[jboss-jira] [JBoss JIRA] (ELY-1050) Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey
Ilia Vassilev (JIRA)
issues at jboss.org
Mon Apr 3 08:06:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev reassigned ELY-1050:
----------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
> Coverity, derefere null return value in KeyStoreCredentialStore.saveSecretKey
> -----------------------------------------------------------------------------
>
> Key: ELY-1050
> URL: https://issues.jboss.org/browse/ELY-1050
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Martin Choma
> Assignee: Ilia Vassilev
> Priority: Critical
>
> Coverity found possible null dereference, as {{encrypt.getIV()}} could return null in cases when option {{cryptoAlg}} is configured to some algorithm, which does not use IV.
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=12563831&defectInstanceId=2991544&mergedDefectId=1422739
> {code:java|title=KeyStoreCredentialStore.java}
> private void saveSecretKey(String ksAlias, ObjectOutputStream oos, KeyStore.SecretKeyEntry entry) throws IOException, GeneralSecurityException {
> ByteArrayOutputStream entryData = new ByteArrayOutputStream(1024);
> ObjectOutputStream entryOos = new ObjectOutputStream(entryData);
> entryOos.writeUTF(ksAlias);
> writeBytes(entry.getSecretKey().getEncoded(), entryOos);
> entryOos.flush();
> encrypt.init(Cipher.ENCRYPT_MODE, storageSecretKey);
> int blockSize = encrypt.getBlockSize();
> Assert.checkMaximumParameter("cipher block size", 256, blockSize);
> byte[] padded = pkcs7Pad(entryData.toByteArray(), blockSize);
> byte[] encrypted = encrypt.doFinal(padded);
> byte[] iv = encrypt.getIV();
> oos.writeInt(SECRET_KEY_ENTRY_TYPE);
> writeBytes(encrypted, oos);
> writeBytes(iv, oos);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list