[jboss-jira] [JBoss JIRA] (ELY-1278) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Wed Jul 5 08:57:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev reassigned ELY-1278:
----------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
> Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
> ------------------------------------------------------------------------------------------------
>
> Key: ELY-1278
> URL: https://issues.jboss.org/browse/ELY-1278
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Martin Choma
> Assignee: Ilia Vassilev
> Priority: Critical
>
> Coverity found possible NPE occurense, as according to javadoc for {{SSLSession().getLocalCertificates()}} may return null [1], but {{X500.asX509CertificateArray}} can't consume null parameter and NPE will be thrown in that case.
> {code:java|title=ServerAuthenticationContext.java}
> } else if (callback instanceof SSLCallback) {
> SSLCallback sslCallback = (SSLCallback) callback;
> try {
> peerCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getPeerCertificates());
> } catch (SSLPeerUnverifiedException e) {
> log.trace("Peer unverified", e);
> peerCerts = null;
> }
> serverCerts = X500.asX509CertificateArray(sslCallback.getSslSession().getLocalCertificates());
> handleOne(callbacks, idx + 1);
> }
> {code}
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=26379676&defectInstanceId=5932898&mergedDefectId=1449008
> [1] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSession.html#getLocalCertificates--
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list