[jboss-jira] [JBoss JIRA] (ELY-751) Coverity static analysis: Explicit null dereferenced in LdapKeyStore (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Fri Feb 10 10:26:00 EST 2017
[ https://issues.jboss.org/browse/ELY-751?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13361975#comment-13361975 ]
Ilia Vassilev commented on ELY-751:
-----------------------------------
Replaced "LdapRealm" -> "LdapKeyStore" with PR [1].
[1] https://github.com/wildfly-security/wildfly-elytron/pull/669
> Coverity static analysis: Explicit null dereferenced in LdapKeyStore (Elytron)
> ------------------------------------------------------------------------------
>
> Key: ELY-751
> URL: https://issues.jboss.org/browse/ELY-751
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Priority: Critical
> Labels: static_analysis
>
> Coverity static-analysis scan found possible use of null object in {{LdapKeyStore}} constructor.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760194&defectInstanceId=1541374&mergedDefectId=1369294
> The {{LdapKeyStore.Builder.build()}} method constructs the {{LdapKeyStore}} instance this way:
> {code}
> return new LdapKeyStore(spi, null, null);
> {code}
> and the constructor just calls parent ctor:
> {code}
> protected LdapKeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type) {
> super(keyStoreSpi, provider, type);
> }
> {code}
> And it fails with NPE if debug for {{KeyStore}} is enabled as the constructor contains:
> {code}
> if (!skipDebug && pdebug != null) {
> pdebug.println("KeyStore." + type.toUpperCase() + " type from: " +
> this.provider.getName());
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list