[jboss-jira] [JBoss JIRA] (ELY-1278) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
Martin Choma (JIRA)
issues at jboss.org
Mon Jul 3 07:10:01 EDT 2017
Martin Choma created ELY-1278:
---------------------------------
Summary: Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
Key: ELY-1278
URL: https://issues.jboss.org/browse/ELY-1278
Project: WildFly Elytron
Issue Type: Bug
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Coverity found possible NPE occurense, as according to javadoc for {{SSLSession().getLocalCertificates()}} may return null [1], but {{X500.asX509CertificateArray}} can't consume null parameter and NPE will be thrown in that case.
{code:java|title=ServerAuthenticationContext.java}
} else if (callback instanceof SSLCallback) {
SSLCallback sslCallback = (SSLCallback) callback;
try {
peerCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getPeerCertificates());
} catch (SSLPeerUnverifiedException e) {
log.trace("Peer unverified", e);
peerCerts = null;
}
serverCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getLocalCertificates());
handleOne(callbacks, idx + 1);
}
{code}
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=26379676&defectInstanceId=5932898&mergedDefectId=1449008
[1] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSession.html#getLocalCertificates--
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list