FreeRDP
TestFuzzCoreClient.c
1 #include <freerdp/client.h>
2 
3 #include "../fastpath.h"
4 #include "../surface.h"
5 #include "../window.h"
6 #include "../info.h"
7 #include "../multitransport.h"
8 
9 static BOOL test_client(const uint8_t* Data, size_t Size)
10 {
11  RDP_CLIENT_ENTRY_POINTS entry = { 0 };
12 
13  entry.Version = RDP_CLIENT_INTERFACE_VERSION;
14  entry.Size = sizeof(RDP_CLIENT_ENTRY_POINTS_V1);
15  entry.ContextSize = sizeof(rdpContext);
16 
17  rdpContext* context = freerdp_client_context_new(&entry);
18  if (!context)
19  goto fail;
20 
21  rdpRdp* rdp = context->rdp;
22  WINPR_ASSERT(rdp);
23 
24  wStream sbuffer = { 0 };
25  wStream* s = Stream_StaticConstInit(&sbuffer, Data, Size);
26 
27  {
28  rdpFastPath* fastpath = rdp->fastpath;
29  WINPR_ASSERT(fastpath);
30 
31  fastpath_recv_updates(fastpath, s);
32  fastpath_recv_inputs(fastpath, s);
33 
34  UINT16 length = 0;
35  fastpath_read_header_rdp(fastpath, s, &length);
36  fastpath_decrypt(fastpath, s, &length);
37  }
38 
39  {
40  UINT16 length = 0;
41  UINT16 flags = 0;
42  UINT16 channelId = 0;
43  UINT16 tpktLength = 0;
44  UINT16 remainingLength = 0;
45  UINT16 type = 0;
46  UINT16 securityFlags = 0;
47  UINT32 share_id = 0;
48  BYTE compressed_type = 0;
49  BYTE btype = 0;
50  UINT16 compressed_len = 0;
51 
52  rdp_recv_callback(rdp->transport, s, rdp);
53  rdp_read_security_header(rdp, s, &flags, &length);
54  rdp_read_header(rdp, s, &length, &channelId);
55  rdp_read_share_control_header(rdp, s, &tpktLength, &remainingLength, &type, &channelId);
56  rdp_read_share_data_header(rdp, s, &length, &btype, &share_id, &compressed_type,
57  &compressed_len);
58  rdp_recv_enhanced_security_redirection_packet(rdp, s);
59  rdp_recv_out_of_sequence_pdu(rdp, s, type, length);
60  rdp_recv_message_channel_pdu(rdp, s, securityFlags);
61  }
62  {
63  rdpUpdate* update = rdp->update;
64  UINT16 channelId = 0;
65  UINT16 length = 0;
66  UINT16 pduSource = 0;
67  UINT16 pduLength = 0;
68  update_recv_order(update, s);
69  update_recv_altsec_window_order(update, s);
70  update_recv_play_sound(update, s);
71  update_recv_pointer(update, s);
72  update_recv_surfcmds(update, s);
73  rdp_recv_get_active_header(rdp, s, &channelId, &length);
74  rdp_recv_demand_active(rdp, s, pduSource, length);
75  rdp_recv_confirm_active(rdp, s, pduLength);
76  }
77  {
78  rdpNla* nla = nla_new(rdp->context, rdp->transport);
79  nla_recv_pdu(nla, s);
80  nla_free(nla);
81  }
82  {
83  rdp_recv_heartbeat_packet(rdp, s);
84  rdp->state = CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE;
85  rdp_recv_client_info(rdp, s);
86  rdp_recv_save_session_info(rdp, s);
87  }
88  {
89  freerdp_is_valid_mcs_create_request(Data, Size);
90  freerdp_is_valid_mcs_create_response(Data, Size);
91  }
92  {
93  multitransport_recv_request(rdp->multitransport, s);
94  multitransport_recv_response(rdp->multitransport, s);
95  }
96  {
97  autodetect_recv_request_packet(rdp->autodetect, RDP_TRANSPORT_TCP, s);
98  autodetect_recv_response_packet(rdp->autodetect, RDP_TRANSPORT_TCP, s);
99  }
100  {
101  rdp_recv_deactivate_all(rdp, s);
102  rdp_recv_server_synchronize_pdu(rdp, s);
103  rdp_recv_client_synchronize_pdu(rdp, s);
104 
105  rdp_recv_data_pdu(rdp, s);
106  rdp_recv_font_map_pdu(rdp, s);
107  }
108 fail:
109  freerdp_client_context_free(context);
110  return TRUE;
111 }
112 
113 int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)
114 {
115  test_client(Data, Size);
116  return 0;
117 }