[jboss-jira] [JBoss JIRA] (ELY-743) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

Ilia Vassilev (JIRA) issues at jboss.org
Fri Feb 17 13:32:00 EST 2017 

     [ https://issues.jboss.org/browse/ELY-743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ilia Vassilev updated ELY-743:
------------------------------
    Fix Version/s: 1.1.0.Beta16


> Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
> ------------------------------------------------------------------------------------------------
>
>                 Key: ELY-743
>                 URL: https://issues.jboss.org/browse/ELY-743
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Josef Cacek
>            Assignee: Ilia Vassilev
>              Labels: static_analysis
>             Fix For: 1.1.0.Beta16
>
>
> Coverity static-analysis scan found 3 possible calls on null objects in {{ServerAuthenticationContext}} class.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541382&mergedDefectId=1369286
> In {​{ServerAuthenticationContext.AuthorizedState.​isSamePrincipal(Principal)}} - Return value of function which returns null is dereferenced without checking.
> {code}
> 2039    boolean isSamePrincipal(final Principal principal) {
>     
> // 1. returned_null: getName returns null (checked 9 out of 11 times). (The virtual call resolves to org.wildfly.security.auth.server.PrincipalDecoder.<clinit>/<gen>org.wildfly.security.auth.server.PrincipalDecoder_instance_2.getName.) [show details]
>     
> // 2. var_assigned: Assigning: name = null return value from getName.
> 2040        String name = authorizedIdentity.getSecurityDomain().getPrincipalDecoder().getName(principal);
>     
> // CID 1369286 (#1 of 1): Dereference null return value (NULL_RETURNS)3. dereference: Dereferencing a pointer that might be null name when calling isSameName. [show details]
> 2041        return isSameName(name);
> 2042    }
> {code}
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541377&mergedDefectId=1369289
> In {{ServerAuthenticationContext.NameAssignedState.​isSamePrincipal(Principal)}} - the same as the previous one.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760324&defectInstanceId=1541378&mergedDefectId=1369304
> In {{​ServerAuthenticationContext.ANONYMOUS.​handleOne(​Callback[], int)}}
> {code}
> 790    final PasswordCallback passwordCallback = (PasswordCallback) callback;
> 791
>    
> // 8. returned_null: getCredentialAcquireSupport returns null (checked 0 out of 1 times). [show details]
>    
> // CID 1369304 (#1 of 1): Dereference null return value (NULL_RETURNS)9. null_method_call: Calling a method on null object getCredentialAcquireSupport(org.wildfly.security.credential.PasswordCredential.class).
> 792    if (getCredentialAcquireSupport(PasswordCredential.class).mayBeSupported()) {
> {code}
> *Suggested improvement*
> Add null checks.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list