[jboss-jira] [JBoss JIRA] (ELY-739) Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)

Ilia Vassilev (JIRA) issues at jboss.org
Fri Feb 17 13:38:00 EST 2017 

     [ https://issues.jboss.org/browse/ELY-739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ilia Vassilev updated ELY-739:
------------------------------
    Fix Version/s: 1.1.0.Beta25


> Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)
> --------------------------------------------------------------------------------------------
>
>                 Key: ELY-739
>                 URL: https://issues.jboss.org/browse/ELY-739
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Josef Cacek
>            Assignee: Ilia Vassilev
>              Labels: static_analysis
>             Fix For: 1.1.0.Beta25
>
>
> Coverity static-analysis scan found 3 possible calls on null objects in {{AbstractDigestMechanism}} class:
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541368&mergedDefectId=1369283
> Method {{wrapConfidentialityProtectedMessage}}
> {code}
> cipheredPart = wrapCipher.update(toCipher);
> // ... cipheredPart may be null
> byte[] result = new byte[cipheredPart.length + 6];
> {code}
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541380&mergedDefectId=1369285
> Method {{createCipher}}
> {code}
> // the getTransformationSpec may be null - look at DefaultTransformationMapper
> ciph = Cipher.getInstance(trans.getTransformationSpec(SaslMechanismInformation.Names.DIGEST_MD5, cipher).getTransformation());
> {code}
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760450&defectInstanceId=1541367&mergedDefectId=1369297
> Method {{unwrapConfidentialityProtectedMessage}}
> {code}
> clearText = unwrapCipher.update(message, offset, len - 6);
> // the clearText may be null in clearText.length
> System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10);
> {code}
> *Suggested improvement*
> Add null checks.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list