1094332d3Sopenharmony_ci/* 2094332d3Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 3094332d3Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4094332d3Sopenharmony_ci * you may not use this file except in compliance with the License. 5094332d3Sopenharmony_ci * You may obtain a copy of the License at 6094332d3Sopenharmony_ci * 7094332d3Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8094332d3Sopenharmony_ci * 9094332d3Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10094332d3Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11094332d3Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12094332d3Sopenharmony_ci * See the License for the specific language governing permissions and 13094332d3Sopenharmony_ci * limitations under the License. 14094332d3Sopenharmony_ci */ 15094332d3Sopenharmony_ci 16094332d3Sopenharmony_ci#include <cerrno> 17094332d3Sopenharmony_ci#include <cstdlib> 18094332d3Sopenharmony_ci#include "securec.h" 19094332d3Sopenharmony_ci#include "v1_0/ihostapd_interface.h" 20094332d3Sopenharmony_ci#include "hostapd_fuzzer.h" 21094332d3Sopenharmony_ci#include "hostapd_common_fuzzer.h" 22094332d3Sopenharmony_ci#include "servmgr_hdi.h" 23094332d3Sopenharmony_ci#include "devmgr_hdi.h" 24094332d3Sopenharmony_ci#include "hdf_remote_service.h" 25094332d3Sopenharmony_ci 26094332d3Sopenharmony_cinamespace OHOS { 27094332d3Sopenharmony_cinamespace WIFI { 28094332d3Sopenharmony_ciconstexpr size_t THRESHOLD = 10; 29094332d3Sopenharmony_ciconst char *g_wpaServiceName = "hostapd_interface_service"; 30094332d3Sopenharmony_cistruct IHostapdInterface *g_wpaObj = nullptr; 31094332d3Sopenharmony_cistatic struct HDIDeviceManager *g_devMgr = nullptr; 32094332d3Sopenharmony_ci 33094332d3Sopenharmony_civoid FuzzHostapdStart(struct IHostapdInterface *gWpaObj, uint8_t *tmpRawData) 34094332d3Sopenharmony_ci{ 35094332d3Sopenharmony_ci HDF_LOGI("%{public}s : is starting", __FUNCTION__); 36094332d3Sopenharmony_ci FuzzHostapdInterfaceSetApPasswd(gWpaObj, tmpRawData); 37094332d3Sopenharmony_ci FuzzHostapdInterfaceSetApName(gWpaObj, tmpRawData); 38094332d3Sopenharmony_ci FuzzHostapdInterfaceSetApBand(gWpaObj, tmpRawData); 39094332d3Sopenharmony_ci FuzzHostapdInterfaceSetApChannel(gWpaObj, tmpRawData); 40094332d3Sopenharmony_ci FuzzHostapdInterfaceSetApMaxConn(gWpaObj, tmpRawData); 41094332d3Sopenharmony_ci FuzzHostapdInterfaceSetAp80211n(gWpaObj, tmpRawData); 42094332d3Sopenharmony_ci FuzzHostapdInterfaceSetApWmm(gWpaObj, tmpRawData); 43094332d3Sopenharmony_ci FuzzHostapdInterfaceReloadApConfigInfo(gWpaObj, tmpRawData); 44094332d3Sopenharmony_ci FuzzHostapdInterfaceDisableAp(gWpaObj, tmpRawData); 45094332d3Sopenharmony_ci FuzzHostapdInterfaceEnableAp(gWpaObj, tmpRawData); 46094332d3Sopenharmony_ci FuzzHostapdInterfaceSetMacFilter(gWpaObj, tmpRawData); 47094332d3Sopenharmony_ci FuzzHostapdInterfaceDelMacFilter(gWpaObj, tmpRawData); 48094332d3Sopenharmony_ci FuzzHostapdInterfaceGetStaInfos(gWpaObj, tmpRawData); 49094332d3Sopenharmony_ci FuzzHostapdInterfaceDisassociateSta(gWpaObj, tmpRawData); 50094332d3Sopenharmony_ci FuzzHostapdInterfaceRegisterEventCallback(gWpaObj, tmpRawData); 51094332d3Sopenharmony_ci FuzzHostapdInterfaceUnregisterEventCallback(gWpaObj, tmpRawData); 52094332d3Sopenharmony_ci FuzzHostapdInterfaceStartAp(gWpaObj, tmpRawData); 53094332d3Sopenharmony_ci FuzzHostapdInterfaceStopAp(gWpaObj, tmpRawData); 54094332d3Sopenharmony_ci} 55094332d3Sopenharmony_ci 56094332d3Sopenharmony_cibool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size) 