Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are...

author Frédéric Buclin <LpSolit@gmail.com>

Thu, 4 Aug 2011 20:21:30 +0000 (22:21 +0200)

committer Frédéric Buclin <LpSolit@gmail.com>

Thu, 4 Aug 2011 20:21:30 +0000 (22:21 +0200)
author Frédéric Buclin <LpSolit@gmail.com>
Thu, 4 Aug 2011 20:21:30 +0000 (22:21 +0200)
committer Frédéric Buclin <LpSolit@gmail.com>
Thu, 4 Aug 2011 20:21:30 +0000 (22:21 +0200)
diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm

index c0ea6ca0d9f697026aae90524daa46dba6c0e980..7cd350ddee0f1793e46d9303b1f988020163b798 100644 (file)
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -795,7 +795,10 @@ sub create {
      # If we have a filehandle, we need its content to store it in the DB.
      elsif (ref $data) {
          local $/;
-        $data = <$data>;
+        # Store the content in a temp variable while we close the FH.
+        my $tmp = <$data>;
+        close $data;
+        $data = $tmp;
      }
  
      my $sth = $dbh->prepare("INSERT INTO attach_data
author	Frédéric Buclin <LpSolit@gmail.com>
	Thu, 4 Aug 2011 20:21:30 +0000 (22:21 +0200)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Thu, 4 Aug 2011 20:21:30 +0000 (22:21 +0200)