July 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-609) Unguarded read in ElytronPolicyConfiguration

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-609?page=com.atlassian.jira.plugin.sy... ] David Lloyd commented on ELY-609: --------------------------------- This one seems nontrivial because more than one lock is used to mediate access, which is almost certainly wrong. > Unguarded read in ElytronPolicyConfiguration > -------------------------------------------- > > Key: ELY-609 > URL: https://issues.jboss.org/browse/ELY-609 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: static_analysis > Fix For: 1.1.0.Beta8 > > > Access to fields {{uncheckedPermissions}}, {{excludedPermissions}} and {{rolePermissions}} in {{org.wildfly.security.authz.jacc.ElytronPolicyConfiguration}} is holded by lock. However lock is not used in their getter methods. Getters should be also handled by locks to avoid unguarded read of those fields. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-612) Missing or unnecessary null check in AbstractDigestMechanism

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-612?page=com.atlassian.jira.plugin.sy... ] David Lloyd reassigned ELY-612: ------------------------------- Assignee: David Lloyd (was: Darran Lofthouse) > Missing or unnecessary null check in AbstractDigestMechanism > ------------------------------------------------------------ > > Key: ELY-612 > URL: https://issues.jboss.org/browse/ELY-612 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Assignee: David Lloyd > Labels: static_analysis > Fix For: 1.1.0.Beta8 > > > There is missing or unnecessary null check in {{getSaltedPasswordFromTwoWay}} method of org.wildfly.security.sasl.digest.AbstractDigestMechanism. {{char[] passwordChars}} is assigned on line 650 [1]. > * In case when null can be assigned to {{passwordChars}} then there is missing null check before calling {{userRealmPasswordDigest(messageDigest, username, realm, passwordChars);}} on line 658 which can result to NPE. > * In case when null cannot be assigned to {{passwordChars}} then there is unnecessary null check on line 659. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/e01a09572b02f33d... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-610) Missing null check in build() method of X509CertificateBuilder

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-610?page=com.atlassian.jira.plugin.sy... ] David Lloyd reassigned ELY-610: ------------------------------- Assignee: David Lloyd (was: Darran Lofthouse) > Missing null check in build() method of X509CertificateBuilder > -------------------------------------------------------------- > > Key: ELY-610 > URL: https://issues.jboss.org/browse/ELY-610 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Assignee: David Lloyd > Labels: static_analysis > Fix For: 1.1.0.Beta8 > > > Calling {{ASN1.oidFromSignatureAlgorithm(String)}} in {{org.wildfly.security.x500.cert.X509CertificateBuilder.build()}} method on line 375 [1] for unknown algorithms returns null which is assigned to {{signatureAlgorithmOid}} and results to NPE thrown from {{derEncoder.encodeObjectIdentifier(signatureAlgorithmOid)}} on line 377. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/e01a09572b02f33d... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-614) Missing null check in equals() method of AbstractPermission

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-614?page=com.atlassian.jira.plugin.sy... ] David Lloyd reassigned ELY-614: ------------------------------- Assignee: David Lloyd (was: Darran Lofthouse) > Missing null check in equals() method of AbstractPermission > ----------------------------------------------------------- > > Key: ELY-614 > URL: https://issues.jboss.org/browse/ELY-614 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Assignee: David Lloyd > Labels: static_analysis > Fix For: 1.1.0.Beta8 > > > There is missing null check in {{org.wildfly.security.permission.AbstractPermission.equals(Object obj)}} method. NPE is thrown for null {{obj}} parameter. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-611) Unintentional integer overflow in LongNameSetPermissionCollection

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-611?page=com.atlassian.jira.plugin.sy... ] David Lloyd reassigned ELY-611: ------------------------------- Assignee: David Lloyd (was: Darran Lofthouse) > Unintentional integer overflow in LongNameSetPermissionCollection > ----------------------------------------------------------------- > > Key: ELY-611 > URL: https://issues.jboss.org/browse/ELY-611 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Assignee: David Lloyd > Labels: static_analysis > Fix For: 1.1.0.Beta8 > > > There are potentially overflowing expressions in org.wildfly.security.permission.LongNameSetPermissionCollection in {{getBitsForName}} method. Expressions {{1 << nameEnumeration.size()}} and {{1 << nameEnumeration.indexOf(name)}} are evaluated as integer but assigned to {{bits}} variable which is long. It can be avoided by casting {{1}} to long. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-615) Improvement for usage of file.mkdirs() in FileSystemSecurityRealm.Identity

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-615?page=com.atlassian.jira.plugin.sy... ] David Lloyd resolved ELY-615. ----------------------------- Resolution: Rejected This one is not a bug, but was deliberate, and the reason is that there are only three possible outcomes to this operation: # The directory is created - in this case everything is fine # The directory already exists - in this case everything is still fine # The directory doesn't exist but can't be created for some reason - in this case the subsequent file operation will fail Because 2 & 3 cannot be distinguished reliably, it's better to just defer until the filesystem operation. > Improvement for usage of file.mkdirs() in FileSystemSecurityRealm.Identity > -------------------------------------------------------------------------- > > Key: ELY-615 > URL: https://issues.jboss.org/browse/ELY-615 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Minor > Labels: static_analysis > Fix For: 1.1.0.Beta8 > > > There is method {{tempPath()}} in org.wildfly.security.auth.realm.FileSystemSecurityRealm.Identity which uses {{file.mkdirs()}} without checking its return value. It is bad practice to ignore return value of this method (since false means that file has not been created and it can result to any unexpected and confusing failure later). -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1242) built-in accumulate functions shall ignore NULLs

by Matteo Mortari (JIRA)

