1 /*
2  * Copyright 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define PACKET_TESTING
18 #include "l2cap/l2cap_packets.h"
19 
20 #include <gtest/gtest.h>
21 #include <forward_list>
22 #include <memory>
23 
24 #include "os/log.h"
25 #include "packet/bit_inserter.h"
26 #include "packet/raw_builder.h"
27 
28 using bluetooth::packet::BitInserter;
29 using bluetooth::packet::RawBuilder;
30 using std::vector;
31 
32 namespace bluetooth {
33 namespace l2cap {
34 
35 std::vector<uint8_t> extended_information_start_frame = {
36     0x0B, /* First size byte */
37     0x00, /* Second size byte */
38     0xc1, /* First ChannelId byte */
39     0xc2, /**/
40     0x4A, /* 0x12 ReqSeq, Final, IFrame */
41     0xD0, /* 0x13 ReqSeq */
42     0x89, /* 0x21 TxSeq sar = START */
43     0x8C, /* 0x23 TxSeq  */
44     0x10, /* first length byte */
45     0x11, /**/
46     0x01, /* first payload byte */
47     0x02, 0x03, 0x04, 0x05,
48 };
49 
50 DEFINE_AND_INSTANTIATE_ExtendedInformationStartFrameReflectionTest(extended_information_start_frame);
51 
52 std::vector<uint8_t> i_frame_with_fcs = {0x0E, 0x00, 0x40, 0x00, 0x02, 0x00, 0x00, 0x01, 0x02,
53                                          0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x38, 0x61};
54 DEFINE_AND_INSTANTIATE_StandardInformationFrameWithFcsReflectionTest(i_frame_with_fcs);
55 
56 std::vector<uint8_t> rr_frame_with_fcs = {0x04, 0x00, 0x40, 0x00, 0x01, 0x01, 0xD4, 0x14};
57 DEFINE_AND_INSTANTIATE_StandardSupervisoryFrameWithFcsReflectionTest(rr_frame_with_fcs);
58 
59 std::vector<uint8_t> g_frame = {0x03, 0x00, 0x02, 0x00, 0x01, 0x02, 0x03};
60 DEFINE_AND_INSTANTIATE_GroupFrameReflectionTest(g_frame);
61 
62 std::vector<uint8_t> config_mtu_request = {0x04, 0x05, 0x08, 0x00, 0x41, 0x00, 0x00, 0x00, 0x01, 0x02, 0xa0, 0x02};
63 DEFINE_AND_INSTANTIATE_ConfigurationRequestReflectionTest(config_mtu_request);
64 
65 std::vector<uint8_t> config_request_one_defined_option = {0x04, 0x05, 0x08, 0x00, 0x41, 0x00,
66                                                           0x00, 0x00, 0x01, 0x02, 0x12, 0x34};
67 std::vector<uint8_t> config_request_two_defined_options = {0x04, 0x05, 0x0c, 0x00, 0x41, 0x00, 0x00, 0x00,
68                                                            0x01, 0x02, 0x12, 0x34, 0x02, 0x02, 0x56, 0x78};
69 std::vector<uint8_t> config_request_two_undefined_options = {0x04, 0x05, 0x0e, 0x00, 0x41, 0x00, 0x00, 0x00, 0x7f,
70                                                              0x02, 0x01, 0x00, 0x7e, 0x04, 0x11, 0x11, 0x00, 0x00};
71 std::vector<uint8_t> config_request_hint_one_defined_option = {0x04, 0x05, 0x08, 0x00, 0x41, 0x00,
72                                                                0x00, 0x00, 0x81, 0x02, 0x12, 0x34};
73 std::vector<uint8_t> config_request_hint_two_undefined_options = {0x04, 0x05, 0x0c, 0x00, 0x41, 0x00, 0x00, 0x00,
74                                                                   0x90, 0x02, 0x01, 0x00, 0x91, 0x02, 0x11, 0x11};
TEST(L2capPacketsTest,testConfigRequestOptions)75 TEST(L2capPacketsTest, testConfigRequestOptions) {
76   {
77     std::shared_ptr<std::vector<uint8_t>> view_bytes =
78         std::make_shared<std::vector<uint8_t>>(config_request_one_defined_option);
79 
80     PacketView<kLittleEndian> packet_bytes_view(view_bytes);
81     auto view = ConfigurationRequestView::Create(ControlView::Create(packet_bytes_view));
82     ASSERT_TRUE(view.IsValid());
83     ASSERT_EQ(1ul, view.GetConfig().size());
84   }
85 
86   {
87     std::shared_ptr<std::vector<uint8_t>> view_bytes =
88         std::make_shared<std::vector<uint8_t>>(config_request_two_defined_options);
89 
90     PacketView<kLittleEndian> packet_bytes_view(view_bytes);
