diff options
author | Morgan Deters <mdeters@cs.nyu.edu> | 2014-04-04 14:50:52 -0400 |
---|---|---|
committer | Morgan Deters <mdeters@cs.nyu.edu> | 2014-04-04 15:27:16 -0400 |
commit | 1364389f19e55984cc52589b3af42322c300e00f (patch) | |
tree | ac33b345bfe9877698a5c1344c589ef3feeb2713 /src/smt | |
parent | 00d068f91c675edbe63c2f8c1dae283f300dd4cc (diff) |
For security, add --no-filesystem-access option, which disables SMT-LIB script access to filesystem.
Diffstat (limited to 'src/smt')
-rw-r--r-- | src/smt/options_handlers.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/smt/options_handlers.h b/src/smt/options_handlers.h index 49f2c7943..058a00f32 100644 --- a/src/smt/options_handlers.h +++ b/src/smt/options_handlers.h @@ -334,6 +334,8 @@ inline void dumpToFile(std::string option, std::string optarg, SmtEngine* smt) { throw OptionException(std::string("Bad file name for --dump-to")); } else if(optarg == "-") { outStream = &DumpOutC::dump_cout; + } else if(!options::filesystemAccess()) { + throw OptionException(std::string("Filesystem access not permitted")); } else { errno = 0; outStream = new std::ofstream(optarg.c_str(), std::ofstream::out | std::ofstream::trunc); @@ -357,6 +359,8 @@ inline void setRegularOutputChannel(std::string option, std::string optarg, SmtE outStream = &std::cout; } else if(optarg == "stderr") { outStream = &std::cerr; + } else if(!options::filesystemAccess()) { + throw OptionException(std::string("Filesystem access not permitted")); } else { errno = 0; outStream = new std::ofstream(optarg.c_str(), std::ofstream::out | std::ofstream::trunc); @@ -377,6 +381,8 @@ inline void setDiagnosticOutputChannel(std::string option, std::string optarg, S outStream = &std::cout; } else if(optarg == "stderr") { outStream = &std::cerr; + } else if(!options::filesystemAccess()) { + throw OptionException(std::string("Filesystem access not permitted")); } else { errno = 0; outStream = new std::ofstream(optarg.c_str(), std::ofstream::out | std::ofstream::trunc); @@ -415,6 +421,8 @@ inline std::ostream* checkReplayLogFilename(std::string option, std::string opta throw OptionException(std::string("Bad file name for --replay-log")); } else if(optarg == "-") { return &std::cout; + } else if(!options::filesystemAccess()) { + throw OptionException(std::string("Filesystem access not permitted")); } else { errno = 0; std::ostream* replayLog = new std::ofstream(optarg.c_str(), std::ofstream::out | std::ofstream::trunc); |