1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "ipcsocket_fuzzer.h"
17 
18 #include "singleton.h"
19 
20 #include "devicestatus_define.h"
21 #include "i_tunnel_client.h"
22 #include "i_plugin.h"
23 #include "socket_client.h"
24 #include "socket_session_manager.h"
25 #include "socket_session.h"
26 #include "socket_connection.h"
27 #include "socket_params.h"
28 #include "stream_client.h"
29 #include "tunnel_client.h"
30 
31 #include "message_parcel.h"
32 
33 #undef LOG_TAG
34 #define LOG_TAG "IpcSocketFuzzTest"
35 namespace OHOS {
36 namespace Msdp {
37 namespace DeviceStatus {
38 const std::u16string FORMMGR_INTERFACE_TOKEN { u"ohos.msdp.Idevicestatus" };
39 inline constexpr int32_t MAX_EVENT_SIZE { 100 };
40 const uint8_t *g_baseFuzzData = nullptr;
41 size_t g_baseFuzzSize = 0;
42 size_t g_baseFuzzPos = 0;
43 
44 namespace OHOS {
45 
GetData()46 template <class T> T GetData()
47 {
48     T objetct{};
49     size_t objetctSize = sizeof(objetct);
50     if (g_baseFuzzData == nullptr || objetctSize > g_baseFuzzSize - g_baseFuzzPos) {
51         return objetct;
52     }
53     errno_t ret = memcpy_s(&objetct, objetctSize, g_baseFuzzData + g_baseFuzzPos, objetctSize);
54     if (ret != EOK) {
55         return {};
56     }
57     g_baseFuzzPos += objetctSize;
58     return objetct;
59 }
60 
61 
SocketClientFuzzTest(const uint8_t* data, size_t size)62 bool SocketClientFuzzTest(const uint8_t* data, size_t size)
63 {
64     std::shared_ptr<ITunnelClient> tunnel = std::make_shared<TunnelClient>();
65     SocketClient socketClient(tunnel);
66     auto callback = [](const StreamClient &client, NetPacket &pkt) {
67         return 0;
68     };
69 
70     NetPacket packet(MessageId::INVALID);
71 
72     socketClient.Start();
73     socketClient.RegisterEvent(MessageId::INVALID, callback);
74     socketClient.OnMsgHandler(socketClient, packet);
75     socketClient.Socket();
76     socketClient.OnPacket(packet);
77     socketClient.Connect();
78     socketClient.Reconnect();
79     socketClient.OnDisconnected();
80     socketClient.Stop();
81     return true;
82 }
83 
SocketConnectionFuzzTest(const uint8_t* data, size_t size)84 bool SocketConnectionFuzzTest(const uint8_t* data, size_t size)
85 {
86     if ((data == nullptr) || (size < 1)) {
87         return false;
88     }
89 
90     auto recv = [](const NetPacket &pkt) {
91         return;
92     };
93     auto onDisconnected = []() {
94         return;
95     };
96     g_baseFuzzData = data;
97     g_baseFuzzSize = size;
98     g_baseFuzzPos = 0;
99     int32_t fd = GetData<int32_t>();
100     SocketConnection socketConnection(1, recv, onDisconnected);
101 
102     auto socket = []() {
103         return 0;
104     };
105     socketConnection.OnReadable(fd);
106     socketConnection.OnShutdown(fd);
107     socketConnection.OnException(fd);
108     Msdp::DeviceStatus::SocketConnection::Connect(socket, recv, onDisconnected);
109     return true;
110 }
111 
SocketParamsFuzzTest(const uint8_t* data, size_t size)112 bool SocketParamsFuzzTest(const uint8_t* data, size_t size)
113 {
114     MessageParcel datas;
115     if (!datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN) ||
116         !datas.WriteBuffer(data, size) || !datas.RewindRead(0)) {
117         return false;
118     }
119     AllocSocketPairParam allocSocketPairParam("testProgramName", 1);
120     AllocSocketPairReply allocSocketPairReply(1, 1);
121 
122     allocSocketPairParam.Marshalling(datas);
123     allocSocketPairParam.Unmarshalling(datas);
124     allocSocketPairReply.Marshalling(datas);
125     allocSocketPairReply.Unmarshalling(datas);
126     return true;
127 }
128 
129 
SocketSessionFuzzTest(const uint8_t* data, size_t size)130 bool SocketSessionFuzzTest(const uint8_t* data, size_t size)
131 {
132     NetPacket packet(MessageId::COORDINATION_ADD_LISTENER);
133     struct epoll_event ev{};
134 
135     SocketSession socketSession("testProgramName", 1, 1, 1, 1, 1);
136     socketSession.SendMsg(packet);
137     socketSession.ToString();
138     socketSession.Dispatch(ev);
139     return true;
140 }
141 
142 } // namespace OHOS
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)143 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
144 {
145     /* Run your code on data */
146     if (data == nullptr) {
147         return 0;
148     }
149 
150     OHOS::SocketClientFuzzTest(data, size);
151     OHOS::SocketConnectionFuzzTest(data, size);
152     OHOS::SocketParamsFuzzTest(data, size);
153     OHOS::SocketSessionFuzzTest(data, size);
154     return 0;
155 }
156 } // namespace DeviceStatus
157 } // namespace Msdp
158 } // namespace OHOS