/src/hostap/tests/fuzzing/radius/radius.c

Source
/*
 * hostapd - RADIUS fuzzer
 * Copyright (c) 2025, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "utils/includes.h"

#include "utils/common.h"
#include "radius/radius.h"
#include "../fuzzer-common.h"


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  struct radius_msg *msg, *sent_msg;
  struct wpabuf *eap;
  u8 buf[10];
  int untagged;
  const unsigned int num_tagged = 5;
  int tagged[num_tagged];
  char *pw;
  int keylen;

  wpa_fuzzer_set_debug_level();

  if (os_program_init())
    return 0;

  sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
  if (!sent_msg)
    return -1;
  radius_msg_finish(sent_msg, (const u8 *) "test", 4);

  msg = radius_msg_parse(data, size);
  if (msg) {
    radius_msg_dump(msg);
    radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
            buf, sizeof(buf));
    radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
    eap = radius_msg_get_eap(msg);
    wpa_hexdump_buf(MSG_INFO, "EAP", eap);
    wpabuf_free(eap);
    pw = radius_msg_get_tunnel_password(msg, &keylen,
                (const u8 *) "test", 4,
                sent_msg, 1);
    if (pw)
      wpa_printf(MSG_INFO, "PW: %s", pw);
    os_free(pw);
    radius_msg_free(msg);
  }

  radius_msg_free(sent_msg);

  os_program_deinit();

  return 0;
}

Line	Count	Source
1		/*
2		* hostapd - RADIUS fuzzer
3		* Copyright (c) 2025, Jouni Malinen <j@w1.fi>
4		*
5		* This software may be distributed under the terms of the BSD license.
6		* See README for more details.
7		*/
8
9		#include "utils/includes.h"
10
11		#include "utils/common.h"
12		#include "radius/radius.h"
13		#include "../fuzzer-common.h"
14
15
16		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17	1.00k	{
18	1.00k	struct radius_msg msg, sent_msg;
19	1.00k	struct wpabuf *eap;
20	1.00k	u8 buf[10];
21	1.00k	int untagged;
22	1.00k	const unsigned int num_tagged = 5;
23	1.00k	int tagged[num_tagged];
24	1.00k	char *pw;
25	1.00k	int keylen;
26
27	1.00k	wpa_fuzzer_set_debug_level();
28
29	1.00k	if (os_program_init())
30	0	return 0;
31
32	1.00k	sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
33	1.00k	if (!sent_msg)
34	0	return -1;
35	1.00k	radius_msg_finish(sent_msg, (const u8 *) "test", 4);
36
37	1.00k	msg = radius_msg_parse(data, size);
38	1.00k	if (msg) {
39	915	radius_msg_dump(msg);
40	915	radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
41	915	buf, sizeof(buf));
42	915	radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
43	915	eap = radius_msg_get_eap(msg);
44	915	wpa_hexdump_buf(MSG_INFO, "EAP", eap);
45	915	wpabuf_free(eap);
46	915	pw = radius_msg_get_tunnel_password(msg, &keylen,
47	915	(const u8 *) "test", 4,
48	915	sent_msg, 1);
49	915	if (pw)
50	12	wpa_printf(MSG_INFO, "PW: %s", pw);
51	915	os_free(pw);
52	915	radius_msg_free(msg);
53	915	}
54
55	1.00k	radius_msg_free(sent_msg);
56
57	1.00k	os_program_deinit();
58
59	1.00k	return 0;
60	1.00k	}

Coverage Report

Created: 2026-04-12 06:28