FreeRDP
TestFuzzCoreServer.c
1 #include <freerdp/peer.h>
2 
3 #include "../fastpath.h"
4 #include "../surface.h"
5 #include "../window.h"
6 #include "../info.h"
7 #include "../multitransport.h"
8 
9 static BOOL test_server(const uint8_t* Data, size_t Size)
10 {
11  freerdp_peer* client = calloc(1, sizeof(freerdp_peer));
12  if (!client)
13  goto fail;
14  client->ContextSize = sizeof(rdpContext);
15  if (!freerdp_peer_context_new(client))
16  goto fail;
17 
18  WINPR_ASSERT(client->context);
19  rdpRdp* rdp = client->context->rdp;
20  WINPR_ASSERT(rdp);
21 
22  wStream sbuffer = { 0 };
23  wStream* s = Stream_StaticConstInit(&sbuffer, Data, Size);
24 
25  {
26  rdpFastPath* fastpath = rdp->fastpath;
27  WINPR_ASSERT(fastpath);
28 
29  fastpath_recv_updates(fastpath, s);
30  fastpath_recv_inputs(fastpath, s);
31 
32  UINT16 length = 0;
33  fastpath_read_header_rdp(fastpath, s, &length);
34  fastpath_decrypt(fastpath, s, &length);
35  }
36 
37  {
38  UINT16 length = 0;
39  UINT16 flags = 0;
40  UINT16 channelId = 0;
41  UINT16 tpktLength = 0;
42  UINT16 remainingLength = 0;
43  UINT16 type = 0;
44  UINT16 securityFlags = 0;
45  UINT32 share_id = 0;
46  BYTE compressed_type = 0;
47  BYTE btype = 0;
48  UINT16 compressed_len = 0;
49  rdp_read_security_header(rdp, s, &flags, &length);
50  rdp_read_header(rdp, s, &length, &channelId);
51  rdp_read_share_control_header(rdp, s, &tpktLength, &remainingLength, &type, &channelId);
52  rdp_read_share_data_header(rdp, s, &length, &btype, &share_id, &compressed_type,
53  &compressed_len);
54  rdp_recv_message_channel_pdu(rdp, s, securityFlags);
55  }
56  {
57  rdpUpdate* update = rdp->update;
58  UINT16 channelId = 0;
59  UINT16 length = 0;
60  UINT16 pduSource = 0;
61  UINT16 pduLength = 0;
62  update_recv_order(update, s);
63  update_recv_altsec_window_order(update, s);
64  update_recv_play_sound(update, s);
65  update_recv_pointer(update, s);
66  update_recv_surfcmds(update, s);
67  rdp_recv_get_active_header(rdp, s, &channelId, &length);
68  rdp_recv_demand_active(rdp, s, pduSource, length);
69  rdp_recv_confirm_active(rdp, s, pduLength);
70  }
71  {
72  rdpNla* nla = nla_new(rdp->context, rdp->transport);
73  nla_recv_pdu(nla, s);
74  nla_free(nla);
75  }
76  {
77  rdp_recv_heartbeat_packet(rdp, s);
78  rdp->state = CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE;
79  rdp_recv_client_info(rdp, s);
80  }
81  {
82  freerdp_is_valid_mcs_create_request(Data, Size);
83  freerdp_is_valid_mcs_create_response(Data, Size);
84  }
85  {
86  multitransport_recv_request(rdp->multitransport, s);
87  multitransport_recv_response(rdp->multitransport, s);
88  }
89  {
90  autodetect_recv_request_packet(rdp->autodetect, RDP_TRANSPORT_TCP, s);
91  autodetect_recv_response_packet(rdp->autodetect, RDP_TRANSPORT_TCP, s);
92  }
93  {
94  rdp_recv_deactivate_all(rdp, s);
95  rdp_recv_server_synchronize_pdu(rdp, s);
96  rdp_recv_client_synchronize_pdu(rdp, s);
97  }
98 fail:
99  freerdp_peer_context_free(client);
100  free(client);
101  return TRUE;
102 }
103 
104 int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)
105 {
106  test_server(Data, Size);
107  return 0;
108 }