1/*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "getsmssegmentsinfo_fuzzer.h"
17
18#define private public
19#include "addsmstoken_fuzzer.h"
20#include "cdma_sms_message.h"
21#include "core_manager_inner.h"
22#include "ims_sms_callback_stub.h"
23#include "sms_service.h"
24
25using namespace OHOS::Telephony;
26namespace OHOS {
27static bool g_isInited = false;
28constexpr int32_t SLOT_NUM = 2;
29constexpr int32_t TYPE_NUM = 5;
30
31bool IsServiceInited()
32{
33    if (!g_isInited) {
34        CoreManagerInner::GetInstance().isInitAllObj_ = true;
35        DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
36        DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
37        DelayedSingleton<SmsService>::GetInstance()->OnStart();
38        if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
39            static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
40            g_isInited = true;
41        }
42    }
43    return g_isInited;
44}
45
46void GetSmsSegmentsInfo(const uint8_t *data, size_t size)
47{
48    if (!IsServiceInited()) {
49        return;
50    }
51
52    MessageParcel dataParcel;
53    MessageParcel replyParcel;
54    MessageOption option(MessageOption::TF_SYNC);
55
56    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
57    std::string message(reinterpret_cast<const char *>(data), size);
58    auto messageU16 = Str8ToStr16(message);
59    bool force7BitCode = slotId == 1 ? true : false;
60
61    dataParcel.WriteInt32(slotId);
62    dataParcel.WriteString16(messageU16);
63    dataParcel.WriteBool(force7BitCode);
64    dataParcel.RewindRead(0);
65
66    DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
67
68    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
69    if (interfaceManager == nullptr) {
70        TELEPHONY_LOGE("interfaceManager nullptr error");
71        return;
72    }
73    interfaceManager->InitInterfaceManager();
74    LengthInfo lenInfo;
75    interfaceManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
76
77    auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
78    if (smsSendManager == nullptr) {
79        TELEPHONY_LOGE("failed to create SmsSendManager");
80        return;
81    }
82    smsSendManager->Init();
83    smsSendManager->InitNetworkHandle();
84    smsSendManager->GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
85    CdmaSmsMessage cdmaSmsMessage;
86    cdmaSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
87    GsmSmsMessage gsmSmsMessage;
88    gsmSmsMessage.GetSmsSegmentsInfo(message, force7BitCode, lenInfo);
89}
90
91void IsImsSmsSupported(const uint8_t *data, size_t size)
92{
93    if (!IsServiceInited()) {
94        return;
95    }
96
97    MessageParcel dataParcel;
98    MessageParcel replyParcel;
99    MessageOption option(MessageOption::TF_SYNC);
100
101    dataParcel.WriteBuffer(data, size);
102    dataParcel.RewindRead(0);
103    DelayedSingleton<SmsService>::GetInstance()->OnIsImsSmsSupported(dataParcel, replyParcel, option);
104
105    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
106    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
107    if (interfaceManager == nullptr) {
108        TELEPHONY_LOGE("interfaceManager nullptr error");
109        return;
110    }
111    interfaceManager->InitInterfaceManager();
112    bool isSupported = false;
113    interfaceManager->IsImsSmsSupported(slotId, isSupported);
114
115    auto smsSendManager = std::make_unique<SmsSendManager>(slotId);
116    if (smsSendManager == nullptr) {
117        TELEPHONY_LOGE("failed to create SmsSendManager");
118        return;
119    }
120    smsSendManager->Init();
121    smsSendManager->InitNetworkHandle();
122    smsSendManager->IsImsSmsSupported(slotId, isSupported);
123}
124
125void OnRemoteRequest(const uint8_t *data, size_t size)
126{
127    if (!IsServiceInited()) {
128        return;
129    }
130
131    MessageParcel dataParcel;
132    if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
133        TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
134        return;
135    }
136
137    MessageParcel replyParcel;
