Martin Choma created ELY-1480:
---------------------------------
Summary: Coverity, Explicit null dereferenced in FileSystemSecurityRealm
Key: ELY-1480
URL:
https://issues.jboss.org/browse/ELY-1480
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Client
Affects Versions: 1.2.0.Beta11
Reporter: Martin Choma
There are 2 occurences of call to PasswordFactory.getInstance(algorithm) in
FileSystemSecurityRealm where algorithm can be null, because algorithm is optional in
wildfly-config.xml
{code:xml|title=elytron-1_0_1.xsd}
<xsd:complexType name="credential-type">
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute name="algorithm" type="xsd:string"
use="optional"/>
<xsd:attribute name="format" type="xsd:string"
use="optional"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="otp-credential-type">
<xsd:simpleContent>
<xsd:extension base="xsd:string">
<xsd:attribute name="algorithm" type="xsd:string"
use="optional"/>
<xsd:attribute name="hash" type="xsd:string"
use="optional"/>
<xsd:attribute name="seed" type="xsd:string"
use="optional"/>
<xsd:attribute name="sequence" type="xsd:string"
use="optional"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
{code}
Algorithm is dereferenced in PasswordFactory.getInstance(algorithm) down in
{code:java|title=java.security.Provider$ServiceKey.java}
private ServiceKey(String type, String algorithm, boolean intern) {
this.type = type;
this.originalAlgorithm = algorithm;
algorithm = algorithm.toUpperCase(ENGLISH);
this.algorithm = intern ? algorithm.intern() : algorithm;
}
{code}
[1]
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847...
[2]
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=44847...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)