aboutsummaryrefslogtreecommitdiffstats
path: root/solc
diff options
context:
space:
mode:
authorDaniel Kirchner <daniel@ekpyron.org>2018-04-05 20:25:14 +0800
committerDaniel Kirchner <daniel@ekpyron.org>2018-04-12 00:52:22 +0800
commitc15cb6cc7ac68e539dd3969e614be52e9a943ec7 (patch)
treecdea8bee96837cffd048c69407a8cdd2e65e4858 /solc
parentf39f36f2c7f38ecc8c171447de4c65c8cb968640 (diff)
downloaddexon-solidity-c15cb6cc7ac68e539dd3969e614be52e9a943ec7.tar.gz
dexon-solidity-c15cb6cc7ac68e539dd3969e614be52e9a943ec7.tar.zst
dexon-solidity-c15cb6cc7ac68e539dd3969e614be52e9a943ec7.zip
Prevent information about file existence outside the allowed paths to leak by mimicing boost::filesystem::weakly_canonical.
Diffstat (limited to 'solc')
-rw-r--r--solc/CommandLineInterface.cpp14
1 files changed, 7 insertions, 7 deletions
diff --git a/solc/CommandLineInterface.cpp b/solc/CommandLineInterface.cpp
index 93203de6..4da394b2 100644
--- a/solc/CommandLineInterface.cpp
+++ b/solc/CommandLineInterface.cpp
@@ -700,13 +700,7 @@ bool CommandLineInterface::processInput()
try
{
auto path = boost::filesystem::path(_path);
- if (!boost::filesystem::exists(path))
- return ReadCallback::Result{false, "File not found."};
-
- auto canonicalPath = boost::filesystem::canonical(path);
- if (!boost::filesystem::is_regular_file(canonicalPath))
- return ReadCallback::Result{false, "Not a valid file."};
-
+ auto canonicalPath = weaklyCanonicalFilesystemPath(path);
bool isAllowed = false;
for (auto const& allowedDir: m_allowedDirectories)
{
@@ -723,6 +717,12 @@ bool CommandLineInterface::processInput()
if (!isAllowed)
return ReadCallback::Result{false, "File outside of allowed directories."};
+ if (!boost::filesystem::exists(canonicalPath))
+ return ReadCallback::Result{false, "File not found."};
+
+ if (!boost::filesystem::is_regular_file(canonicalPath))
+ return ReadCallback::Result{false, "Not a valid file."};
+
auto contents = dev::readFileAsString(canonicalPath.string());
m_sourceCodes[path.string()] = contents;
return ReadCallback::Result{true, contents};