Closed
Bug 660502
(CVE-2011-2977)
Opened 13 years ago
Closed 13 years ago
[SECURITY] Temporary files for uploaded attachments are not deleted on Windows (again)
Categories
(Bugzilla :: Attachments & Requests, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 3.6
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
(Keywords: regression, Whiteboard: [Bugzilla 3.6rc1 and older not affected])
Attachments
(2 files)
382 bytes,
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
652 bytes,
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
We already fixed this problem in Bugzilla 2.20.5 in bug 414002, and it's still working fine in Bugzilla 3.2 and 3.4, but we regressed this again in Bugzilla 3.6. No idea so far what regressed this. As a user having local access to the server can access the Temp\ directory on Windows, attachments which are uploaded to security bugs or marked as private are still accessible to such users, even if they cannot access them using Bugzilla.
Flags: blocking4.2+
Flags: blocking4.0.2+
Flags: blocking3.6.6+
Assignee | ||
Updated•13 years ago
|
Whiteboard: [Bugzilla 3.4.x and older not affected]
Assignee | ||
Comment 1•13 years ago
|
||
A good candidate for the regression is bug 454251, but it's just a guess.
Assignee | ||
Comment 2•13 years ago
|
||
(In reply to comment #1) > A good candidate for the regression is bug 454251, but it's just a guess. It's not this one. revno 6854 is fine (Bugzilla 3.5.2), but revno 7167 is not.
Assignee | ||
Comment 3•13 years ago
|
||
It's a regression due to bug 556429. revno 7112 works fine. revno 7113 is broken.
Depends on: 556429
Assignee | ||
Comment 4•13 years ago
|
||
Bugzilla 3.6 and 3.7.1 are the first ones to be affected. 3.5.3 and older are fine.
Whiteboard: [Bugzilla 3.4.x and older not affected] → [Bugzilla 3.5.3 and older not affected]
Version: 4.0.1 → 3.6
Assignee | ||
Comment 5•13 years ago
|
||
Explicitly closing the filehandle fixes the problem. The temporary file is now correctly purged (and the uploaded attachment integrity is correct). Tested on both 3.6.5 and 4.0.1.
Assignee: attach-and-request → LpSolit
Status: NEW → ASSIGNED
Attachment #535918 -
Flags: review?(mkanat)
Assignee | ||
Comment 6•13 years ago
|
||
Despite this bug appears after the commit of bug 556429, that bug is not the culprit. It only made this bug visible, but is not responsible for it.
No longer depends on: 556429
Assignee | ||
Comment 7•13 years ago
|
||
Attachment #535919 -
Flags: review?(mkanat)
Comment on attachment 535918 [details] [diff] [review] patch for 3.6 and 4.0, v1 r=glob
Attachment #535918 -
Flags: review?(mkanat) → review+
Comment on attachment 535919 [details] [diff] [review] patch for 4.2, v1 r=glob please add a comment on checkin explaining why this is required.
Attachment #535919 -
Flags: review?(mkanat) → review+
Assignee | ||
Comment 10•13 years ago
|
||
(In reply to comment #9) > please add a comment on checkin explaining why this is required. ok, will do. Thanks for the reviews! :)
Assignee | ||
Updated•13 years ago
|
Flags: approval?
Flags: approval4.0?
Flags: approval3.6?
Assignee | ||
Updated•13 years ago
|
Summary: Temporary files for uploaded attachments are not deleted on Windows (again) → [SECURITY] Temporary files for uploaded attachments are not deleted on Windows (again)
Assignee | ||
Updated•13 years ago
|
Whiteboard: [Bugzilla 3.5.3 and older not affected] → [Bugzilla 3.6rc1 and older not affected]
Assignee | ||
Updated•13 years ago
|
Flags: approval?
Flags: approval4.0?
Flags: approval4.0+
Flags: approval3.6?
Flags: approval3.6+
Flags: approval+
Assignee | ||
Comment 12•13 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified Bugzilla/Attachment.pm Committed revision 7889. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/ modified Bugzilla/Attachment.pm Committed revision 7635. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/3.6/ modified Bugzilla/Attachment.pm Committed revision 7252.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•