[jboss-jira] [JBoss JIRA] (ELY-741) Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Fri Feb 17 13:33:00 EST 2017
[ https://issues.jboss.org/browse/ELY-741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev updated ELY-741:
------------------------------
Fix Version/s: 1.1.0.Beta16
> Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron)
> ----------------------------------------------------------------------------------------
>
> Key: ELY-741
> URL: https://issues.jboss.org/browse/ELY-741
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Labels: static_analysis
> Fix For: 1.1.0.Beta16
>
>
> Coverity static-analysis scan found 2 possible calls on null objects in {{SSLConfiguratorImpl.getDefaultSSLParameters()}} method.
> Both calls are related to following line:
> {code}
> configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites());
> {code}
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5759887&defectInstanceId=1541383&mergedDefectId=1375370
> The {{getCipherSuites()}} call can return null ({{javax.net.ssl.SSLParameters.getCipherSuites}}) which can propagate to {{CipherSuiteSelector.evaluate()}} call where {{supportedMechanisms.length}} is used without null check.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5759887&defectInstanceId=1541384&mergedDefectId=1375371
> The {{getProtocols()}} call can return null ({{javax.net.ssl.SSLParameters.getProtocols}}) which can propagate to {{ProtocolSelector.evaluate()}} call where {{supportedProtocols}} is used in for loop without null check.
> *Suggested improvement*
> Add null checks.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list