Martin Choma created ELY-1278:
---------------------------------
Summary: Coverity static analysis: Dereference null return value in
ServerAuthenticationContext (Elytron)
Key: ELY-1278
URL:
https://issues.jboss.org/browse/ELY-1278
Project: WildFly Elytron
Issue Type: Bug
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Coverity found possible NPE occurense, as according to javadoc for
{{SSLSession().getLocalCertificates()}} may return null [1], but
{{X500.asX509CertificateArray}} can't consume null parameter and NPE will be thrown in
that case.
{code:java|title=ServerAuthenticationContext.java}
} else if (callback instanceof SSLCallback) {
SSLCallback sslCallback = (SSLCallback) callback;
try {
peerCerts =
X500.asX509CertificateArray(sslCallback.getSslSession().getPeerCertificates());
} catch (SSLPeerUnverifiedException e) {
log.trace("Peer unverified", e);
peerCerts = null;
}
serverCerts =
X500.asX509CertificateArray(sslCallback.getSslSession().getLocalCertificates());
handleOne(callbacks, idx + 1);
}
{code}
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=26379...
[1]
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSession.html#g...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)