1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "wifihotspotstub_fuzzer.h"
17 #include "wifi_fuzz_common_func.h"
18
19 #include <cstddef>
20 #include <cstdint>
21 #include <unistd.h>
22 #include "wifi_hotspot_stub.h"
23 #include "wifi_device_stub.h"
24 #include "wifi_device_service_impl.h"
25 #include "message_parcel.h"
26 #include "securec.h"
27 #include "define.h"
28 #include "wifi_manager_service_ipc_interface_code.h"
29 #include "wifi_hotspot_service_impl.h"
30 #include "wifi_hotspot_mgr_stub.h"
31 #include "wifi_hotspot_mgr_service_impl.h"
32 #include "wifi_log.h"
33 #include <mutex>
34 #include "wifi_config_center.h"
35 #include "wifi_settings.h"
36 #include "wifi_common_def.h"
37 #include "wifi_manager.h"
38 #include "wifi_net_agent.h"
39
40 namespace OHOS {
41 namespace Wifi {
42 constexpr size_t U32_AT_SIZE_ZERO = 4;
43 constexpr int THREE = 8;
44 const std::u16string FORMMGR_INTERFACE_TOKEN = u"ohos.wifi.IWifiHotspotService";
45 const std::u16string FORMMGR_INTERFACE_TOKEN_DEVICE = u"ohos.wifi.IWifiDeviceService";
46 const std::u16string FORMMGR_INTERFACE_TOKEN_HOSPOT_EX = u"ohos.wifi.IWifiHotspotMgr";
47 static bool g_isInsted = false;
48 static std::mutex g_instanceLock;
49 std::shared_ptr<WifiDeviceStub> pWifiDeviceStub = std::make_shared<WifiDeviceServiceImpl>();
50 std::shared_ptr<WifiHotspotStub> pWifiHotspotServiceImpl = std::make_shared<WifiHotspotServiceImpl>();
51 sptr<WifiHotspotMgrStub> pWifiHotspotMgrStub = WifiHotspotMgrServiceImpl::GetInstance();
52
Init()53 bool Init()
54 {
55 if (!g_isInsted) {
56 if (WifiConfigCenter::GetInstance().GetApMidState(0) != WifiOprMidState::RUNNING) {
57 LOGE("Init setmidstate!");
58 WifiConfigCenter::GetInstance().SetApMidState(WifiOprMidState::RUNNING, 0);
59 }
60 g_isInsted = true;
61 }
62 return true;
63 }
64
OnRemoteRequest(uint32_t code,MessageParcel & data)65 bool OnRemoteRequest(uint32_t code, MessageParcel &data)
66 {
67 std::unique_lock<std::mutex> autoLock(g_instanceLock);
68 if (!g_isInsted) {
69 if (!Init()) {
70 LOGE("OnRemoteRequest Init failed!");
71 return false;
72 }
73 }
74 MessageParcel reply;
75 MessageOption option;
76 pWifiHotspotServiceImpl->OnRemoteRequest(code, data, reply, option);
77 return true;
78 }
79
OnIsHotspotActiveFuzzTest(const uint8_t * data,size_t size)80 void OnIsHotspotActiveFuzzTest(const uint8_t* data, size_t size)
81 {
82 MessageParcel datas;
83 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
84 LOGE("WriteInterfaceToken failed!");
85 return;
86 }
87 datas.WriteInt32(0);
88 datas.WriteBuffer(data, size);
89 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_IS_HOTSPOT_ACTIVE), datas);
90 }
91
OnGetApStateWifiFuzzTest(const uint8_t * data,size_t size)92 void OnGetApStateWifiFuzzTest(const uint8_t* data, size_t size)
93 {
94 MessageParcel datas;
95 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
96 LOGE("WriteInterfaceToken failed!");
97 return;
98 }
99 datas.WriteInt32(0);
100 datas.WriteBuffer(data, size);
101 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GETAPSTATE_WIFI), datas);
102 }
103
OnGetHotspotConfigFuzzTest(const uint8_t * data,size_t size)104 void OnGetHotspotConfigFuzzTest(const uint8_t* data, size_t size)
105 {
106 MessageParcel datas;
107 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