138    MessageOption option(MessageOption::TF_SYNC);
139    dataParcel.RewindRead(0);
140    uint32_t code = static_cast<uint32_t>(size);
141    DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
142    return;
143}
144
145void ImsSendMessageResponseInner(const uint8_t *data, size_t size)
146{
147    if (!IsServiceInited()) {
148        return;
149    }
150
151    MessageParcel dataParcel;
152    MessageParcel replyParcel;
153
154    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
155    dataParcel.WriteInt32(slotId);
156    RadioResponseInfo responseInfo;
157    responseInfo.flag = static_cast<uint32_t>(size);
158    responseInfo.serial = static_cast<uint32_t>(size);
159    responseInfo.error = static_cast<ErrType>(size);
160    responseInfo.type = static_cast<ResponseTypes>(size % TYPE_NUM);
161    dataParcel.WriteRawData((const void *)&responseInfo, sizeof(RadioResponseInfo));
162    SendSmsResultInfo resultInfo;
163    resultInfo.msgRef = static_cast<uint32_t>(size);
164    std::string pdu(reinterpret_cast<const char *>(data), size);
165    resultInfo.pdu = pdu;
166    resultInfo.errCode = static_cast<uint32_t>(size);
167    resultInfo.flag = static_cast<int64_t>(size);
168    dataParcel.WriteRawData((const void *)&resultInfo, sizeof(SendSmsResultInfo));
169    dataParcel.RewindRead(0);
170    DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSendMessageResponseInner(dataParcel, replyParcel);
171}
172
173void ImsSetSmsConfigResponseInner(const uint8_t *data, size_t size)
174{
175    if (!IsServiceInited()) {
176        return;
177    }
178
179    MessageParcel dataParcel;
180    MessageParcel replyParcel;
181
182    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
183    dataParcel.WriteInt32(slotId);
184    RadioResponseInfo responseInfo;
185    responseInfo.flag = static_cast<uint32_t>(size);
186    responseInfo.serial = static_cast<uint32_t>(size);
187    responseInfo.error = static_cast<ErrType>(size);
188    responseInfo.type = static_cast<ResponseTypes>(size % TYPE_NUM);
189    dataParcel.WriteRawData((const void *)&responseInfo, sizeof(RadioResponseInfo));
190    dataParcel.RewindRead(0);
191    DelayedSingleton<ImsSmsCallbackStub>::GetInstance()->OnImsSetSmsConfigResponseInner(dataParcel, replyParcel);
192}
193
194void CreateMessage(const uint8_t *data, size_t size)
195{
196    if (!IsServiceInited()) {
197        return;
198    }
199
200    MessageParcel dataParcel;
201    MessageParcel replyParcel;
202    MessageOption option(MessageOption::TF_SYNC);
203
204    std::string pdu(reinterpret_cast<const char *>(data), size);
205    std::string reply(reinterpret_cast<const char *>(data), size);
206    dataParcel.WriteString(pdu);
207    dataParcel.WriteString(reply);
208    dataParcel.RewindRead(0);
209    DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
210}
211
212void GetBase64Encode(const uint8_t *data, size_t size)
213{
214    if (!IsServiceInited()) {
215        return;
216    }
217
218    MessageParcel dataParcel;
219    MessageParcel replyParcel;
220    MessageOption option(MessageOption::TF_SYNC);
221
222    std::string message(reinterpret_cast<const char *>(data), size);
223    auto messageU16 = Str8ToStr16(message);
224    dataParcel.WriteString16(messageU16);
225    dataParcel.RewindRead(0);
226    DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
227}
228
229void GetBase64Decode(const uint8_t *data, size_t size)
230{
231    if (!IsServiceInited()) {
232        return;
233    }
234
235    MessageParcel dataParcel;
236    MessageParcel replyParcel;
237    MessageOption option(MessageOption::TF_SYNC);
238
239    std::string messageSrc(reinterpret_cast<const char *>(data), size);
240    auto stringU16 = Str8ToStr16(messageSrc);
241    dataParcel.WriteString16(stringU16);
242    dataParcel.RewindRead(0);
243    DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
244}
245
246void GetEncodeStringFunc(const uint8_t *data, size_t size)
247{
248    if (!IsServiceInited()) {
249        return;
250    }
251
252    MessageParcel dataParcel;
253    MessageParcel replyParcel;
