/src/hostap/tests/fuzzing/radius/radius.c

Source (jump to first uncovered line)
/*
 * hostapd - RADIUS fuzzer
 * Copyright (c) 2025, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "utils/includes.h"

#include "utils/common.h"
#include "radius/radius.h"
#include "../fuzzer-common.h"


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  struct radius_msg *msg, *sent_msg;
  struct wpabuf *eap;
  u8 buf[10];
  int untagged;
  const unsigned int num_tagged = 5;
  int tagged[num_tagged];
  char *pw;
  int keylen;

  wpa_fuzzer_set_debug_level();

  if (os_program_init())
    return 0;

  sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
  if (!sent_msg)
    return -1;
  radius_msg_finish(sent_msg, (const u8 *) "test", 4);

  msg = radius_msg_parse(data, size);
  if (msg) {
    radius_msg_dump(msg);
    radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
            buf, sizeof(buf));
    radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
    eap = radius_msg_get_eap(msg);
    wpa_hexdump_buf(MSG_INFO, "EAP", eap);
    wpabuf_free(eap);
    pw = radius_msg_get_tunnel_password(msg, &keylen,
                (const u8 *) "test", 4,
                sent_msg, 1);
    if (pw)
      wpa_printf(MSG_INFO, "PW: %s", pw);
    os_free(pw);
    radius_msg_free(msg);
  }

  radius_msg_free(sent_msg);

  os_program_deinit();

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* hostapd - RADIUS fuzzer
3		* Copyright (c) 2025, Jouni Malinen <j@w1.fi>
4		*
5		* This software may be distributed under the terms of the BSD license.
6		* See README for more details.
7		*/
8
9		#include "utils/includes.h"
10
11		#include "utils/common.h"
12		#include "radius/radius.h"
13		#include "../fuzzer-common.h"
14
15
16		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17	933	{
18	933	struct radius_msg msg, sent_msg;
19	933	struct wpabuf *eap;
20	933	u8 buf[10];
21	933	int untagged;
22	933	const unsigned int num_tagged = 5;
23	933	int tagged[num_tagged];
24	933	char *pw;
25	933	int keylen;
26
27	933	wpa_fuzzer_set_debug_level();
28
29	933	if (os_program_init())
30	0	return 0;
31
32	933	sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
33	933	if (!sent_msg)
34	0	return -1;
35	933	radius_msg_finish(sent_msg, (const u8 *) "test", 4);
36
37	933	msg = radius_msg_parse(data, size);
38	933	if (msg) {
39	824	radius_msg_dump(msg);
40	824	radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
41	824	buf, sizeof(buf));
42	824	radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
43	824	eap = radius_msg_get_eap(msg);
44	824	wpa_hexdump_buf(MSG_INFO, "EAP", eap);
45	824	wpabuf_free(eap);
46	824	pw = radius_msg_get_tunnel_password(msg, &keylen,
47	824	(const u8 *) "test", 4,
48	824	sent_msg, 1);
49	824	if (pw)
50	10	wpa_printf(MSG_INFO, "PW: %s", pw);
51	824	os_free(pw);
52	824	radius_msg_free(msg);
53	824	}
54
55	933	radius_msg_free(sent_msg);
56
57	933	os_program_deinit();
58
59	933	return 0;
60	933	}

Coverage Report

Created: 2025-04-24 06:18