108 LOGE("WriteInterfaceToken failed!");
109 return;
110 }
111 datas.WriteInt32(0);
112 datas.WriteBuffer(data, size);
113 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_HOTSPOT_CONFIG), datas);
114 }
115
OnSetApConfigWifiFuzzTest(const uint8_t * data,size_t size)116 void OnSetApConfigWifiFuzzTest(const uint8_t* data, size_t size)
117 {
118 MessageParcel datas;
119 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
120 LOGE("WriteInterfaceToken failed!");
121 return;
122 }
123 datas.WriteInt32(0);
124 datas.WriteBuffer(data, size);
125 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_SETAPCONFIG_WIFI), datas);
126 }
127
OnGetStationListFuzzTest(const uint8_t * data,size_t size)128 void OnGetStationListFuzzTest(const uint8_t* data, size_t size)
129 {
130 MessageParcel datas;
131 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
132 LOGE("WriteInterfaceToken failed!");
133 return;
134 }
135 datas.WriteInt32(0);
136 datas.WriteBuffer(data, size);
137 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_STATION_LIST), datas);
138 }
139
OnAddBlockListFuzzTest(const uint8_t * data,size_t size)140 void OnAddBlockListFuzzTest(const uint8_t* data, size_t size)
141 {
142 MessageParcel datas;
143 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
144 LOGE("WriteInterfaceToken failed!");
145 return;
146 }
147 datas.WriteInt32(0);
148 datas.WriteBuffer(data, size);
149 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_ADD_BLOCK_LIST), datas);
150 }
151
OnDelBlockListFuzzTest(const uint8_t * data,size_t size)152 void OnDelBlockListFuzzTest(const uint8_t* data, size_t size)
153 {
154 MessageParcel datas;
155 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
156 LOGE("WriteInterfaceToken failed!");
157 return;
158 }
159 datas.WriteInt32(0);
160 datas.WriteBuffer(data, size);
161 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_DEL_BLOCK_LIST), datas);
162 }
163
OnGetBlockListsFuzzTest(const uint8_t * data,size_t size)164 void OnGetBlockListsFuzzTest(const uint8_t* data, size_t size)
165 {
166 MessageParcel datas;
167 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
168 LOGE("WriteInterfaceToken failed!");
169 return;
170 }
171 datas.WriteInt32(0);
172 datas.WriteBuffer(data, size);
173 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_BLOCK_LISTS), datas);
174 }
175
OnGetValidBandsFuzzTest(const uint8_t * data,size_t size)176 void OnGetValidBandsFuzzTest(const uint8_t* data, size_t size)
177 {
178 MessageParcel datas;
179 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
180 LOGE("WriteInterfaceToken failed!");
181 return;
182 }
183 datas.WriteInt32(0);
184 datas.WriteBuffer(data, size);
185 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_VALID_BANDS), datas);
186 }
187
OnDisassociateStaFuzzTest(const uint8_t * data,size_t size)188 void OnDisassociateStaFuzzTest(const uint8_t* data, size_t size)
189 {
190 MessageParcel datas;
191 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
192 LOGE("WriteInterfaceToken failed!");
193 return;
194 }
195 datas.WriteInt32(0);
196 datas.WriteBuffer(data, size);
197 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_DISCONNECT_STA), datas);
198 }
199
OnGetValidChannelsFuzzTest(const uint8_t * data,size_t size)200 void OnGetValidChannelsFuzzTest(const uint8_t* data, size_t size)