91     auto view = ConfigurationRequestView::Create(ControlView::Create(packet_bytes_view));
92     ASSERT_TRUE(view.IsValid());
93     ASSERT_EQ(2ul, view.GetConfig().size());
94   }
95 
96   {
97     std::shared_ptr<std::vector<uint8_t>> view_bytes =
98         std::make_shared<std::vector<uint8_t>>(config_request_two_undefined_options);
99 
100     PacketView<kLittleEndian> packet_bytes_view(view_bytes);
101     auto view = ConfigurationRequestView::Create(ControlView::Create(packet_bytes_view));
102     ASSERT_TRUE(view.IsValid());
103     ASSERT_EQ(2ul, view.GetConfig().size());
104   }
105 
106   {
107     std::shared_ptr<std::vector<uint8_t>> view_bytes =
108         std::make_shared<std::vector<uint8_t>>(config_request_hint_one_defined_option);
109 
110     PacketView<kLittleEndian> packet_bytes_view(view_bytes);
111     auto view = ConfigurationRequestView::Create(ControlView::Create(packet_bytes_view));
112     ASSERT_TRUE(view.IsValid());
113     ASSERT_EQ(1ul, view.GetConfig().size());
114   }
115 
116   {
117     std::shared_ptr<std::vector<uint8_t>> view_bytes =
118         std::make_shared<std::vector<uint8_t>>(config_request_hint_two_undefined_options);
119 
120     PacketView<kLittleEndian> packet_bytes_view(view_bytes);
121     auto view = ConfigurationRequestView::Create(ControlView::Create(packet_bytes_view));
122     ASSERT_TRUE(view.IsValid());
123     ASSERT_EQ(2ul, view.GetConfig().size());
124   }
125 }
126 
127 DEFINE_ConfigurationRequestReflectionFuzzTest();
128 
TEST(L2capFuzzRegressions,ConfigurationRequestFuzz_5691566077247488)129 TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_5691566077247488) {
130   uint8_t bluetooth_gd_fuzz_test_5691566077247488[] = {
131       0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
132   };
133   RunConfigurationRequestReflectionFuzzTest(bluetooth_gd_fuzz_test_5691566077247488,
134                                             sizeof(bluetooth_gd_fuzz_test_5691566077247488));
135 }
136 
TEST(L2capFuzzRegressions,ConfigurationRequestFuzz_5747922062802944)137 TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_5747922062802944) {
138   uint8_t bluetooth_gd_fuzz_test_5747922062802944[] = {
139       0x04, 0x02, 0x02, 0x7f, 0x3f, 0x7f, 0x3f, 0x7e, 0x7f,
140   };
141   RunConfigurationRequestReflectionFuzzTest(bluetooth_gd_fuzz_test_5747922062802944,
142                                             sizeof(bluetooth_gd_fuzz_test_5747922062802944));
143 }
144 
TEST(L2capFuzzRegressions,ConfigurationRequestFuzz_5202709231697920)145 TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_5202709231697920) {
146   uint8_t bluetooth_gd_fuzz_test_5747922062802944[] = {
147       0x04, 0x01, 0x45, 0x45, 0x05, 0x01, 0x01, 0x45, 0x05, 0x01,
148   };
149 
150   RunConfigurationRequestReflectionFuzzTest(bluetooth_gd_fuzz_test_5747922062802944,
151                                             sizeof(bluetooth_gd_fuzz_test_5747922062802944));
152 }
153 
TEST(L2capFuzzRegressions,ConfigurationRequestFuzz_manual_5655429176229888)154 TEST(L2capFuzzRegressions, ConfigurationRequestFuzz_manual_5655429176229888) {
155   std::vector<uint8_t> vec{0xc7, 0x0f, 0x0b, 0xe8, 0xfb, 0xff};
156 
157   auto shared_bytes = std::make_shared<std::vector<uint8_t>>(vec);
158   PacketView<kLittleEndian> packet_bytes_view(shared_bytes);
159 
160   auto bfwf = BasicFrameWithFcsView::Create(packet_bytes_view);
161   ASSERT_FALSE(bfwf.IsValid());
162   auto sfwf = StandardFrameWithFcsView::Create(bfwf);
163   ASSERT_FALSE(sfwf.IsValid());
164   auto sif = StandardInformationFrameWithFcsView::Create(sfwf);
165   ASSERT_FALSE(sif.IsValid());
166 }
167 }  // namespace l2cap
168 }  // namespace bluetooth
169