Matteo Mortari created DROOLS-1242: -------------------------------------- Summary: built-in accumulate functions shall ignore NULLs Key: DROOLS-1242 URL: https://issues.jboss.org/browse/DROOLS-1242 Project: Drools Issue Type: Enhancement Components: core engine Reporter: Matteo Mortari Assignee: Matteo Mortari Priority: Optional This is a spin-off out of another problem [here|https://issues.jboss.org/browse/GUVNOR-2589?focusedCommentId=1326892...] for a proposal of improvement. It could actually be beneficial for built-in accumulate functions to ignore NULLs. This would be similar behavior of other languages such: * SQL (e.g.: MySQL, Oracle, ..) * Clojure Currently it is up to the rule author to put a guarding condition in the first accumulate {{<source pattern>}} to manually ignore null sources to avoid the built-in accumulate functions to ignore NULLs. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1242) built-in accumulate functions shall ignore NULLs

by Matteo Mortari (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1242?page=com.atlassian.jira.plugi... ] Matteo Mortari updated DROOLS-1242: ----------------------------------- Description: This is a spin-off out of another problem [here|https://issues.jboss.org/browse/GUVNOR-2589?focusedCommentId=1326892...] for a proposal of improvement. It could actually be beneficial for built-in accumulate functions to ignore NULLs. This would be similar behavior of other languages such: * SQL (e.g.: MySQL, Oracle, ..) * Clojure Currently it is up to the rule author to put a guarding condition in the first accumulate {{<source pattern>}} to manually ignore null sources to avoid the built-in accumulate functions to break trying to accumulate on NULLs. was: This is a spin-off out of another problem [here|https://issues.jboss.org/browse/GUVNOR-2589?focusedCommentId=1326892...] for a proposal of improvement. It could actually be beneficial for built-in accumulate functions to ignore NULLs. This would be similar behavior of other languages such: * SQL (e.g.: MySQL, Oracle, ..) * Clojure Currently it is up to the rule author to put a guarding condition in the first accumulate {{<source pattern>}} to manually ignore null sources to avoid the built-in accumulate functions to ignore NULLs. > built-in accumulate functions shall ignore NULLs > ------------------------------------------------ > > Key: DROOLS-1242 > URL: https://issues.jboss.org/browse/DROOLS-1242 > Project: Drools > Issue Type: Enhancement > Components: core engine > Reporter: Matteo Mortari > Assignee: Matteo Mortari > Priority: Optional > > This is a spin-off out of another problem [here|https://issues.jboss.org/browse/GUVNOR-2589?focusedCommentId=1326892...] for a proposal of improvement. > It could actually be beneficial for built-in accumulate functions to ignore NULLs. > This would be similar behavior of other languages such: > * SQL (e.g.: MySQL, Oracle, ..) > * Clojure > Currently it is up to the rule author to put a guarding condition in the first accumulate {{<source pattern>}} to manually ignore null sources to avoid the built-in accumulate functions to break trying to accumulate on NULLs. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6895) TimerService problem(duplicated resource)

by Artur Kowalczyk (JIRA)