201 {
202 MessageParcel datas;
203 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
204 LOGE("WriteInterfaceToken failed!");
205 return;
206 }
207 datas.WriteInt32(0);
208 datas.WriteBuffer(data, size);
209 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_VALID_CHANNELS), datas);
210 }
211
OnRegisterCallBackFuzzTest(const uint8_t * data,size_t size)212 void OnRegisterCallBackFuzzTest(const uint8_t* data, size_t size)
213 {
214 MessageParcel datas;
215 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
216 LOGE("WriteInterfaceToken failed!");
217 return;
218 }
219 datas.WriteInt32(0);
220 datas.WriteBuffer(data, size);
221 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_REGISTER_HOTSPOT_CALLBACK), datas);
222 }
223
OnGetSupportedPowerModelFuzzTest(const uint8_t * data,size_t size)224 void OnGetSupportedPowerModelFuzzTest(const uint8_t* data, size_t size)
225 {
226 MessageParcel datas;
227 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
228 LOGE("WriteInterfaceToken failed!");
229 return;
230 }
231 datas.WriteInt32(0);
232 datas.WriteBuffer(data, size);
233 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_SUPPORTED_POWER_MODEL), datas);
234 }
235
OnGetPowerModelFuzzTest(const uint8_t * data,size_t size)236 void OnGetPowerModelFuzzTest(const uint8_t* data, size_t size)
237 {
238 MessageParcel datas;
239 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
240 LOGE("WriteInterfaceToken failed!");
241 return;
242 }
243 datas.WriteInt32(0);
244 datas.WriteBuffer(data, size);
245 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_POWER_MODEL), datas);
246 }
247
OnSetPowerModelFuzzTest(const uint8_t * data,size_t size)248 void OnSetPowerModelFuzzTest(const uint8_t* data, size_t size)
249 {
250 MessageParcel datas;
251 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
252 LOGE("WriteInterfaceToken failed!");
253 return;
254 }
255 datas.WriteInt32(0);
256 datas.WriteBuffer(data, size);
257 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_SET_POWER_MODEL), datas);
258 }
259
OnIsHotspotDualBandSupportedFuzzTest(const uint8_t * data,size_t size)260 void OnIsHotspotDualBandSupportedFuzzTest(const uint8_t* data, size_t size)
261 {
262 MessageParcel datas;
263 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
264 LOGE("WriteInterfaceToken failed!");
265 return;
266 }
267 datas.WriteInt32(0);
268 datas.WriteBuffer(data, size);
269 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_IS_HOTSPOT_DUAL_BAND_SUPPORTED), datas);
270 }
271
OnSetApIdleTimeoutFuzzTest(const uint8_t * data,size_t size)272 void OnSetApIdleTimeoutFuzzTest(const uint8_t* data, size_t size)
273 {
274 MessageParcel datas;
275 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
276 LOGE("WriteInterfaceToken failed!");
277 return;
278 }
279 datas.WriteInt32(0);
280 datas.WriteBuffer(data, size);
281 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_SETTIMEOUT_AP), datas);
282 }
283
OnGetApIfaceNameFuzzTest(const uint8_t * data,size_t size)284 void OnGetApIfaceNameFuzzTest(const uint8_t* data, size_t size)
285 {
286 MessageParcel datas;
287 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
288 LOGE("WriteInterfaceToken failed!");
289 return;
290 }
291 datas.WriteInt32(0);
292 datas.WriteBuffer(data, size);
