, data.size());
179     softBusManager.DoOpenConnection(connectionName, tokenId, networkId);
180     FuzzSoftBusManagerSecond(softBusManager);
181     softBusManager.CloseConnection(connectionName);
182     softBusManager.ServiceSocketListen(socketId);
183     softBusManager.ClientSocketBind(socketId);
184     std::string src = parcel.ReadString();
185     softBusManager.CheckAndCopyStr(nullptr, 0, src);
186     softBusManager.AddConnection(connectionName, clientSocket1);
187     softBusManager.DeleteConnection(connectionName);
188     softBusManager.AddSocket(socketId, clientSocket1);
189     softBusManager.DeleteSocket(socketId);
190     softBusManager.SetServerSocket(clientSocket1);
191     softBusManager.SendMessage(connectionName, srcEndPoint, destEndPoint, attributes, callback);
192     softBusManager.DoCloseConnection(connectionName);
193     IAM_LOGI("end");
194 }
195 
196 using FuzzFunc = decltype(FuzzSoftBusManagerFisrst);
197 FuzzFunc *g_fuzzFuncs[] = {
198     FuzzSoftBusManagerFisrst,
199     FuzzSoftBusBaseSocketFisrst,
200     FuzzSoftBusServerSocketFisrst,
201 };
202 
SoftBusFuzzTest(const uint8_t * data,size_t size)203 void SoftBusFuzzTest(const uint8_t *data, size_t size)
204 {
205     Parcel parcel;
206     parcel.WriteBuffer(data, size);
207     parcel.RewindRead(0);
208     uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
209     auto fuzzFunc = g_fuzzFuncs[index];
210     fuzzFunc(parcel);
211     return;
212 }
213 
214 } // namespace
215 } // namespace UserAuth
216 } // namespace UserIam
217 } // namespace OHOS
218 
219 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)220 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
221 {
222     /* Run your code on data */
223     OHOS::UserIam::UserAuth::SoftBusFuzzTest(data, size);
224     return 0;
225 }
226