[jboss-jira] [JBoss JIRA] (WFLY-8104) Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)
Martin Choma (JIRA)
issues at jboss.org
Tue Feb 14 02:19:01 EST 2017
Martin Choma created WFLY-8104:
----------------------------------
Summary: Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)
Key: WFLY-8104
URL: https://issues.jboss.org/browse/WFLY-8104
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Coverity found 2 possible occurences of dereferencing null.
https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359321&mergedDefectId=1395588
https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=9564434&defectInstanceId=2359320&mergedDefectId=1396462
{code:java}
private char[] resolvePassword() throws Exception {
ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue();
CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null;
if (cs != null) {
return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword();
} else {
throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath());
}
}
{code}
Both {{getCredential(Class<C> credentialType)}} and {{getPassword(Class<P> type)}} have in javadoc mentioned return value can be null.
Also in org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder.SimpleDirContextFactory.obtainDirContext(org.wildfly.security.auth.realm.ldap.DirContextFactory.ReferralMode) returned value are explicitely checked on null value.
Add null check also in {{resolvePassword()}} method
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list