1/*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include <cerrno>
17#include <cstdlib>
18#include "securec.h"
19#include "v1_0/ihostapd_interface.h"
20#include "hostapd_fuzzer.h"
21#include "hostapd_common_fuzzer.h"
22#include "servmgr_hdi.h"
23#include "devmgr_hdi.h"
24#include "hdf_remote_service.h"
25
26namespace OHOS {
27namespace WIFI {
28constexpr size_t THRESHOLD = 10;
29const char *g_wpaServiceName = "hostapd_interface_service";
30struct IHostapdInterface *g_wpaObj = nullptr;
31static struct HDIDeviceManager *g_devMgr = nullptr;
32
33void FuzzHostapdStart(struct IHostapdInterface *gWpaObj, uint8_t *tmpRawData)
34{
35    HDF_LOGI("%{public}s : is starting", __FUNCTION__);
36    FuzzHostapdInterfaceSetApPasswd(gWpaObj, tmpRawData);
37    FuzzHostapdInterfaceSetApName(gWpaObj, tmpRawData);
38    FuzzHostapdInterfaceSetApBand(gWpaObj, tmpRawData);
39    FuzzHostapdInterfaceSetApChannel(gWpaObj, tmpRawData);
40    FuzzHostapdInterfaceSetApMaxConn(gWpaObj, tmpRawData);
41    FuzzHostapdInterfaceSetAp80211n(gWpaObj, tmpRawData);
42    FuzzHostapdInterfaceSetApWmm(gWpaObj, tmpRawData);
43    FuzzHostapdInterfaceReloadApConfigInfo(gWpaObj, tmpRawData);
44    FuzzHostapdInterfaceDisableAp(gWpaObj, tmpRawData);
45    FuzzHostapdInterfaceEnableAp(gWpaObj, tmpRawData);
46    FuzzHostapdInterfaceSetMacFilter(gWpaObj, tmpRawData);
47    FuzzHostapdInterfaceDelMacFilter(gWpaObj, tmpRawData);
48    FuzzHostapdInterfaceGetStaInfos(gWpaObj, tmpRawData);
49    FuzzHostapdInterfaceDisassociateSta(gWpaObj, tmpRawData);
50    FuzzHostapdInterfaceRegisterEventCallback(gWpaObj, tmpRawData);
51    FuzzHostapdInterfaceUnregisterEventCallback(gWpaObj, tmpRawData);
52    FuzzHostapdInterfaceStartAp(gWpaObj, tmpRawData);
53    FuzzHostapdInterfaceStopAp(gWpaObj, tmpRawData);
54}
55
56bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size)
57{
58    HDF_LOGI("%{public}s: enter", __FUNCTION__);
59    bool result = false;
60
61    if (rawData == nullptr || size == 0) {
62        return false;
63    }
64    g_devMgr = HDIDeviceManagerGet();
65    if (g_devMgr == nullptr) {
66        HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
67        return result;
68    }
69    int32_t rc = g_devMgr->LoadDevice(g_devMgr, g_wpaServiceName);
70    if (rc != HDF_SUCCESS) {
71        HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
72        return result;
73    }
74    g_wpaObj = IHostapdInterfaceGetInstance(g_wpaServiceName, true);
75    if (g_wpaObj == nullptr) {
76        HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__);
77        return result;
78    }
79    uint32_t dataSize = size - OFFSET;
80    uint8_t *tmpRawData = reinterpret_cast<uint8_t *>(OsalMemCalloc(dataSize + 1));
81    if (tmpRawData == nullptr) {
82        HDF_LOGE("%{public}s : OsalMemCalloc failed!", __FUNCTION__);
83        return result;
84    }
85    if (PreProcessRawData(rawData, size, tmpRawData, dataSize + 1) != true) {
86        HDF_LOGE("%{public}s : PreProcessRawData failed!", __FUNCTION__);
87        OsalMemFree(tmpRawData);
88        return result;
89    }
90    int32_t ret = g_wpaObj->StartApWithCmd(g_wpaObj, "wlan1", 0);
91    if (ret != HDF_SUCCESS) {
92        HDF_LOGE("%{public}s : StartApWithCmd failed!", __FUNCTION__);
93        OsalMemFree(tmpRawData);
94        return result;
95    }
96    HDF_LOGE("%{public}s :StartApWithCmd sucess", __FUNCTION__);
97    FuzzHostapdStart(g_wpaObj, tmpRawData);
98    IHostapdInterfaceReleaseInstance(g_wpaServiceName, g_wpaObj, true);
99    OsalMemFree(tmpRawData);
100    g_devMgr->UnloadDevice(g_devMgr, g_wpaServiceName);
101    g_devMgr = nullptr;
102    g_wpaObj = nullptr;
103    return result;
104}
105} // namespace WIFI
106} // namespace OHOS
107
108/* Fuzzer entry point */
109extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
110{
111    HDF_LOGI("%{public}s : size = %lu ,THRESHOLD = %lu", __FUNCTION__, size, OHOS::WIFI::THRESHOLD);
112    if (size < OHOS::WIFI::THRESHOLD) {
113        return 0;
114    }
115
116    /* Run your code on data */
117    OHOS::WIFI::DoSomethingInterestingWithMyAPI(data, size);
118    return 0;
119}