forked from project-chip/connectedhomeip
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfuzzing-main.cpp
106 lines (87 loc) · 3.86 KB
/
fuzzing-main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/*
* Copyright (c) 2022 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "AppMain.h"
#include <app/server/Server.h>
#include <CommissionableInit.h>
using namespace chip;
using namespace chip::DeviceLayer;
namespace {
LinuxCommissionableDataProvider gCommissionableDataProvider;
}
void CleanShutdown()
{
ApplicationShutdown();
Server::GetInstance().Shutdown();
PlatformMgr().Shutdown();
// TODO: We don't Platform::MemoryShutdown because ~CASESessionManager calls
// Dnssd::ResolverProxy::Shutdown, which starts doing Platform::Delete.
// Platform::MemoryShutdown();
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t * aData, size_t aSize)
{
static bool matterStackInitialized = false;
if (!matterStackInitialized)
{
// Might be simpler to do ChipLinuxAppInit() with argc == 0, argv set to
// just a fake executable name?
VerifyOrDie(Platform::MemoryInit() == CHIP_NO_ERROR);
VerifyOrDie(PlatformMgr().InitChipStack() == CHIP_NO_ERROR);
VerifyOrDie(chip::examples::InitCommissionableDataProvider(gCommissionableDataProvider,
LinuxDeviceOptions::GetInstance()) == CHIP_NO_ERROR);
SetCommissionableDataProvider(&gCommissionableDataProvider);
// ChipLinuxAppMainLoop blocks, and we don't want that here.
static chip::CommonCaseDeviceServerInitParams initParams;
(void) initParams.InitializeStaticResourcesBeforeServerInit();
VerifyOrDie(Server::GetInstance().Init(initParams) == CHIP_NO_ERROR);
ApplicationInit();
// We don't start the event loop task, because we don't plan to deliver
// data on a separate thread.
matterStackInitialized = true;
// The fuzzer does not have a way to tell us when it's done, so just
// shut down things on exit.
atexit(CleanShutdown);
}
// For now, just dump the data as a UDP payload into the session manager.
// But maybe we should try to separately extract a PeerAddress and data from
// the incoming data?
// dumping payload with random transport types
Transport::Type fuzzedTransportType = static_cast<Transport::Type>(*aData % 5);
Transport::PeerAddress peerAddr(fuzzedTransportType);
System::PacketBufferHandle buf =
System::PacketBufferHandle::NewWithData(aData, aSize, /* aAdditionalSize = */ 0, /* aReservedSize = */ 0);
if (buf.IsNull())
{
// Too big; we couldn't represent this as a packetbuffer to start with.
return 0;
}
// Ignoring the return value from OnMessageReceived, because we might be
// passing it all sorts of garbage that will cause it to fail.
// for TCP we need to have MessageTransportContext
if (fuzzedTransportType == Transport::Type::kTcp)
{
Transport::MessageTransportContext msgContext;
Server::GetInstance().GetSecureSessionManager().OnMessageReceived(peerAddr, std::move(buf), &msgContext);
}
else
{
Server::GetInstance().GetSecureSessionManager().OnMessageReceived(peerAddr, std::move(buf));
}
// Now process pending events until our sentinel is reached.
PlatformMgr().ScheduleWork([](intptr_t) { PlatformMgr().StopEventLoopTask(); });
PlatformMgr().RunEventLoop();
return 0;
}