From c7cfa75e92c2fd00bcf1336973c51fa10d05610f Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 24 Oct 2020 22:40:08 +0800
Subject: [PATCH] Disable stderr output for fuzzer by default

---
 fuzz.h             | 15 +++++++++++++++
 fuzz/fuzz-common.c | 21 +++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/fuzz.h b/fuzz.h
index eb22c04..f25a835 100644
--- a/fuzz.h
+++ b/fuzz.h
@@ -15,6 +15,10 @@ void fuzz_common_setup(void);
 void fuzz_svr_setup(void);
 void fuzz_cli_setup(void);
 
+// constructor attribute so it runs before main(), including
+// in non-fuzzing mode.
+void fuzz_early_setup(void) __attribute__((constructor));
+
 // must be called once per fuzz iteration. 
 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
 int fuzz_set_input(const uint8_t *Data, size_t Size);
@@ -68,10 +72,21 @@ struct dropbear_fuzz_options {
     int dumping;
     // the file descriptor
     int recv_dumpfd;
+
+    // avoid filling fuzzing logs, this points to /dev/null
+    FILE *stderr;
 };
 
 extern struct dropbear_fuzz_options fuzz;
 
+/* This is a bodge but seems to work.
+ glibc stdio.h has the comment 
+ "C89/C99 say they're macros.  Make them happy." */
+#ifdef stderr
+#undef stderr
+#endif
+#define stderr (fuzz.stderr)
+
 #endif // DROPBEAR_FUZZ
 
 #endif /* DROPBEAR_FUZZ_H */
diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c
index a158691..065b7d9 100644
--- a/fuzz/fuzz-common.c
+++ b/fuzz/fuzz-common.c
@@ -11,12 +11,21 @@
 #include "atomicio.h"
 #include "fuzz-wrapfd.h"
 
+/* fuzz.h redefines stderr, we don't want that here */
+#undef stderr
+
 struct dropbear_fuzz_options fuzz;
 
 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param);
 static void load_fixed_hostkeys(void);
 static void load_fixed_client_key(void);
 
+// This runs automatically before main, due to contructor attribute in fuzz.h
+void fuzz_early_setup(void) {
+    /* Set stderr to point to normal stderr by default */
+    fuzz.stderr = stderr;
+}
+
 void fuzz_common_setup(void) {
 	disallow_core();
     fuzz.fuzzing = 1;
@@ -28,6 +37,18 @@ void fuzz_common_setup(void) {
     fuzz_seed("start", 5);
     /* let any messages get flushed */
     setlinebuf(stdout);
+#if DEBUG_TRACE
+    if (debug_trace)
+    {
+        fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n");
+    }
+    else
+#endif
+    {
+        fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n");
+        fuzz.stderr = fopen("/dev/null", "w");
+        assert(fuzz.stderr);
+    }
 }
 
 int fuzz_set_input(const uint8_t *Data, size_t Size) {