[jboss-jira] [JBoss JIRA] (SECURITY-648) Files are not being closed properly in some places
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Mar 5 08:42:36 EST 2012
[ https://issues.jboss.org/browse/SECURITY-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil Saldhana updated SECURITY-648:
-----------------------------------
Fix Version/s: PicketBox_v4_0_7
Affects Version/s: PicketBox_v4_0_6
Component/s: JBossSX
> Files are not being closed properly in some places
> ---------------------------------------------------
>
> Key: SECURITY-648
> URL: https://issues.jboss.org/browse/SECURITY-648
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: PicketBox_v4_0_6
> Reporter: Stuart Douglas
> Assignee: Anil Saldhana
> Fix For: PicketBox_v4_0_7
>
>
> org.picketbox.plugins.vault.PicketBoxSecurityVault#init opens two FileInputStreams and does not appear to close them in a finally block
> org.jboss.security.plugins.TmpFilePassword#toCharArray closes the file but does not use a finally block, so if there is an exception the file can leak
> org.picketbox.util.KeyStoreUtil#getKeyStore also open a FileInputStream and does not close it (in both versions of the function)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list