293 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_GET_IFACE_NAME), datas);
294 }
295
OnEnableWifiApTest(const uint8_t * data,size_t size)296 void OnEnableWifiApTest(const uint8_t* data, size_t size)
297 {
298 MessageParcel datas;
299 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
300 LOGE("WriteInterfaceToken failed!");
301 return;
302 }
303 datas.WriteInt32(0);
304 datas.WriteBuffer(data, size);
305 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_ENABLE_WIFI_AP), datas);
306 }
307
OnDisableWifiApTest(const uint8_t * data,size_t size)308 void OnDisableWifiApTest(const uint8_t* data, size_t size)
309 {
310 MessageParcel datas;
311 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
312 LOGE("WriteInterfaceToken failed!");
313 return;
314 }
315 datas.WriteInt32(0);
316 datas.WriteBuffer(data, size);
317 OnRemoteRequest(static_cast<uint32_t>(HotspotInterfaceCode::WIFI_SVR_CMD_DISABLE_WIFI_AP), datas);
318 }
319
OnEnableWifiFuzzTest(const uint8_t * data,size_t size)320 void OnEnableWifiFuzzTest(const uint8_t* data, size_t size)
321 {
322 MessageParcel datas;
323 datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN_DEVICE);
324 datas.WriteInt32(0);
325 datas.WriteBuffer(data, size);
326 MessageParcel reply;
327 MessageOption option;
328 pWifiDeviceStub->OnRemoteRequest(static_cast<uint32_t>(DevInterfaceCode::WIFI_SVR_CMD_ENABLE_WIFI),
329 datas, reply, option);
330 }
331
OnDisableWifiFuzzTest(const uint8_t * data,size_t size)332 void OnDisableWifiFuzzTest(const uint8_t* data, size_t size)
333 {
334 MessageParcel datas;
335 datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN_DEVICE);
336 datas.WriteInt32(0);
337 datas.WriteBuffer(data, size);
338 MessageParcel reply;
339 MessageOption option;
340 pWifiDeviceStub->OnRemoteRequest(static_cast<uint32_t>(DevInterfaceCode::WIFI_SVR_CMD_DISABLE_WIFI),
341 datas, reply, option);
342 }
343
OnGetSupportedFeaturesFuzzTest(const uint8_t * data,size_t size)344 void OnGetSupportedFeaturesFuzzTest(const uint8_t* data, size_t size)
345 {
346 MessageParcel datas;
347 if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN)) {
348 LOGE("WriteInterfaceToken failed!");
349 return;
350 }
351 datas.WriteInt32(0);
352 datas.WriteBuffer(data, size);
353 OnRemoteRequest(static_cast<uint32_t>(DevInterfaceCode::WIFI_SVR_CMD_GET_SUPPORTED_FEATURES), datas);
354 }
355
DoSomethingHotSpotMgrStubTest(const uint8_t * data,size_t size)356 bool DoSomethingHotSpotMgrStubTest(const uint8_t* data, size_t size)
357 {
358 uint32_t code = static_cast<uint32_t>(HotspotInterfaceCode::WIFI_MGR_GET_HOTSPOT_SERVICE);
359 MessageParcel datas;
360 datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN_HOSPOT_EX);
361 datas.WriteInt32(0);
362 datas.WriteBuffer(data, size);
363 datas.RewindRead(0);
364 MessageParcel reply;
365 MessageOption option;
366 pWifiHotspotMgrStub->OnRemoteRequest(code, datas, reply, option);
367 return true;
368 }
369
WifiHotspotServiceImplFuzzTest(const uint8_t * data,size_t size)370 void WifiHotspotServiceImplFuzzTest(const uint8_t* data, size_t size)
371 {
372 WifiHotspotServiceImpl mWifiHotspotServiceImpl;
373 int index = 0;
374 KeyMgmt type = static_cast<KeyMgmt>(static_cast<int>(data[0]) % THREE);
375 BandType newBand = static_cast<BandType>(static_cast<int>(data[0]) % U32_AT_SIZE_ZERO);
