/src/hostap/tests/fuzzing/radius/radius.c

Source
/*
 * hostapd - RADIUS fuzzer
 * Copyright (c) 2025, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "utils/includes.h"

#include "utils/common.h"
#include "radius/radius.h"
#include "../fuzzer-common.h"


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  struct radius_msg *msg, *sent_msg;
  struct wpabuf *eap;
  u8 buf[10];
  int untagged;
  const unsigned int num_tagged = 5;
  int tagged[num_tagged];
  char *pw;
  int keylen;

  wpa_fuzzer_set_debug_level();

  if (os_program_init())
    return 0;

  sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
  if (!sent_msg)
    return -1;
  radius_msg_finish(sent_msg, (const u8 *) "test", 4);

  msg = radius_msg_parse(data, size);
  if (msg) {
    radius_msg_dump(msg);
    radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
            buf, sizeof(buf));
    radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
    eap = radius_msg_get_eap(msg);
    wpa_hexdump_buf(MSG_INFO, "EAP", eap);
    wpabuf_free(eap);
    pw = radius_msg_get_tunnel_password(msg, &keylen,
                (const u8 *) "test", 4,
                sent_msg, 1);
    if (pw)
      wpa_printf(MSG_INFO, "PW: %s", pw);
    os_free(pw);
    radius_msg_free(msg);
  }

  radius_msg_free(sent_msg);

  os_program_deinit();

  return 0;
}

Line	Count	Source
1		/*
2		* hostapd - RADIUS fuzzer
3		* Copyright (c) 2025, Jouni Malinen <j@w1.fi>
4		*
5		* This software may be distributed under the terms of the BSD license.
6		* See README for more details.
7		*/
8
9		#include "utils/includes.h"
10
11		#include "utils/common.h"
12		#include "radius/radius.h"
13		#include "../fuzzer-common.h"
14
15
16		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17	939	{
18	939	struct radius_msg msg, sent_msg;
19	939	struct wpabuf *eap;
20	939	u8 buf[10];
21	939	int untagged;
22	939	const unsigned int num_tagged = 5;
23	939	int tagged[num_tagged];
24	939	char *pw;
25	939	int keylen;
26
27	939	wpa_fuzzer_set_debug_level();
28
29	939	if (os_program_init())
30	0	return 0;
31
32	939	sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
33	939	if (!sent_msg)
34	0	return -1;
35	939	radius_msg_finish(sent_msg, (const u8 *) "test", 4);
36
37	939	msg = radius_msg_parse(data, size);
38	939	if (msg) {
39	844	radius_msg_dump(msg);
40	844	radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
41	844	buf, sizeof(buf));
42	844	radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
43	844	eap = radius_msg_get_eap(msg);
44	844	wpa_hexdump_buf(MSG_INFO, "EAP", eap);
45	844	wpabuf_free(eap);
46	844	pw = radius_msg_get_tunnel_password(msg, &keylen,
47	844	(const u8 *) "test", 4,
48	844	sent_msg, 1);
49	844	if (pw)
50	11	wpa_printf(MSG_INFO, "PW: %s", pw);
51	844	os_free(pw);
52	844	radius_msg_free(msg);
53	844	}
54
55	939	radius_msg_free(sent_msg);
56
57	939	os_program_deinit();
58
59	939	return 0;
60	939	}

Coverage Report

Created: 2025-10-12 07:12