57094332d3Sopenharmony_ci{ 58094332d3Sopenharmony_ci HDF_LOGI("%{public}s: enter", __FUNCTION__); 59094332d3Sopenharmony_ci bool result = false; 60094332d3Sopenharmony_ci 61094332d3Sopenharmony_ci if (rawData == nullptr || size == 0) { 62094332d3Sopenharmony_ci return false; 63094332d3Sopenharmony_ci } 64094332d3Sopenharmony_ci g_devMgr = HDIDeviceManagerGet(); 65094332d3Sopenharmony_ci if (g_devMgr == nullptr) { 66094332d3Sopenharmony_ci HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__); 67094332d3Sopenharmony_ci return result; 68094332d3Sopenharmony_ci } 69094332d3Sopenharmony_ci int32_t rc = g_devMgr->LoadDevice(g_devMgr, g_wpaServiceName); 70094332d3Sopenharmony_ci if (rc != HDF_SUCCESS) { 71094332d3Sopenharmony_ci HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__); 72094332d3Sopenharmony_ci return result; 73094332d3Sopenharmony_ci } 74094332d3Sopenharmony_ci g_wpaObj = IHostapdInterfaceGetInstance(g_wpaServiceName, true); 75094332d3Sopenharmony_ci if (g_wpaObj == nullptr) { 76094332d3Sopenharmony_ci HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__); 77094332d3Sopenharmony_ci return result; 78094332d3Sopenharmony_ci } 79094332d3Sopenharmony_ci uint32_t dataSize = size - OFFSET; 80094332d3Sopenharmony_ci uint8_t *tmpRawData = reinterpret_cast<uint8_t *>(OsalMemCalloc(dataSize + 1)); 81094332d3Sopenharmony_ci if (tmpRawData == nullptr) { 82094332d3Sopenharmony_ci HDF_LOGE("%{public}s : OsalMemCalloc failed!", __FUNCTION__); 83094332d3Sopenharmony_ci return result; 84094332d3Sopenharmony_ci } 85094332d3Sopenharmony_ci if (PreProcessRawData(rawData, size, tmpRawData, dataSize + 1) != true) { 86094332d3Sopenharmony_ci HDF_LOGE("%{public}s : PreProcessRawData failed!", __FUNCTION__); 87094332d3Sopenharmony_ci OsalMemFree(tmpRawData); 88094332d3Sopenharmony_ci return result; 89094332d3Sopenharmony_ci } 90094332d3Sopenharmony_ci int32_t ret = g_wpaObj->StartApWithCmd(g_wpaObj, "wlan1", 0); 91094332d3Sopenharmony_ci if (ret != HDF_SUCCESS) { 92094332d3Sopenharmony_ci HDF_LOGE("%{public}s : StartApWithCmd failed!", __FUNCTION__); 93094332d3Sopenharmony_ci OsalMemFree(tmpRawData); 94094332d3Sopenharmony_ci return result; 95094332d3Sopenharmony_ci } 96094332d3Sopenharmony_ci HDF_LOGE("%{public}s :StartApWithCmd sucess", __FUNCTION__); 97094332d3Sopenharmony_ci FuzzHostapdStart(g_wpaObj, tmpRawData); 98094332d3Sopenharmony_ci IHostapdInterfaceReleaseInstance(g_wpaServiceName, g_wpaObj, true); 99094332d3Sopenharmony_ci OsalMemFree(tmpRawData); 100094332d3Sopenharmony_ci g_devMgr->UnloadDevice(g_devMgr, g_wpaServiceName); 101094332d3Sopenharmony_ci g_devMgr = nullptr; 102094332d3Sopenharmony_ci g_wpaObj = nullptr; 103094332d3Sopenharmony_ci return result; 104094332d3Sopenharmony_ci} 105094332d3Sopenharmony_ci} // namespace WIFI 106094332d3Sopenharmony_ci} // namespace OHOS 107094332d3Sopenharmony_ci 108094332d3Sopenharmony_ci/* Fuzzer entry point */ 109094332d3Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 110094332d3Sopenharmony_ci{ 111094332d3Sopenharmony_ci HDF_LOGI("%{public}s : size = %lu ,THRESHOLD = %lu", __FUNCTION__, size, OHOS::WIFI::THRESHOLD); 112094332d3Sopenharmony_ci if (size < OHOS::WIFI::THRESHOLD) { 113094332d3Sopenharmony_ci return 0; 114094332d3Sopenharmony_ci } 115094332d3Sopenharmony_ci 116094332d3Sopenharmony_ci /* Run your code on data */ 117094332d3Sopenharmony_ci OHOS::WIFI::DoSomethingInterestingWithMyAPI(data, size); 118094332d3Sopenharmony_ci return 0; 119094332d3Sopenharmony_ci}