376 int channelid = static_cast<int32_t >(data[0]);
377 std::string primaryDeviceType = std::string(reinterpret_cast<const char*>(data), size);
378 std::string secondaryDeviceType = std::string(reinterpret_cast<const char*>(data), size);
379 std::vector<BandType> bandsFromCenter;
380 bandsFromCenter.push_back(newBand);
381 ChannelsTable channInfoFromCenter;
382 HotspotConfig config;
383 StationInfo updateInfo;
384 if (size >= U32_AT_SIZE_ZERO) {
385 std::string deviceName = std::string(reinterpret_cast<const char*>(data), size);
386 std::string networkName = std::string(reinterpret_cast<const char*>(data), size);
387 std::string mDeviceAddress = std::string(reinterpret_cast<const char*>(data), size);
388 config.SetSsid(deviceName);
389 config.SetPreSharedKey(networkName);
390 config.SetSecurityType(type);
391 config.SetBand(newBand);
392 config.SetBandWidth(channelid);
393 config.SetChannel(channelid);
394 config.SetMaxConn(channelid);
395 config.SetIpAddress(mDeviceAddress);
396 updateInfo.deviceName = deviceName;
397 updateInfo.bssid = networkName;
398 updateInfo.ipAddr = mDeviceAddress;
399 updateInfo.bssidType = static_cast<int>(data[index++]);
400 }
401 mWifiHotspotServiceImpl.SetHotspotConfig(config);
402 mWifiHotspotServiceImpl.TransRandomToRealMac(updateInfo, updateInfo);
403 mWifiHotspotServiceImpl.ConfigInfoDump(primaryDeviceType);
404 mWifiHotspotServiceImpl.StationsInfoDump(secondaryDeviceType);
405 mWifiHotspotServiceImpl.SaBasicDump(secondaryDeviceType);
406 mWifiHotspotServiceImpl.CfgCheckSsid(config);
407 mWifiHotspotServiceImpl.CfgCheckPsk(config);
408 mWifiHotspotServiceImpl.CfgCheckBand(config, bandsFromCenter);
409 mWifiHotspotServiceImpl.CfgCheckIpAddress(secondaryDeviceType);
410 mWifiHotspotServiceImpl.IsValidHotspotConfig(config, config, bandsFromCenter, channInfoFromCenter);
411 }
412
413 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)414 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
415 {
416 if ((data == nullptr) || (size <= OHOS::Wifi::U32_AT_SIZE_ZERO)) {
417 return 0;
418 }
419 Init();
420 OHOS::Wifi::OnIsHotspotActiveFuzzTest(data, size);
421 OHOS::Wifi::OnGetApStateWifiFuzzTest(data, size);
422 OHOS::Wifi::OnGetHotspotConfigFuzzTest(data, size);
423 OHOS::Wifi::OnSetApConfigWifiFuzzTest(data, size);
424 OHOS::Wifi::OnGetStationListFuzzTest(data, size);
425 OHOS::Wifi::OnAddBlockListFuzzTest(data, size);
426 OHOS::Wifi::OnDelBlockListFuzzTest(data, size);
427 OHOS::Wifi::OnGetBlockListsFuzzTest(data, size);
428 OHOS::Wifi::OnDisassociateStaFuzzTest(data, size);
429 OHOS::Wifi::OnGetValidBandsFuzzTest(data, size);
430 OHOS::Wifi::OnGetValidChannelsFuzzTest(data, size);
431 OHOS::Wifi::OnRegisterCallBackFuzzTest(data, size);
432 OHOS::Wifi::OnGetSupportedPowerModelFuzzTest(data, size);
433 OHOS::Wifi::OnGetPowerModelFuzzTest(data, size);
434 OHOS::Wifi::OnSetPowerModelFuzzTest(data, size);
435 OHOS::Wifi::OnIsHotspotDualBandSupportedFuzzTest(data, size);
436 OHOS::Wifi::OnSetApIdleTimeoutFuzzTest(data, size);
437 OHOS::Wifi::OnGetApIfaceNameFuzzTest(data, size);
438 OHOS::Wifi::OnGetSupportedFeaturesFuzzTest(data, size);
439 OHOS::Wifi::WifiHotspotServiceImplFuzzTest(data, size);
440 OHOS::Wifi::DoSomethingHotSpotMgrStubTest(data, size);
441 sleep(4);
442 return 0;
443 }
444 }
445 }
446