[jboss-jira] [JBoss JIRA] (ELY-750) Coverity static analysis: Explicit null dereferenced in NonceManager (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Mon Nov 14 07:59:02 EST 2016
Josef Cacek created ELY-750:
-------------------------------
Summary: Coverity static analysis: Explicit null dereferenced in NonceManager (Elytron)
Key: ELY-750
URL: https://issues.jboss.org/browse/ELY-750
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Priority: Critical
Coverity static-analysis scan found 2 usages of null object in {{NonceManager}} class.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760290&defectInstanceId=1541375&mergedDefectId=1375730
The method {{generateNonce()}} without params, call {{generateNonce(null)}} - where {{null}} is provided as a ({{byte[] salt}})
It's used later in the code:
{code}
if (log.isTraceEnabled()) {
log.tracef("New nonce generated %s, using seed %s", nonce, new String(salt, StandardCharsets.UTF_8));
}
{code}
so it will throw NPE when trace-logging is enabled.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760290&defectInstanceId=1541376&mergedDefectId=1375731
similar problem in {{useNonce(nonce)}} calling {{useNonce(nonce, null)}}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list