[jboss-jira] [JBoss JIRA] (ELY-741) Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Fri Nov 11 08:54:00 EST 2016
Josef Cacek created ELY-741:
-------------------------------
Summary: Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron)
Key: ELY-741
URL: https://issues.jboss.org/browse/ELY-741
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Coverity static-analysis scan found 2 possible calls on null objects in {{SSLConfiguratorImpl.getDefaultSSLParameters()}} method.
Both calls are related to following line:
{code}
configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites());
{code}
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5759887&defectInstanceId=1541383&mergedDefectId=1375370
The {{getCipherSuites()}} call can return null ({{javax.net.ssl.SSLParameters.getCipherSuites}}) which can propagate to {{CipherSuiteSelector.evaluate()}} call where {{supportedMechanisms.length}} is used without null check.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5759887&defectInstanceId=1541384&mergedDefectId=1375371
The {{getProtocols()}} call can return null ({{javax.net.ssl.SSLParameters.getProtocols}}) which can propagate to {{ProtocolSelector.evaluate()}} call where {{supportedProtocols}} is used in for loop without null check.
*Suggested improvement*
Add null checks.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list