[ https://issues.jboss.org/browse/WFLY-6895?page=com.atlassian.jira.plugin.... ] Artur Kowalczyk updated WFLY-6895: ---------------------------------- Git Pull Request: https://github.com/wildfly/wildfly/pull/9083 > TimerService problem(duplicated resource) > ----------------------------------------- > > Key: WFLY-6895 > URL: https://issues.jboss.org/browse/WFLY-6895 > Project: WildFly > Issue Type: Bug > Affects Versions: 10.0.0.Final > Environment: Two standalone instances connected into a cluster. > *Master WildFly* > {code} > standalone.bat -c standalone-full-ha.xml -Djboss.node.name=master > {code} > *Slave WildFly* > {code} > standalone.bat -c standalone-full-ha.xml -Djboss.node.name=slave -Djboss.socket.binding.port-offset=100 > {code} > Both instances has the same singleton policy defined in singleton-full-ha.xml: > {code} > <singleton-policy name="scada-singleton" cache-container="server"> > <simple-election-policy> > <name-preferences>master</name-preferences> > </simple-election-policy> > </singleton-policy> > {code} > Reporter: Artur Kowalczyk > Assignee: Jason Greene > > I found a problem with TimerService that occurs when your application is configured as a singleton deployment. > *Test Case* > # Start master node, the app is also started - OK > # Start slave node, the app is deployed but bot stared - OK > # Stop master node, the app is started on slave - OK > # Start master node, there is a preference for node name so the app will be started again on master and stopped in slave - OK > # Stop master node, the app should be started again on slave but an exception occur. - ERROR > {code} > 09:50:42,115 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service jboss.deployment.subunit."wildfly-ejb-in-ear.ear"."wildfly-ejb-in-ear-ejb.jar".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.subunit."wildfly-ejb-in-ear.ear"."wildfly-ejb-in-ear-ejb.jar".INSTALL: WFLYSRV0153: Failed to process phase INSTALL of subdeployment "wildfly-ejb-in-ear-ejb.jar" of deployment "wildfly-ejb-in-ear.ear" > at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0086: Failed to install management resources for TimerEJB > at org.jboss.as.ejb3.deployment.processors.EjbManagementDeploymentUnitProcessor.deploy(EjbManagementDeploymentUnitProcessor.java:82) > at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147) > ... 5 more > Caused by: java.lang.IllegalStateException: WFLYCTL0075: Duplicate resource timer-service > at org.jboss.as.controller.registry.AbstractModelResource$DefaultResourceProvider.register(AbstractModelResource.java:290) > at org.jboss.as.controller.registry.AbstractModelResource.registerChild(AbstractModelResource.java:169) > at org.jboss.as.server.deployment.DeploymentResourceSupport.register(DeploymentResourceSupport.java:322) > at org.jboss.as.server.deployment.DeploymentResourceSupport.registerDeploymentSubResource(DeploymentResourceSupport.java:219) > at org.jboss.as.ejb3.deployment.processors.EjbManagementDeploymentUnitProcessor.installManagementResource(EjbManagementDeploymentUnitProcessor.java:119) > at org.jboss.as.ejb3.deployment.processors.EjbManagementDeploymentUnitProcessor.deploy(EjbManagementDeploymentUnitProcessor.java:79) > ... 6 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6895) TimerService problem(duplicated resource)

by Artur Kowalczyk (JIRA)

[ https://issues.jboss.org/browse/WFLY-6895?page=com.atlassian.jira.plugin.... ] Artur Kowalczyk updated WFLY-6895: ---------------------------------- Issue Type: Bug (was: Feature Request) > TimerService problem(duplicated resource) > ----------------------------------------- > > Key: WFLY-6895 > URL: https://issues.jboss.org/browse/WFLY-6895 > Project: WildFly > Issue Type: Bug > Affects Versions: 10.0.0.Final > Environment: Two standalone instances connected into a cluster. > *Master WildFly* > {code} > standalone.bat -c standalone-full-ha.xml -Djboss.node.name=master > {code} > *Slave WildFly* > {code} > standalone.bat -c standalone-full-ha.xml -Djboss.node.name=slave -Djboss.socket.binding.port-offset=100 > {code} > Both instances has the same singleton policy defined in singleton-full-ha.xml: > {code} > <singleton-policy name="scada-singleton" cache-container="server"> > <simple-election-policy> > <name-preferences>master</name-preferences> > </simple-election-policy> > </singleton-policy> > {code} > Reporter: Artur Kowalczyk > Assignee: Jason Greene > > I found a problem with TimerService that occurs when your application is configured as a singleton deployment. > *Test Case* > # Start master node, the app is also started - OK > # Start slave node, the app is deployed but bot stared - OK > # Stop master node, the app is started on slave - OK > # Start master node, there is a preference for node name so the app will be started again on master and stopped in slave - OK > # Stop master node, the app should be started again on slave but an exception occur. - ERROR > {code} > 09:50:42,115 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service jboss.deployment.subunit."wildfly-ejb-in-ear.ear"."wildfly-ejb-in-ear-ejb.jar".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.subunit."wildfly-ejb-in-ear.ear"."wildfly-ejb-in-ear-ejb.jar".INSTALL: WFLYSRV0153: Failed to process phase INSTALL of subdeployment "wildfly-ejb-in-ear-ejb.jar" of deployment "wildfly-ejb-in-ear.ear" > at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0086: Failed to install management resources for TimerEJB > at org.jboss.as.ejb3.deployment.processors.EjbManagementDeploymentUnitProcessor.deploy(EjbManagementDeploymentUnitProcessor.java:82) > at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147) > ... 5 more > Caused by: java.lang.IllegalStateException: WFLYCTL0075: Duplicate resource timer-service > at org.jboss.as.controller.registry.AbstractModelResource$DefaultResourceProvider.register(AbstractModelResource.java:290) > at org.jboss.as.controller.registry.AbstractModelResource.registerChild(AbstractModelResource.java:169) > at org.jboss.as.server.deployment.DeploymentResourceSupport.register(DeploymentResourceSupport.java:322) > at org.jboss.as.server.deployment.DeploymentResourceSupport.registerDeploymentSubResource(DeploymentResourceSupport.java:219) > at org.jboss.as.ejb3.deployment.processors.EjbManagementDeploymentUnitProcessor.installManagementResource(EjbManagementDeploymentUnitProcessor.java:119) > at org.jboss.as.ejb3.deployment.processors.EjbManagementDeploymentUnitProcessor.deploy(EjbManagementDeploymentUnitProcessor.java:79) > ... 6 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 4 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2016