]
Ilia Vassilev reassigned ELY-1050:
----------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
Coverity, derefere null return value in
KeyStoreCredentialStore.saveSecretKey
-----------------------------------------------------------------------------
Key: ELY-1050
URL:
https://issues.jboss.org/browse/ELY-1050
Project: WildFly Elytron
Issue Type: Bug
Reporter: Martin Choma
Assignee: Ilia Vassilev
Priority: Critical
Coverity found possible null dereference, as {{encrypt.getIV()}} could return null in
cases when option {{cryptoAlg}} is configured to some algorithm, which does not use IV.
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=12563...
{code:java|title=KeyStoreCredentialStore.java}
private void saveSecretKey(String ksAlias, ObjectOutputStream oos,
KeyStore.SecretKeyEntry entry) throws IOException, GeneralSecurityException {
ByteArrayOutputStream entryData = new ByteArrayOutputStream(1024);
ObjectOutputStream entryOos = new ObjectOutputStream(entryData);
entryOos.writeUTF(ksAlias);
writeBytes(entry.getSecretKey().getEncoded(), entryOos);
entryOos.flush();
encrypt.init(Cipher.ENCRYPT_MODE, storageSecretKey);
int blockSize = encrypt.getBlockSize();
Assert.checkMaximumParameter("cipher block size", 256, blockSize);
byte[] padded = pkcs7Pad(entryData.toByteArray(), blockSize);
byte[] encrypted = encrypt.doFinal(padded);
byte[] iv = encrypt.getIV();
oos.writeInt(SECRET_KEY_ENTRY_TYPE);
writeBytes(encrypted, oos);
writeBytes(iv, oos);
}
{code}