[jboss-jira] [JBoss JIRA] (ELY-743) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

Josef Cacek (JIRA) issues at jboss.org
Fri Nov 11 09:31:00 EST 2016 

Josef Cacek created ELY-743:
-------------------------------

             Summary: Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
                 Key: ELY-743
                 URL: https://issues.jboss.org/browse/ELY-743
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Josef Cacek
            Assignee: Darran Lofthouse


Coverity static-analysis scan found 3 possible calls on null objects in {{ServerAuthenticationContext}} class.

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541382&mergedDefectId=1369286

In {​{ServerAuthenticationContext.AuthorizedState.​isSamePrincipal(Principal)}} - Return value of function which returns null is dereferenced without checking.
{code}
2039    boolean isSamePrincipal(final Principal principal) {
    
// 1. returned_null: getName returns null (checked 9 out of 11 times). (The virtual call resolves to org.wildfly.security.auth.server.PrincipalDecoder.<clinit>/<gen>org.wildfly.security.auth.server.PrincipalDecoder_instance_2.getName.) [show details]
    
// 2. var_assigned: Assigning: name = null return value from getName.
2040        String name = authorizedIdentity.getSecurityDomain().getPrincipalDecoder().getName(principal);
    
// CID 1369286 (#1 of 1): Dereference null return value (NULL_RETURNS)3. dereference: Dereferencing a pointer that might be null name when calling isSameName. [show details]
2041        return isSameName(name);
2042    }
{code}

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541377&mergedDefectId=1369289
In {{ServerAuthenticationContext.NameAssignedState.​isSamePrincipal(Principal)}} - the same as the previous one.

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541378&mergedDefectId=1369304
In {{​ServerAuthenticationContext.ANONYMOUS.​handleOne(​Callback[], int)}}
{code}
790    final PasswordCallback passwordCallback = (PasswordCallback) callback;
791
   
// 8. returned_null: getCredentialAcquireSupport returns null (checked 0 out of 1 times). [show details]
   
// CID 1369304 (#1 of 1): Dereference null return value (NULL_RETURNS)9. null_method_call: Calling a method on null object getCredentialAcquireSupport(org.wildfly.security.credential.PasswordCredential.class).
792    if (getCredentialAcquireSupport(PasswordCredential.class).mayBeSupported()) {
{code}

*Suggested improvement*
Add null checks.




--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list