254    MessageOption option(MessageOption::TF_SYNC);
255
256    int32_t charset = static_cast<int32_t>(size);
257    int32_t valLength = static_cast<int32_t>(size);
258    std::string strEncode(reinterpret_cast<const char *>(data), size);
259    auto strEncodeU16 = Str8ToStr16(strEncode);
260    dataParcel.WriteInt32(charset);
261    dataParcel.WriteInt32(valLength);
262    dataParcel.WriteString16(strEncodeU16);
263    dataParcel.RewindRead(0);
264    DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
265}
266
267void SendMMSAndDownloadMMS(const uint8_t* data, size_t size)
268{
269    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
270    std::string message(reinterpret_cast<const char *>(data), size);
271
272    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
273    if (interfaceManager == nullptr) {
274        TELEPHONY_LOGE("interfaceManager nullptr error");
275        return;
276    }
277
278    interfaceManager->InitInterfaceManager();
279
280    std::u16string mmsc = Str8ToStr16(message);
281    std::u16string msg = Str8ToStr16(message);
282    std::u16string ua = Str8ToStr16(message);
283    std::u16string uaprof = Str8ToStr16(message);
284
285    interfaceManager->SendMms(mmsc, msg, ua, uaprof);
286    interfaceManager->DownloadMms(mmsc, msg, ua, uaprof);
287}
288
289void HighRiskInterface(const uint8_t *data, size_t size)
290{
291    if (!IsServiceInited()) {
292        return;
293    }
294
295    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
296    MessageParcel dataParcel;
297    dataParcel.WriteInt32(slotId);
298    dataParcel.WriteBuffer(data, size);
299    dataParcel.RewindRead(0);
300
301    MessageParcel replyParcel;
302    uint32_t code = static_cast<uint32_t>(size);
303    MessageOption option(MessageOption::TF_SYNC);
304
305    DelayedSingleton<SmsService>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
306    DelayedSingleton<SmsService>::GetInstance()->OnSendSmsTextRequest(dataParcel, replyParcel, option);
307    DelayedSingleton<SmsService>::GetInstance()->OnSendSmsTextWithoutSaveRequest(dataParcel, replyParcel, option);
308    DelayedSingleton<SmsService>::GetInstance()->OnSendSmsDataRequest(dataParcel, replyParcel, option);
309    DelayedSingleton<SmsService>::GetInstance()->OnGetSmscAddr(dataParcel, replyParcel, option);
310    DelayedSingleton<SmsService>::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option);
311    DelayedSingleton<SmsService>::GetInstance()->OnUpdateSimMessage(dataParcel, replyParcel, option);
312    DelayedSingleton<SmsService>::GetInstance()->OnGetAllSimMessages(dataParcel, replyParcel, option);
313    DelayedSingleton<SmsService>::GetInstance()->OnSplitMessage(dataParcel, replyParcel, option);
314    DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
315    DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Encode(dataParcel, replyParcel, option);
316    DelayedSingleton<SmsService>::GetInstance()->OnGetBase64Decode(dataParcel, replyParcel, option);
317    DelayedSingleton<SmsService>::GetInstance()->OnGetEncodeStringFunc(dataParcel, replyParcel, option);
318    DelayedSingleton<SmsService>::GetInstance()->OnGetSmsSegmentsInfo(dataParcel, replyParcel, option);
319}
320
321void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
322{
323    if (data == nullptr || size == 0) {
324        return;
325    }
326
327    GetSmsSegmentsInfo(data, size);
328    IsImsSmsSupported(data, size);
329    OnRemoteRequest(data, size);
330    ImsSendMessageResponseInner(data, size);
331    ImsSetSmsConfigResponseInner(data, size);
332    CreateMessage(data, size);
333    GetBase64Encode(data, size);
334    GetBase64Decode(data, size);
335    GetEncodeStringFunc(data, size);
336    HighRiskInterface(data, size);
337    SendMMSAndDownloadMMS(data, size);
338    DelayedSingleton<SmsService>::DestroyInstance();
339}
340}  // namespace OHOS
341
342/* Fuzzer entry point */
343extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
344{
345    /* Run your code on data */
346    OHOS::AddSmsTokenFuzzer token;
347    OHOS::DoSomethingInterestingWithMyAPI(data, size);
348    return 0;
349}
350