[jboss-jira] [JBoss JIRA] (ELY-751) Coverity static analysis: Explicit null dereferenced in LdapKeyStore (Elytron)
Jan Kalina (JIRA)
issues at jboss.org
Thu Dec 1 09:46:00 EST 2016
[ https://issues.jboss.org/browse/ELY-751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13332363#comment-13332363 ]
Jan Kalina commented on ELY-751:
--------------------------------
I think you can put anything into type - it is not used on any other place
maybe lets just put "new LdapKeyStore(spi, null, "LdapRealm");" instead (for example)
> Coverity static analysis: Explicit null dereferenced in LdapKeyStore (Elytron)
> ------------------------------------------------------------------------------
>
> Key: ELY-751
> URL: https://issues.jboss.org/browse/ELY-751
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Priority: Critical
> Labels: static_analysis
>
> Coverity static-analysis scan found possible use of null object in {{LdapKeyStore}} constructor.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760194&defectInstanceId=1541374&mergedDefectId=1369294
> The {{LdapKeyStore.Builder.build()}} method constructs the {{LdapKeyStore}} instance this way:
> {code}
> return new LdapKeyStore(spi, null, null);
> {code}
> and the constructor just calls parent ctor:
> {code}
> protected LdapKeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type) {
> super(keyStoreSpi, provider, type);
> }
> {code}
> And it fails with NPE if debug for {{KeyStore}} is enabled as the constructor contains:
> {code}
> if (!skipDebug && pdebug != null) {
> pdebug.println("KeyStore." + type.toUpperCase() + " type from: " +
> this.provider.getName());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list