[jboss-jira] [JBoss JIRA] (ELY-739) Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Fri Nov 11 07:43:00 EST 2016
Josef Cacek created ELY-739:
-------------------------------
Summary: Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)
Key: ELY-739
URL: https://issues.jboss.org/browse/ELY-739
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Coverity static-analysis scan found 3 possible calls on null objects in {{AbstractDigestMechanism}} class:
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541368&mergedDefectId=1369283
Method {{wrapConfidentialityProtectedMessage}}
{code}
cipheredPart = wrapCipher.update(toCipher);
// ... cipheredPart may be null
byte[] result = new byte[cipheredPart.length + 6];
{code}
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541380&mergedDefectId=1369285
Method {{createCipher}}
{code}
// the getTransformationSpec may be null - look at DefaultTransformationMapper
ciph = Cipher.getInstance(trans.getTransformationSpec(SaslMechanismInformation.Names.DIGEST_MD5, cipher).getTransformation());
{code}
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541367&mergedDefectId=1369297
Method {{unwrapConfidentialityProtectedMessage}}
{code}
clearText = unwrapCipher.update(message, offset, len - 6);
// the clearText may be null in clearText.length
System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10);
{code}
*Suggested improvement*
Add null checks.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list