[jboss-jira] [JBoss JIRA] (ELY-1050) Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey
Martin Choma (JIRA)
issues at jboss.org
Mon Apr 3 04:23:01 EDT 2017
Martin Choma created ELY-1050:
---------------------------------
Summary: Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey
Key: ELY-1050
URL: https://issues.jboss.org/browse/ELY-1050
Project: WildFly Elytron
Issue Type: Bug
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Coverity found possible null dereference, as {{encrypt.getIV()}} could return null in cases when option {{cryptoAlg}} is configured to some algorithm, which does not use IV.
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=12563831&defectInstanceId=2991544&mergedDefectId=1422739
{code:java|title=KeyStoreCredentialStore.java}
private void saveSecretKey(String ksAlias, ObjectOutputStream oos, KeyStore.SecretKeyEntry entry) throws IOException, GeneralSecurityException {
ByteArrayOutputStream entryData = new ByteArrayOutputStream(1024);
ObjectOutputStream entryOos = new ObjectOutputStream(entryData);
entryOos.writeUTF(ksAlias);
writeBytes(entry.getSecretKey().getEncoded(), entryOos);
entryOos.flush();
encrypt.init(Cipher.ENCRYPT_MODE, storageSecretKey);
int blockSize = encrypt.getBlockSize();
Assert.checkMaximumParameter("cipher block size", 256, blockSize);
byte[] padded = pkcs7Pad(entryData.toByteArray(), blockSize);
byte[] encrypted = encrypt.doFinal(padded);
byte[] iv = encrypt.getIV();
oos.writeInt(SECRET_KEY_ENTRY_TYPE);
writeBytes(encrypted, oos);
writeBytes(iv, oos);
}
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list