[jboss-jira] [JBoss JIRA] (ELY-832) Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Wed Dec 14 10:26:00 EST 2016
Josef Cacek created ELY-832:
-------------------------------
Summary: Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)
Key: ELY-832
URL: https://issues.jboss.org/browse/ELY-832
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Coverity static-analysis scan found possible method call on null object in {{org.wildfly.security.credential.source.CredentialStoreCredentialSource.getCredential(java.lang.Class, java.lang.String, java.security.spec.AlgorithmParameterSpec)}}
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=6803729&defectInstanceId=1776827&mergedDefectId=1388281&eventId=1776827-8
The problematic piece of code is:
{code:java}
credential = credentialStore.retrieve(alias, credentialType);
return credential.castAs(credentialType, algorithmName, parameterSpec);
{code}
The {{retrieve()}} method may return {{null}} in some cases as can be seen in {{KeyStoreCredentialStore}} class:
{code:java}
//...
final TopEntry topEntry = cache.get(credentialAlias);
if (topEntry == null) {
return null;
}
//...
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list