From: Frédéric Buclin <LpSolit@gmail.com>
Date: Thu, 4 Aug 2011 20:21:30 +0000 (+0200)
Subject: Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are... 
X-Git-Tag: bugzilla-4.1.3~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10e5c4a1c297d0c7a22f866b9941ac71f70d0dd6;p=thirdparty%2Fbugzilla.git

Bug 660502: (CVE-2011-2977) [SECURITY] Temporary files for uploaded attachments are not deleted on Windows
r=glob a=LpSolit
---

diff --git a/Bugzilla/Attachment.pm b/Bugzilla/Attachment.pm
index c0ea6ca0d9..7cd350ddee 100644
--- a/Bugzilla/Attachment.pm
+++ b/Bugzilla/Attachment.pm
@@ -795,7 +795,10 @@ sub create {
     # If we have a filehandle, we need its content to store it in the DB.
     elsif (ref $data) {
         local $/;
-        $data = <$data>;
+        # Store the content in a temp variable while we close the FH.
+        my $tmp = <$data>;
+        close $data;
+        $data = $tmp;
     }
 
     my $sth = $dbh->prepare("INSERT INTO attach_data