[jboss-jira] [JBoss JIRA] (ELY-750) Coverity static analysis: Explicit null dereferenced in NonceManager (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Tue Nov 15 10:49:02 EST 2016
[ https://issues.jboss.org/browse/ELY-750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev reassigned ELY-750:
---------------------------------
Assignee: Darran Lofthouse (was: Ilia Vassilev)
> Coverity static analysis: Explicit null dereferenced in NonceManager (Elytron)
> ------------------------------------------------------------------------------
>
> Key: ELY-750
> URL: https://issues.jboss.org/browse/ELY-750
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: static_analysis
> Fix For: 1.1.0.Beta15
>
>
> Coverity static-analysis scan found 2 usages of null object in {{NonceManager}} class.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760290&defectInstanceId=1541375&mergedDefectId=1375730
> The method {{generateNonce()}} without params, call {{generateNonce(null)}} - where {{null}} is provided as a ({{byte[] salt}})
> It's used later in the code:
> {code}
> if (log.isTraceEnabled()) {
> log.tracef("New nonce generated %s, using seed %s", nonce, new String(salt, StandardCharsets.UTF_8));
> }
> {code}
> so it will throw NPE when trace-logging is enabled.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760290&defectInstanceId=1541376&mergedDefectId=1375731
> similar problem in {{useNonce(nonce)}} calling {{useNonce(nonce, null)}}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list