]
Ilia Vassilev reassigned WFCORE-2394:
-------------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
Coverity static analysis, dereference after null check,
KeyStoreCredentialStore (Elytron)
-----------------------------------------------------------------------------------------
Key: WFCORE-2394
URL:
https://issues.jboss.org/browse/WFCORE-2394
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Ilia Vassilev
Priority: Critical
Coverity static-analysis scan found possible call on null object in
KeyStoreCredentialStore class:
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=95642...
In if branch where flow will get only if location is null, location is dereferenced:
{code:java|title=KeyStoreCredentialStore.java}
if (location != null && Files.exists(location))
try (InputStream fileStream = Files.newInputStream(location)) {
keyStore.load(fileStream, getStorePassword(protectionParameter));
enumeration = keyStore.aliases();
} catch (GeneralSecurityException | IOException e) {
throw log.cannotInitializeCredentialStore(e);
} else if (create) {
try {
keyStore.load(null, null);
enumeration = Collections.emptyEnumeration();
} catch (CertificateException | IOException | NoSuchAlgorithmException e) {
throw log.cannotInitializeCredentialStore(e);
}
} else {
throw log.automaticStorageCreationDisabled(location.toString());
}
{code}