1 /*
2 * hostapd - RADIUS fuzzer
3 * Copyright (c) 2025, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "radius/radius.h"
13 #include "../fuzzer-common.h"
14
15
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)16 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17 {
18 struct radius_msg *msg, *sent_msg;
19 struct wpabuf *eap;
20 u8 buf[10];
21 int untagged;
22 const unsigned int num_tagged = 5;
23 int tagged[num_tagged];
24 char *pw;
25 int keylen;
26
27 wpa_fuzzer_set_debug_level();
28
29 if (os_program_init())
30 return 0;
31
32 sent_msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, 123);
33 if (!sent_msg)
34 return -1;
35 radius_msg_finish(sent_msg, (const u8 *) "test", 4);
36
37 msg = radius_msg_parse(data, size);
38 if (msg) {
39 radius_msg_dump(msg);
40 radius_msg_get_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS,
41 buf, sizeof(buf));
42 radius_msg_get_vlanid(msg, &untagged, num_tagged, tagged);
43 eap = radius_msg_get_eap(msg);
44 wpa_hexdump_buf(MSG_INFO, "EAP", eap);
45 wpabuf_free(eap);
46 pw = radius_msg_get_tunnel_password(msg, &keylen,
47 (const u8 *) "test", 4,
48 sent_msg, 1);
49 if (pw)
50 wpa_printf(MSG_INFO, "PW: %s", pw);
51 os_free(pw);
52 radius_msg_free(msg);
53 }
54
55 radius_msg_free(sent_msg);
56
57 os_program_deinit();
58
59 return 0;
60 }
61