[jboss-jira] [JBoss JIRA] (WFLY-8093) Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)
Martin Choma (JIRA)
issues at jboss.org
Mon Feb 13 06:18:00 EST 2017
Martin Choma created WFLY-8093:
----------------------------------
Summary: Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)
Key: WFLY-8093
URL: https://issues.jboss.org/browse/WFLY-8093
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Coverity static-analysis scan found possible call on null object in KeyStoreCredentialStore class:
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=9564274&defectInstanceId=2359189&mergedDefectId=1402109
In if branch where flow will get only if location is null, location is dereferenced:
{code:java|title=KeyStoreCredentialStore.java}
if (location != null && Files.exists(location))
try (InputStream fileStream = Files.newInputStream(location)) {
keyStore.load(fileStream, getStorePassword(protectionParameter));
enumeration = keyStore.aliases();
} catch (GeneralSecurityException | IOException e) {
throw log.cannotInitializeCredentialStore(e);
} else if (create) {
try {
keyStore.load(null, null);
enumeration = Collections.emptyEnumeration();
} catch (CertificateException | IOException | NoSuchAlgorithmException e) {
throw log.cannotInitializeCredentialStore(e);
}
} else {
throw log.automaticStorageCreationDisabled(location.toString());
}
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list